๐ฉ๐ช
neckaralb-admin.de
2026-07-02 02:45:15
(7 hours ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐ฉ๐ช
Ba-Yu
2026-07-01 12:56:42
(21 hours ago)
WordPress bruteforce
Web Spam
Hacking
Brute-Force
Exploited Host
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-06-30 16:52:34
(1 day ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1247
Exploited Host
Web App Attack
๐บ๐ธ
lostswordfish.com
2026-06-30 09:24:04
(2 days ago)
Wordfence waf block on madesimpleskincare
Web App Attack
๐ฉ๐ช
Hazzard
2026-06-29 22:02:53
(2 days ago)
(wordpress) Failed wordpress login from 41.185.8.66 (ZA/South Africa/-/-/srv68.hostserv.co.za/[redac ...
show more
(wordpress) Failed wordpress login from 41.185.8.66 (ZA/South Africa/-/-/srv68.hostserv.co.za/[redacted]): (CF_ENABLE)
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-29 07:38:58
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 41.185.8.66 (srv68.hostserv.co.za): 1 in the la ...
show more
(mod_security) mod_security (id:225170) triggered by 41.185.8.66 (srv68.hostserv.co.za): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 03:38:52.825576 2026] [security2:error] [pid 21991:tid 21991] [client 41.185.8.66:33272] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||midway-island.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "midway-island.com"] [uri "/wp-json/wp/v2/users/3"] [unique_id "akIhDICm39xDHwI-ZDNNGgAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 05:46:14
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 41.185.8.66 (srv68.hostserv.co.za): 1 in the la ...
show more
(mod_security) mod_security (id:225170) triggered by 41.185.8.66 (srv68.hostserv.co.za): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 01:46:08.995471 2026] [security2:error] [pid 31456:tid 31456] [client 41.185.8.66:48212] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||hydrusdetergents.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "hydrusdetergents.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akIGoDr4CHkJ84pA5VDUogAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-06-28 23:55:45
(3 days ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 21:16:43
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 41.185.8.66 (srv68.hostserv.co.za): 1 in the la ...
show more
(mod_security) mod_security (id:225170) triggered by 41.185.8.66 (srv68.hostserv.co.za): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 17:16:37.375935 2026] [security2:error] [pid 26205:tid 26205] [client 41.185.8.66:44106] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||schwanpaint.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "schwanpaint.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akGPNZRsUY0qjmEcnJVcNwAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 20:05:49
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 41.185.8.66 (srv68.hostserv.co.za): 1 in the la ...
show more
(mod_security) mod_security (id:225170) triggered by 41.185.8.66 (srv68.hostserv.co.za): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 16:05:45.430273 2026] [security2:error] [pid 1825:tid 1825] [client 41.185.8.66:50362] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mccompu.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mccompu.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akF-mW5e3-t4VCRytgUgjgAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 10:20:23
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 41.185.8.66 (srv68.hostserv.co.za): 1 in the la ...
show more
(mod_security) mod_security (id:225170) triggered by 41.185.8.66 (srv68.hostserv.co.za): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 06:20:15.832594 2026] [security2:error] [pid 23046:tid 23046] [client 41.185.8.66:37898] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.sprayrealty.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.sprayrealty.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akD1X6zVOphZ23vMlwsYJAAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
CBJ
2026-06-28 09:17:09
(4 days ago)
fail2ban: apache-random-recon
...
Web App Attack
๐ฉ๐ช
neckaralb-admin.de
2026-06-27 21:48:08
(4 days ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐ฒ๐น
Malta
2026-06-26 13:00:49
(5 days ago)
41.185.8.66 - - [26/Jun/2026:15:00:49 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Macintosh; ...
show more
41.185.8.66 - - [26/Jun/2026:15:00:49 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
Brute-force password attempt
show less
Hacking
Web App Attack
Brute-Force
๐ฆ๐บ
paulshipley.com.au
2026-06-26 00:27:18
(6 days ago)
paulshipley.info:443 41.185.8.66 - - [26/Jun/2026:10:27:17 +1000] "GET /?author=2 HTTP/1.1" 404 5078 ...
show more
paulshipley.info:443 41.185.8.66 - - [26/Jun/2026:10:27:17 +1000] "GET /?author=2 HTTP/1.1" 404 5078 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
...
show less
Web App Attack