๐บ๐ธ
lostswordfish.com
2026-07-06 19:22:03
(2 hours ago)
Wordfence waf block on madesimpleskincare
Web App Attack
๐น๐ท
ycoskun41
2026-07-06 19:19:16
(2 hours ago)
fail2ban: plesk-modsecurity jail on genckocaeli.com
Web App Attack
Anonymous
2026-07-06 19:11:03
(2 hours ago)
Bot / scanning and/or hacking attempts: POST //xmlrpc.php HTTP/1.1, GET //?author=2 HTTP/1.1, GET // ...
show more
Bot / scanning and/or hacking attempts: POST //xmlrpc.php HTTP/1.1, GET //?author=2 HTTP/1.1, GET //wp-login.php HTTP/1.1, GET //wp-includes/wlwmanifest.xml HTTP/1.1
show less
Hacking
Web App Attack
๐ฌ๐ง
BRHosting
2026-07-06 19:10:02
(2 hours ago)
Wordpress brute force attack for login credentials (eg xmlrc.php or wp-login.php)
Brute-Force
Web App Attack
๐บ๐ธ
fazar
2026-07-06 17:08:52
(4 hours ago)
crowdsecurity/http-admin-interface-probing on node: us01
Web App Attack
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-06 17:07:31
(4 hours ago)
(mod_security) mod_security (id:225170) triggered by 192.109.139.2 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 192.109.139.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 13:07:24.141466 2026] [security2:error] [pid 11122:tid 11122] [client 192.109.139.2:62327] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.blacktieokc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.blacktieokc.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akvgzCxEWoA7NI3ulbIN3gAAADI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-06 16:44:39
(5 hours ago)
192.109.139.2 - - [06/Jul/2026:18:44:37 +0200] "GET / HTTP/1.1" 403 12583 "-" "Mozilla/5.0 (Windows ...
show more
192.109.139.2 - - [06/Jul/2026:18:44:37 +0200] "GET / HTTP/1.1" 403 12583 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
192.109.139.2 - - [06/Jul/2026:18:44:37 +0200] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 403 12583 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
192.109.139.2 - - [06/Jul/2026:18:44:37 +0200] "GET //xmlrpc.php?rsd HTTP/1.1" 403 12583 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
192.109.139.2 - - [06/Jul/2026:18:44:37 +0200] "GET / HTTP/1.1" 403 12583 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
192.109.139.2 - - [06/Jul/2026:18:44:37 +0200] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 403 12583 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
...
show less
Bad Web Bot
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-07-06 16:44:12
(5 hours ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1247
Exploited Host
Web App Attack
๐ฎ๐ฉ
soc-yk
2026-07-06 16:42:12
(5 hours ago)
Type: credential_attack
Risk: 100
Events: 102
Evidence:
- Repeated authentication attack activity d ...
show more
Type: credential_attack
Risk: 100
Events: 102
Evidence:
- Repeated authentication attack activity detected
- Credential abuse behavior observed
- Multi-event operational persistence identified
- Threat escalation behavior observed
show less
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-07-06 16:26:10
(5 hours ago)
(mod_security) mod_security (id:225170) triggered by 192.109.139.2 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 192.109.139.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 12:26:07.060159 2026] [security2:error] [pid 7083:tid 7083] [client 192.109.139.2:51438] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.indiahouseportland.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.indiahouseportland.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akvXH8P6CuYOt1t3jWmS6QAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
cmbplf
2026-07-06 15:59:24
(6 hours ago)
10.532 requests in 1 hour (2mos2w4d)
Brute-Force
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-06 15:50:37
(6 hours ago)
(mod_security) mod_security (id:225170) triggered by 192.109.139.2 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 192.109.139.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 11:50:32.147610 2026] [security2:error] [pid 17010:tid 17053] [client 192.109.139.2:60998] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||culturallyyours.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "culturallyyours.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "akvOyB6xmsH6fPolFLp0VAAAAIk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐ฑ
Dolphi
2026-07-06 15:50:03
(6 hours ago)
POST //xmlrpc.php
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 15:29:31
(6 hours ago)
(mod_security) mod_security (id:225170) triggered by 192.109.139.2 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 192.109.139.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 11:29:25.002421 2026] [security2:error] [pid 19624:tid 19624] [client 192.109.139.2:57183] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.brexitop.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.brexitop.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akvJ1JaJOjLGDQguyWObuAAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐ช
Jim Keir
2026-07-06 15:18:54
(6 hours ago)
2026-07-06 15:18:54 192.109.139.2 File scanning, blocking 192.109.139.2 for 5 minutes
Web App Attack