๐ซ๐ท
SpaceHost-Server
2026-06-29 22:40:18
(1 week ago)
Brute-Force
Web App Attack
Anonymous
2026-06-29 13:34:58
(1 week ago)
Probing for known exploit paths (.env, .git, wp-admin, shell files, etc.). Single-strike ban policy ...
show more
Probing for known exploit paths (.env, .git, wp-admin, shell files, etc.). Single-strike ban policy โ zero tolerance for exploit scanning. Banned Jun 29, 13:34 UTC. Origin: Belgium, Brussels.
show less
Hacking
Bad Web Bot
Web App Attack
๐ท๐บ
DZBOT
2026-06-29 13:30:59
(1 week ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐ฉ๐ช
ger-stg-sifi1
2026-06-29 13:30:10
(1 week ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-06-29 13:29:30
(1 week ago)
35.240.108.33 - - [29/Jun/2026:15:29:29 +0200] "POST //xmlrpc.php HTTP/1.1" 200 6363 "-" "Mozilla/5. ...
show more
35.240.108.33 - - [29/Jun/2026:15:29:29 +0200] "POST //xmlrpc.php HTTP/1.1" 200 6363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.240.108.33 - - [29/Jun/2026:15:29:29 +0200] "POST //xmlrpc.php HTTP/1.1" 200 6413 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.240.108.33 - - [29/Jun/2026:15:29:29 +0200] "POST //xmlrpc.php HTTP/1.1" 200 6363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
show less
Hacking
Web App Attack
๐ฉ๐ช
DocNetzwerk
2026-06-29 13:24:09
(1 week ago)
(wordpress) Failed wordpress login from 35.240.108.33 (BE/Belgium/33.108.240.35.bc.googleusercontent ...
show more
(wordpress) Failed wordpress login from 35.240.108.33 (BE/Belgium/33.108.240.35.bc.googleusercontent.com)
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-29 13:19:22
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 35.240.108.33 (33.108.240.35.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 35.240.108.33 (33.108.240.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 09:19:15.363445 2026] [security2:error] [pid 15134:tid 15134] [client 35.240.108.33:54380] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.flatchestedmama.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.flatchestedmama.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akJw0-1_gOX46Am3xIwqGgAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ญ
Origon
2026-06-29 13:13:18
(1 week ago)
http-probing - IP: 35.240.108.33 - time="2026-06-29T15:13:17+02:00" level=info msg="(555f66b4f6a745 ...
show more
http-probing - IP: 35.240.108.33 - time="2026-06-29T15:13:17+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-probing by ip 35.240.108.33 (BE/396982) : 4h ban on Ip 35.240.108.33" module=db
show less
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-06-29 13:08:16
(1 week ago)
35.240.108.33 - - [29/Jun/2026:15:08:15 +0200] "POST //xmlrpc.php HTTP/1.1" 200 6356 "-" "Mozilla/5. ...
show more
35.240.108.33 - - [29/Jun/2026:15:08:15 +0200] "POST //xmlrpc.php HTTP/1.1" 200 6356 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.240.108.33 - - [29/Jun/2026:15:08:15 +0200] "POST //xmlrpc.php HTTP/1.1" 200 6356 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.240.108.33 - - [29/Jun/2026:15:08:15 +0200] "POST //xmlrpc.php HTTP/1.1" 200 6356 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
show less
Hacking
Web App Attack
๐ซ๐ท
largo-it.net
2026-06-29 13:07:38
(1 week ago)
Jun 29 15:07:36 vps-9f3cdc33 haproxy[1009799]: 35.240.108.33:60684 [29/Jun/2026:15:07:36.593] www_fr ...
show more
Jun 29 15:07:36 vps-9f3cdc33 haproxy[1009799]: 35.240.108.33:60684 [29/Jun/2026:15:07:36.593] www_frontend~ finance_cluster/finance1_test1_https 0/0/10/56/66 404 3252 - - ---- 81/16/0/0/0 0/0 "GET //wp-includes/ID3/license.txt HTTP/1.1"
Jun 29 15:07:36 vps-9f3cdc33 haproxy[1009799]: 35.240.108.33:60684 [29/Jun/2026:15:07:36.659] www_frontend~ finance_cluster/finance1_test1_https 142/0/11/44/197 404 3151 - - ---- 81/16/0/0/0 0/0 "GET //feed/ HTTP/1.1"
Jun 29 15:07:36 vps-9f3cdc33 haproxy[1009799]: 35.240.108.33:60684 [29/Jun/2026:15:07:36.857] www_frontend~ finance_cluster/finance1_test1_https 12/0/10/44/66 404 3151 - - ---- 80/15/0/0/0 0/0 "GET //xmlrpc.php?rsd HTTP/1.1"
Jun 29 15:07:37 vps-9f3cdc33 haproxy[1009799]: 35.240.108.33:60684 [29/Jun/2026:15:07:36.923] www_frontend~ finance_cluster/finance1_test1_https 13/0/11/67/91 404 3151 - - ---- 80/15/0/0/0 0/0 "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1"
Jun 29 15:07:37 vps-9f3cdc33 haproxy[1009799]: 35.240.108.33:60684 [29/Jun/20
...
show less
Hacking
Bad Web Bot
Web App Attack
๐ฉ๐ช
macrob
2026-06-29 13:07:24
(1 week ago)
2026/06/29 13:07:22 [error] 439112#439112: *338499319 access forbidden by rule, client: 35.240.108.3 ...
show more
2026/06/29 13:07:22 [error] 439112#439112: *338499319 access forbidden by rule, client: 35.240.108.33, server: finami.es, request: "GET //wp-includes/ID3/license.txt HTTP/2.0", host: "finami.es"
2026/06/29 13:07:23 [error] 439113#439113: *338499326 access forbidden by rule, client: 35.240.108.33, server: finami.es, request: "GET //xmlrpc.php?rsd HTTP/2.0", host: "finami.es"
2026/06/29 13:07:23 [error] 439111#439111: *338498415 access forbidden by rule, client: 35.240.108.33, server: finami.es, request: "GET //blog/wp-includes/wlwmanifest.xml HTTP/2.0", host: "finami.es"
...
show less
Web App Attack
๐จ๐ญ
backslash
2026-06-29 13:03:03
(1 week ago)
block ruleset 3D3AFA921A373ECE19B6BA285C2D722163304638
Bad Web Bot
๐ช๐ธ
pipeline.es
2026-06-29 13:00:49
(1 week ago)
Web scanning / probing for vulnerable paths | URL: /wp-includes/id3/license.txt/cms/wp-includes/wlwm ...
show more
Web scanning / probing for vulnerable paths | URL: /wp-includes/id3/license.txt/cms/wp-includes/wlwmanifest.xml | Evidence: www.fetave.es 35.240.108.33 - - [29/Jun/2026:14:58:49 +0200] \"GET /wp-includes/id3/license.txt/cms/wp-includes/wlwmanifest.xml HTTP/1.1\" 404 13349 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36\" GEOIP_COUNTRY_CODE=BE | ASN: GOOGLE-CLOUD-PLATFORM | Country: BE
show less
Port Scan
Web App Attack
๐ฎ๐น
VHosting
2026-06-29 13:00:09
(1 week ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 12:59:19
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 35.240.108.33 (33.108.240.35.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 35.240.108.33 (33.108.240.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 08:59:11.900457 2026] [security2:error] [pid 10579:tid 10579] [client 35.240.108.33:64329] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.fetchamreadingroom.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.fetchamreadingroom.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "akJsHzHcw3nZzliZSxNnAAAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack