Anonymous
2026-07-01 22:32:29
(2 days ago)
Unauthorized connection attempt
Port Scan
Hacking
Exploited Host
Anonymous
2026-07-01 21:34:47
(2 days ago)
Port scan on port 57270/UDP to unused IP
Port Scan
Anonymous
2026-06-17 05:30:53
(2 weeks ago)
Large-scale coordinated botnet (200+k IPs). Attacker: mikhail-smirnov-79830323 (LinkedIn/profile ID) ...
show more
Large-scale coordinated botnet (200+k IPs). Attacker: mikhail-smirnov-79830323 (LinkedIn/profile ID) employed by Angara Technologies Group (Explicitly identified himself as enemy a week before attack began) | Attack Signature Blocked: /wishlist/index/add/product/228/form_key/2gPSAW70mbmlC7ol/ | UA: Mozilla/5.0 (X11; Linux i686; rv:1.9.7.20) Gecko/4394-08-03 10:05:49.004471 Firefox/3.6.18 | (Magento Site)
show less
Hacking
Bad Web Bot
Web App Attack
๐ฆ๐บ
prologic
2026-06-13 21:18:41
(2 weeks ago)
Distributed application-layer DoS against git.mills.io (self-hosted Gitea). High-volume automated re ...
show more
Distributed application-layer DoS against git.mills.io (self-hosted Gitea). High-volume automated requests to expensive Git repository endpoints (commit/diff/blame/archive views), ~1 request per IP, spoofed browser UA, rejected with HTTP 429. Residential-proxy botnet campaign, 2026-06-13/14 UTC.
show less
DDoS Attack
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-04 10:35:16
(4 weeks ago)
(mod_security) mod_security (id:240335) triggered by 217.150.82.129 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 217.150.82.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 06:35:09.794682 2026] [security2:error] [pid 19597:tid 19597] [client 217.150.82.129:57569] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.150.82.129 (+1 hits since last alert)|drgtek.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "drgtek.com"] [uri "/xmlrpc.php"] [unique_id "aiFU3TnVDOSzjy30Hxeq0QAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-04 07:38:25
(4 weeks ago)
(mod_security) mod_security (id:240335) triggered by 217.150.82.129 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 217.150.82.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 03:38:21.524364 2026] [security2:error] [pid 4816:tid 4816] [client 217.150.82.129:54625] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.150.82.129 (+1 hits since last alert)|aaattanasio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "aaattanasio.com"] [uri "/xmlrpc.php"] [unique_id "aiErbdfikgExXj3OktVY5QAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
SMARTNET
2026-05-27 06:03:53
(1 month ago)
Aisuru(Mirai variant) DDoS | Incident ID: 22ada211-5b5c-463a-b46f-60fd11dc639d
DDoS Attack
Anonymous
2026-05-26 07:40:45
(1 month ago)
Attac
Brute-Force
๐บ๐ธ
Jason Howell
2026-05-26 07:06:56
(1 month ago)
217.150.82.129 - - [26/May/2026:02:05:50 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3204 "-" "Jetpack by ...
show more
217.150.82.129 - - [26/May/2026:02:05:50 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3204 "-" "Jetpack by WordPress.com"
217.150.82.129 - - [26/May/2026:02:06:06 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3203 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)"
217.150.82.129 - - [26/May/2026:02:06:11 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3204 "-" "WordPress.com; https://wordpress.com"
217.150.82.129 - - [26/May/2026:02:06:33 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3205 "-" "Jetpack by WordPress.com"
217.150.82.129 - - [26/May/2026:02:06:55 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3204 "-" "Jetpack by WordPress.com"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-20 06:56:47
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 217.150.82.129 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 217.150.82.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 02:56:40.331612 2026] [security2:error] [pid 4639:tid 4639] [client 217.150.82.129:50032] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.150.82.129 (+1 hits since last alert)|ssion.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ssion.com"] [uri "/xmlrpc.php"] [unique_id "ag1bKNRNLDues1xrNhR8UQAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-11 10:30:32
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 217.150.82.129 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 217.150.82.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 06:30:25.593026 2026] [security2:error] [pid 8455:tid 8455] [client 217.150.82.129:49946] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 217.150.82.129 (+1 hits since last alert)|cmcnow.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cmcnow.net"] [uri "/xmlrpc.php"] [unique_id "agGvwekmUh62KSXkmJsqFgAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
applemooz
2026-04-28 08:41:38
(2 months ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
๐บ๐ธ
bigwavedave
2026-04-18 06:19:38
(2 months ago)
Wordpress Attack
Web App Attack
Anonymous
2026-02-27 13:26:59
(4 months ago)
[27/Feb/2026:13:26:59 +0000] - 406 406 - GET https secnews.physaphae.fr "/index.php?IdFeed=145%29aND ...
show more
[27/Feb/2026:13:26:59 +0000] - 406 406 - GET https secnews.physaphae.fr "/index.php?IdFeed=145%29aND%2F%2A%2A%2F5275%3DcaST%28%2527~%2527%7C%7C%28SeleCT%2F%2A%2A%2F%28CAsE%2F%2A%2A%2FWhen%2F%2A%2A%2F%285275%3D5275%29%2F%2A%2A%2FTHen%2F%2A%2A%2F1%2F%2A%2A%2FELse%2F%2A%2A%2F0%2F%2A%2A%2FEnd%29%29%3A%3ATexT%7C%7C%2527~%2527%2F%2A%2A%2FAs%2F%2A%2A%2FnUmEric%29--+-" [Client 217.150.82.129] [Length 98851] [Gzip -] [Sent-to 192.168.1.192] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" "-"
...
show less
SQL Injection
๐บ๐ธ
TPI-Abuse
2026-02-23 16:52:14
(4 months ago)
(mod_security) mod_security (id:210381) triggered by 217.150.82.129 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210381) triggered by 217.150.82.129 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 23 11:52:10.839374 2026] [security2:error] [pid 30595:tid 30643] [client 217.150.82.129:45786] ModSecurity: Access denied with code 403 (phase 2). Invalid URL Encoding: Non-hexadecimal digits used at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "82"] [id "210381"] [rev "6"] [msg "COMODO WAF: URL Encoding Abuse Attack Attempt||www.mentzlaw.com|F|4"] [data "REQUEST_URI=/louisianadefectiveproductlawyer/%url%"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.mentzlaw.com"] [uri "/louisianadefectiveproductlawyer/%url%"] [unique_id "aZyFuj_FDTRdPd2WsgW8_gAAAYg"]
show less
Brute-Force
Bad Web Bot
Web App Attack