๐น๐ท
Threat.live
2026-06-30 21:55:03
(9 hours ago)
Threat.live: Web Scan
Web App Attack
๐ซ๐ฎ
iamxorum
2026-06-30 20:59:37
(10 hours ago)
2026-06-30T20:59:36.383863+00:00 XRM-01 kernel: [HONEYPORT] IN=eth0 OUT= MAC=92:00:06:e6:da:95:d2:74 ...
show more
2026-06-30T20:59:36.383863+00:00 XRM-01 kernel: [HONEYPORT] IN=eth0 OUT= MAC=92:00:06:e6:da:95:d2:74:7f:6e:37:e3:08:00 SRC=20.49.61.48 DST=46.62.222.43 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=9976 DF PROTO=TCP SPT=15424 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0
...
show less
Port Scan
๐ฉ๐ช
psauxit
2026-06-30 20:39:35
(10 hours ago)
Fail2Ban - UFW port probing on unauthorized port
Port Scan
๐ฌ๐ง
sonot
2026-06-30 19:56:11
(11 hours ago)
Blocked by UFW on tunneluk01 [8501/tcp] | SPT: 15424 | TTL: 46 | LEN: 60 | TOS: 0x00 โข Reported by: ...
show more
Blocked by UFW on tunneluk01 [8501/tcp] | SPT: 15424 | TTL: 46 | LEN: 60 | TOS: 0x00 โข Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
๐ฆ๐น
neo72
2026-06-25 06:39:52
(6 days ago)
Detected malicious activity - bulk block
Brute-Force
Web App Attack
๐ง๐ช
cmbplf
2026-06-25 03:29:53
(6 days ago)
8.013 requests with url.path */xmlrpc.php
Brute-Force
Bad Web Bot
๐ฉ๐ช
SCHAPPY
2026-06-25 02:07:40
(6 days ago)
Multiple attempts to attack Wordpress XMLRPC detected: access blocked.
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 01:47:26
(6 days ago)
(mod_security) mod_security (id:225170) triggered by 20.49.61.48 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:225170) triggered by 20.49.61.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 21:47:19.454057 2026] [security2:error] [pid 3972:tid 3972] [client 20.49.61.48:30380] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||engelhardtkraatz.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "engelhardtkraatz.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ajyIp_CVxz0cYNBQ_VwwYgAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-06-25 01:40:08
(6 days ago)
(xmlrpc) Apache: Failed xmlrpc access from 20.49.61.48 (US/United States/-): 10 in the last 3600 sec ...
show more
(xmlrpc) Apache: Failed xmlrpc access from 20.49.61.48 (US/United States/-): 10 in the last 3600 secs (0-201)
show less
Hacking
๐ท๐ด
SpamStopper
2026-06-25 01:20:35
(6 days ago)
Fail2Ban - WordPress\(Anomis\) Looking for CMS/PHP/SQL vulnerabilities and hacked web hosts servers
Hacking
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-06-25 01:08:38
(6 days ago)
(modsec_5015) ModSec 5015: Suspicious User-Agent from 20.49.61.48 (US/United States/-): 1 in the las ...
show more
(modsec_5015) ModSec 5015: Suspicious User-Agent from 20.49.61.48 (US/United States/-): 1 in the last 3600 secs (0-195)
show less
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-25 00:57:59
(6 days ago)
(mod_security) mod_security (id:225170) triggered by 20.49.61.48 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:225170) triggered by 20.49.61.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 20:57:54.172794 2026] [security2:error] [pid 29568:tid 29568] [client 20.49.61.48:30952] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||northfultonneurology.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "northfultonneurology.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ajx9EszFZmX1u8iBqrH1PwAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 00:38:47
(6 days ago)
(mod_security) mod_security (id:225170) triggered by 20.49.61.48 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:225170) triggered by 20.49.61.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 20:38:42.752516 2026] [security2:error] [pid 17699:tid 17699] [client 20.49.61.48:30862] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||sprek.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "sprek.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "ajx4ksllFCBCoVJ-3vPUIgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
stinpriza
2026-06-25 00:26:14
(6 days ago)
Web App Attack
Web App Attack
๐บ๐ธ
ArturShelby
2026-06-25 00:23:15
(6 days ago)
Honeypot triggered: /wp-json/wp/v2/users/
Web App Attack