๐บ๐ธ
TPI-Abuse
2026-07-15 10:21:37
(10 hours ago)
(mod_security) mod_security (id:240335) triggered by 37.40.239.97 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 37.40.239.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 06:21:30.577281 2026] [security2:error] [pid 5308:tid 5308] [client 37.40.239.97:55370] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.40.239.97 (+1 hits since last alert)|semisysteme.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "semisysteme.com"] [uri "/xmlrpc.php"] [unique_id "aldfKvfzTmt4nXrTS3ihCAAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
applemooz
2026-07-14 11:13:37
(1 day ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 10:53:31
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 37.40.239.97 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 37.40.239.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 06:53:25.098456 2026] [security2:error] [pid 3930:tid 3930] [client 37.40.239.97:55391] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.40.239.97 (+1 hits since last alert)|mavikalem.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mavikalem.org"] [uri "/xmlrpc.php"] [unique_id "alYVJaza6PMiAxAh8ZwDFwAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ghostwarriors
2026-07-14 10:50:42
(1 day ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-14 10:45:43
(1 day ago)
Fail2Ban: WordPress XML-RPC brute-force attack detected.
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 10:11:26
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 37.40.239.97 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 37.40.239.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 06:11:22.788698 2026] [security2:error] [pid 18259:tid 18363] [client 37.40.239.97:55620] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 37.40.239.97 (+1 hits since last alert)|davidholls.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "davidholls.com"] [uri "/xmlrpc.php"] [unique_id "alYLStIA72LYHV407i-VGgAAAVE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-14 10:06:42
(1 day ago)
37.40.239.97 - - [14/Jul/2026:06:03:29 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5489 "-" "WordPress.co ...
show more
37.40.239.97 - - [14/Jul/2026:06:03:29 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5489 "-" "WordPress.com; https://wordpress.com"
37.40.239.97 - - [14/Jul/2026:06:03:40 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5489 "-" "WordPress.com; https://wordpress.com"
37.40.239.97 - - [14/Jul/2026:06:04:43 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5489 "-" "WordPress.com; https://wordpress.com"
37.40.239.97 - - [14/Jul/2026:06:04:54 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5489 "-" "WordPress.com; https://wordpress.com"
37.40.239.97 - - [14/Jul/2026:06:06:41 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5489 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-14 07:18:27
(1 day ago)
37.40.239.97 - - [14/Jul/2026:03:17:33 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5489 "-" "WordPress.co ...
show more
37.40.239.97 - - [14/Jul/2026:03:17:33 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5489 "-" "WordPress.com; https://wordpress.com"
37.40.239.97 - - [14/Jul/2026:03:17:55 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5489 "-" "WordPress.com; https://wordpress.com"
37.40.239.97 - - [14/Jul/2026:03:18:05 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5489 "-" "WordPress.com; https://wordpress.com"
37.40.239.97 - - [14/Jul/2026:03:18:16 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5489 "-" "WordPress.com; https://wordpress.com"
37.40.239.97 - - [14/Jul/2026:03:18:27 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5489 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
Anonymous
2026-07-14 06:24:50
(1 day ago)
(wordpress) Failed wordpress login from 37.40.239.97 (OM/Oman/-)
Brute-Force
๐จ๐ฆ
polycoda
2026-01-24 14:38:26
(5 months ago)
๐ฅถ Part of massive botnet scraping campaign that nearly turned into a DDoS on 2025-11-27
DDoS Attack
๐บ๐ธ
TPI-Abuse
2025-12-25 12:02:18
(6 months ago)
(mod_security) mod_security (id:210730) triggered by 37.40.239.97 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 37.40.239.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 25 07:02:13.668668 2025] [security2:error] [pid 8405:tid 8405] [client 37.40.239.97:57684] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.jimpharris.com|F|2"] [data ".kitsapbusinessjournal.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.jimpharris.com"] [uri "/Nav.aspx/Page=Http:/www.kitsapbusinessjournal.com"] [unique_id "aU0nxYTots7O6SlXrvAPGQAAAAw"], referer: http://www.jimpharris.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-10 14:52:11
(7 months ago)
"Participant in large-scale DDoS Attack in which data injection was attmpted to gain unauthorized ac ...
show more
"Participant in large-scale DDoS Attack in which data injection was attmpted to gain unauthorized access"
show less
DDoS Attack
SQL Injection
Exploited Host
Anonymous
2025-11-22 15:48:09
(7 months ago)
scanning http requests from known botnet
Web App Attack
๐ณ๐ฑ
exxos
2025-08-27 18:03:01
(10 months ago)
Attacks with Bad user agents
Hacking
๐ช๐ธ
Global Cyber Police
2025-07-27 17:32:10
(11 months ago)
Malicious bot activity detected: Hitting honeypot page (200 OK with 258/259 bytes sent).
Port Scan
Brute-Force
Web App Attack