๐ฉ๐ช
Vegascosmetics
2026-06-29 12:37:26
(4 days ago)
(Kingcopy.org-AI-IDS-Report):IP automatically blocked after obfuscated redirect. Vegas Security
DDoS Attack
Hacking
Exploited Host
๐บ๐ธ
Jason Howell
2026-06-25 18:46:15
(1 week ago)
37.40.225.211 - - [25/Jun/2026:13:37:43 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4738 "-" "Jetpack/13. ...
show more
37.40.225.211 - - [25/Jun/2026:13:37:43 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4738 "-" "Jetpack/13.0; WordPress/6.2; http://site70358406.com"
37.40.225.211 - - [25/Jun/2026:13:39:50 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4739 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.2)"
37.40.225.211 - - [25/Jun/2026:13:41:59 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4740 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.4)"
37.40.225.211 - - [25/Jun/2026:13:44:07 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4739 "-" "Jetpack/12.0; WordPress/6.2; http://site64857920.com"
37.40.225.211 - - [25/Jun/2026:13:46:15 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4739 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 16:32:31
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 37.40.225.211 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 37.40.225.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 12:32:28.891114 2026] [security2:error] [pid 32524:tid 32531] [client 37.40.225.211:18346] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.40.225.211 (+1 hits since last alert)|tkfay.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tkfay.com"] [uri "/xmlrpc.php"] [unique_id "aj1YHEJwguqnXa6FZp5R_wAAAQQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 14:01:23
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 37.40.225.211 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 37.40.225.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 10:01:19.691924 2026] [security2:error] [pid 31082:tid 31082] [client 37.40.225.211:18471] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.40.225.211 (+1 hits since last alert)|lspfest.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lspfest.com"] [uri "/xmlrpc.php"] [unique_id "aj00r6KdjyzxIIUdKtWYOwAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 08:55:32
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 37.40.225.211 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 37.40.225.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 04:55:25.169277 2026] [security2:error] [pid 23491:tid 23491] [client 37.40.225.211:18475] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.40.225.211 (+1 hits since last alert)|cliniquecavalancia.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cliniquecavalancia.com"] [uri "/xmlrpc.php"] [unique_id "ajzs_c_NHv7ZFnet18x3eAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 07:54:30
(1 week ago)
(mod_security) mod_security (id:240335) triggered by 37.40.225.211 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 37.40.225.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 03:54:26.906940 2026] [security2:error] [pid 11252:tid 11252] [client 37.40.225.211:18821] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.40.225.211 (+1 hits since last alert)|hotpay.co|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "hotpay.co"] [uri "/xmlrpc.php"] [unique_id "ajzesk-GNmuQR1woED0AIgAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฑ๐ป
garmtech.com
2026-06-25 06:14:43
(1 week ago)
IM360 WAF: Rate limit exceeded for XMLRPC DoS (fault code)
Web App Attack
๐ฆ๐บ
MAGIC
2026-05-29 00:05:09
(1 month ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
๐ฉ๐ช
EGP Abuse Dept
2026-04-29 09:50:04
(2 months ago)
Scraping webshop URLs (www.stroomaanboord.nl), likely botnet drone
Bad Web Bot
Exploited Host
๐ฉ๐ช
HandyTreff.de
2026-04-07 23:36:26
(2 months ago)
Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -53.996 (Bad < -10 / Very Bad < -20 ...
show more
Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -53.996 (Bad < -10 / Very Bad < -20 / Extreme < -35) | UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Sa
show less
Web App Attack
Bad Web Bot
๐จ๐ญ
backslash
2026-01-28 12:00:15
(5 months ago)
block ruleset 6B63410D189E6343B910F7440B8499558BEC52EB
Bad Web Bot
Anonymous
2025-11-25 08:43:38
(7 months ago)
scanning http requests from known botnet
Web App Attack
๐บ๐ธ
octageeks.com
2024-07-28 04:07:49
(1 year ago)
Wordpress malicious attack:[octa404]
Web App Attack
๐บ๐ธ
octageeks.com
2024-07-26 04:07:46
(1 year ago)
Wordpress malicious attack:[octa404]
Web App Attack
๐บ๐ธ
octageeks.com
2024-07-25 04:07:45
(1 year ago)
Wordpress malicious attack:[octa404]
Web App Attack