Anonymous
2026-06-28 20:24:34
(3 days ago)
"GET //wp-includes/ID3/license.txt HTTP/1.1"
Hacking
Web App Attack
π³π±
lns.bz
2026-06-28 14:44:58
(3 days ago)
Too many 404 requests [DOPP]
Web App Attack
π©πͺ
mravb
2026-06-28 14:44:42
(3 days ago)
35.204.14.108 - - [28/Jun/2026:17:44:41 +0300] "GET //xmlrpc.php?rsd HTTP/1.1" 404 7818 "-" "Mozilla ...
show more
35.204.14.108 - - [28/Jun/2026:17:44:41 +0300] "GET //xmlrpc.php?rsd HTTP/1.1" 404 7818 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
...
show less
Web App Attack
Hacking
π¨πΏ
huginet
2026-06-28 14:44:03
(3 days ago)
35.204.14.108 - - [28/Jun/2026:16:44:02 +0200] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 196 ...
show more
35.204.14.108 - - [28/Jun/2026:16:44:02 +0200] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.204.14.108 - - [28/Jun/2026:16:44:02 +0200] "GET //feed/ HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
...
show less
Web Spam
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-28 14:42:39
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 35.204.14.108 (108.14.204.35.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 35.204.14.108 (108.14.204.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 10:42:33.395659 2026] [security2:error] [pid 2823:tid 2823] [client 35.204.14.108:63591] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.portlunchgroup.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.portlunchgroup.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akEy2f12Gg6tV9hRamihTwAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
daveoctober
2026-06-28 14:36:58
(3 days ago)
October Sentinel: honeypot triggered
Bad Web Bot
Web App Attack
Anonymous
2026-06-28 14:32:12
(3 days ago)
Bot / seems abusive / Apache connections: 62
DDoS Attack
Web Spam
Bad Web Bot
Web App Attack
π§πͺ
cmbplf
2026-06-28 14:27:05
(3 days ago)
16.180 requests with url.path */xmlrpc.php
16.060 requests with url.path //xmlrpc.php
Brute-Force
Bad Web Bot
Anonymous
2026-06-28 14:19:39
(3 days ago)
[redacted] 35.204.14.108 - - [28/Jun/2026:16:19:32 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "M ...
show more
[redacted] 35.204.14.108 - - [28/Jun/2026:16:19:32 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
[redacted] 35.204.14.108 - - [28/Jun/2026:16:19:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
[redacted] 35.204.14.108 - - [28/Jun/2026:16:19:34 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
[redacted] 35.204.14.108 - - [28/Jun/2026:16:19:34 +0200] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
[redacted] 35.204.14.108 - - [28/Jun/2026:16:19:35 +0200] "PO
...
show less
Hacking
Web App Attack
Anonymous
2026-06-28 14:19:31
(3 days ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
π΅π±
TaKeN
2026-06-28 14:14:35
(3 days ago)
Automated Wazuh local observation. Wazuh rule 31151 lvl=10 detected repeated HTTP web application pr ...
show more
Automated Wazuh local observation. Wazuh rule 31151 lvl=10 detected repeated HTTP web application probing from this source IP. Observed 2 matching blocked event(s) between 2026-06-28T16:14:35+02:00 and 2026-06-28T16:14:35+02:00. Sample requested paths: //site/wp-includes/wlwmanifest.xml, //test/wp-includes/wlwmanifest.xml.
show less
Web App Attack
Hacking
πΊπ¦
Olexiy Backend
2026-06-28 14:09:08
(3 days ago)
35.204.14.108
...
Bad Web Bot
Web App Attack
πΊπ¦
URAN Publishing Service
2026-06-28 14:07:51
(3 days ago)
35.204.14.108 - - [28/Jun/2026:17:07:51 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 " ...
show more
35.204.14.108 - - [28/Jun/2026:17:07:51 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.204.14.108 - - [28/Jun/2026:17:07:51 +0300] "GET /xmlrpc.php?rsd HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
...
show less
Web App Attack
π©πͺ
Blexyel
2026-06-28 14:04:15
(3 days ago)
35.204.14.108 - - [28/Jun/2026:16:04:15 +0200] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 ...
show more
35.204.14.108 - - [28/Jun/2026:16:04:15 +0200] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" "stream.pingusmc.org"
...
show less
Brute-Force
Web App Attack
π©πͺ
LRob.fr
2026-06-28 14:00:03
(3 days ago)
Repeated 404 errors, blocked by Fail2ban in custom-404 jail
Bad Web Bot