Anonymous
2026-07-17 01:17:26
(9 hours ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
๐บ๐ธ
cwytech
2026-07-17 00:20:15
(10 hours ago)
Fleet-wide ban from the Ghostfleet ๐ป. Triggered by scenario: cwy/wp-us-login-only-high.
Bad Web Bot
Web App Attack
๐ฉ๐ช
Hazzard
2026-07-17 00:13:52
(10 hours ago)
(wordpress) Failed wordpress login from 203.148.85.30 (ID/Indonesia/-/-/-/[redacted]): (CF_ENABLE)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-16 22:23:32
(12 hours ago)
(mod_security) mod_security (id:225170) triggered by 203.148.85.30 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 203.148.85.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 18:23:23.173708 2026] [security2:error] [pid 3423:tid 3423] [client 203.148.85.30:50057] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||brbcash.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "brbcash.com"] [uri "/wp-json/wp/v2/users"] [unique_id "allZ27LG7LuxZ1tsxQDXNwAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 19:50:56
(14 hours ago)
(mod_security) mod_security (id:225170) triggered by 203.148.85.30 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 203.148.85.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 15:50:50.754195 2026] [security2:error] [pid 12382:tid 12382] [client 203.148.85.30:54094] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||abcollie.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "abcollie.com"] [uri "/wp-json/wp/v2/users"] [unique_id "alk2Gu8taRAtE2CkoVMMMQAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-16 19:49:37
(14 hours ago)
203.148.85.30 - - [16/Jul/2026:21:49:36 +0200] "POST /xmlrpc.php HTTP/1.1" 402 4832 "-" "Mozilla/5.0 ...
show more
203.148.85.30 - - [16/Jul/2026:21:49:36 +0200] "POST /xmlrpc.php HTTP/1.1" 402 4832 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86) AppleWebKit/537.36 (KHTML, like Gecko) Opera/61.0.0.0 Safari/537.36" ...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 17:16:37
(17 hours ago)
(mod_security) mod_security (id:225170) triggered by 203.148.85.30 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 203.148.85.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 13:16:32.294780 2026] [security2:error] [pid 13112:tid 13112] [client 203.148.85.30:64445] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||travelwithjenniferb.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "travelwithjenniferb.com"] [uri "/wp-json/wp/v2/users"] [unique_id "alkR8IvF_YaiXobM0xTkpwAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
gigatech
2026-07-16 14:15:04
(20 hours ago)
Webserver Probing
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-16 10:39:10
(23 hours ago)
203.148.85.30 - - [16/Jul/2026:06:37:31 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5082 "-" "Mozilla/5.0 ...
show more
203.148.85.30 - - [16/Jul/2026:06:37:31 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5082 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86) AppleWebKit/537.36 (KHTML, like Gecko) Safari/11.0.0.0 Safari/537.36"
203.148.85.30 - - [16/Jul/2026:06:37:53 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5082 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x86) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.0.0 Safari/537.36"
203.148.85.30 - - [16/Jul/2026:06:38:16 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5082 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/89.0.0.0 Safari/537.36"
203.148.85.30 - - [16/Jul/2026:06:38:41 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5082 "-" "Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/74.0.0.0 Safari/537.36"
203.148.85.30 - - [16/Jul/2026:06:39:09 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5082 "-" "Mozilla/5.0 (Windows NT 10.0; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/82.0.0.0 Safar
...
show less
Web App Attack
Anonymous
2026-07-16 09:20:37
(1 day ago)
Web attack blocked by Wordfence on cuypersinvalkenburg.nl (1 hit). Reported by CRMON.
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 01:01:45
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 203.148.85.30 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 203.148.85.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 21:01:41.741776 2026] [security2:error] [pid 21925:tid 21925] [client 203.148.85.30:52724] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||shelbysmoak.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "shelbysmoak.com"] [uri "/wp-json/wp/v2/users"] [unique_id "algtdTkijCFIasjFEM-eggAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-15 22:41:45
(1 day ago)
203.148.85.30 - - [15/Jul/2026:18:39:59 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5090 "-" "Mozilla/5.0 ...
show more
203.148.85.30 - - [15/Jul/2026:18:39:59 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5090 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x86) AppleWebKit/537.36 (KHTML, like Gecko) Safari/12.0.0.0 Safari/537.36"
203.148.85.30 - - [15/Jul/2026:18:40:34 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5090 "-" "Mozilla/5.0 (Windows NT 10.0; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/79.0.0.0 Safari/537.36"
203.148.85.30 - - [15/Jul/2026:18:41:03 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5090 "-" "Mozilla/5.0 (Windows NT 6.3; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/91.0.0.0 Safari/537.36"
203.148.85.30 - - [15/Jul/2026:18:41:27 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5090 "-" "Mozilla/5.0 (Windows NT 6.2; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36"
203.148.85.30 - - [15/Jul/2026:18:41:44 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5090 "-" "Mozilla/5.0 (Windows NT 6.3; x86) AppleWebKit/537.36 (KHTML, like Gecko) Safari/10.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐จ๐ญ
4server
2026-07-15 20:28:51
(1 day ago)
[WedJul1522:28:47.0775242026][security2:error][pid728514:tid728671][client203.148.85.30:0]ModSecurit ...
show more
[WedJul1522:28:47.0775242026][security2:error][pid728514:tid728671][client203.148.85.30:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"368\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"mio-ip.ch\"][uri\"/xmlrpc.php\"][unique_id\"alftf20zrnGNAoOba41nUwAAABM\"]
show less
Hacking
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-15 20:06:28
(1 day ago)
203.148.85.30 - - [15/Jul/2026:16:04:55 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5105 "-" "Mozilla/5.0 ...
show more
203.148.85.30 - - [15/Jul/2026:16:04:55 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5105 "-" "Mozilla/5.0 (Windows NT 10.0; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/61.0.0.0 Safari/537.36"
203.148.85.30 - - [15/Jul/2026:16:05:16 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5105 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x86) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/81.0.0.0 Safari/537.36"
203.148.85.30 - - [15/Jul/2026:16:05:41 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5105 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x86) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
203.148.85.30 - - [15/Jul/2026:16:06:05 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5105 "-" "Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/61.0.0.0 Safari/537.36"
203.148.85.30 - - [15/Jul/2026:16:06:27 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5105 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x86) AppleWebKit/537.36 (KHTML, like Gecko) Firefox/86.0.0.0 Safari/537.3
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 11:25:23
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 203.148.85.30 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 203.148.85.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 07:25:19.136081 2026] [security2:error] [pid 13133:tid 13133] [client 203.148.85.30:60634] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||accommodation-perthairport.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "accommodation-perthairport.com"] [uri "/wp-json/wp/v2/users"] [unique_id "alduH1FILjuwRBSoVeQvAAAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack