π¨π¦
polycoda
2026-07-07 11:20:15
(2 days ago)
π Probes for wp-login.php and other inexistent URLs
Hacking
Web App Attack
π¬π·
setupgr
2026-07-07 10:45:44
(2 days ago)
(wplogin_block) Blocked WP-Login Access Attempt 42.115.192.253 (VN/Vietnam/Ho Chi Minh City (HCMC)/Q ...
show more
(wplogin_block) Blocked WP-Login Access Attempt 42.115.192.253 (VN/Vietnam/Ho Chi Minh City (HCMC)/QuѺΒn Hai/-/[AS18403 FPT-AS-AP FPT Telecom Company]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 42.115.192.253 - - [07/Jul/2026:13:41:07 +0300] "GET /wp-login.php HTTP/2.0" 200 7327 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
show less
Port Scan
πΊπΈ
TPI-Abuse
2026-07-07 09:11:06
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 42.115.192.253 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 42.115.192.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 05:10:49.714768 2026] [security2:error] [pid 26963:tid 26963] [client 42.115.192.253:37101] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||carolinafootprints.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "carolinafootprints.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "akzCmbbpFAlNrmBiUtC1CQAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
cwytech
2026-07-07 09:02:25
(2 days ago)
Fleet-wide ban from the Ghostfleet π». Triggered by scenario: cwy/wp-us-login-only-high.
Bad Web Bot
Web App Attack
πΊπΈ
TAY
2026-07-07 08:54:03
(2 days ago)
42.115.192.253 - - [07/Jul/2026:16:46:20 +0800] "POST /xmlrpc.php HTTP/1.1" 200 6323 "-" "Mozilla/5. ...
show more
42.115.192.253 - - [07/Jul/2026:16:46:20 +0800] "POST /xmlrpc.php HTTP/1.1" 200 6323 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
42.115.192.253 - - [07/Jul/2026:16:53:30 +0800] "POST /xmlrpc.php HTTP/1.1" 200 6323 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0"
42.115.192.253 - - [07/Jul/2026:16:54:03 +0800] "POST /xmlrpc.php HTTP/1.1" 200 6323 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
...
show less
Brute-Force
πΊπΈ
TPI-Abuse
2026-07-07 08:23:56
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 42.115.192.253 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 42.115.192.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 04:23:40.166954 2026] [security2:error] [pid 6759:tid 6881] [client 42.115.192.253:31807] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||tapas.soluciona.biz|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tapas.soluciona.biz"] [uri "/wp-json/wp/v2/users/me"] [unique_id "aky3jNsh-K1V4OnSyGhTyAAAAQo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
Prodscape
2026-07-07 08:12:34
(2 days ago)
(WPLOGIN) WP Login Attack 42.115.192.253 (VN/Vietnam/-): 5 in the last 86400 secs; Ports: *; Directi ...
show more
(WPLOGIN) WP Login Attack 42.115.192.253 (VN/Vietnam/-): 5 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER
show less
Port Scan
π²πΉ
Malta
2026-07-07 06:24:46
(2 days ago)
42.115.192.253 - - [07/Jul/2026:08:24:46 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (X11; Lin ...
show more
42.115.192.253 - - [07/Jul/2026:08:24:46 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0"
Brute-force password attempt
show less
Hacking
Web App Attack
Brute-Force
πΊπΈ
TAY
2026-07-07 05:44:12
(2 days ago)
42.115.192.253 - - [07/Jul/2026:13:42:59 +0800] "POST /wp-login.php HTTP/1.1" 200 2678 "https://mail ...
show more
42.115.192.253 - - [07/Jul/2026:13:42:59 +0800] "POST /wp-login.php HTTP/1.1" 200 2678 "https://mail.littleprairie.com.my/wp-login.php" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0"
42.115.192.253 - - [07/Jul/2026:13:44:03 +0800] "POST /wp-login.php HTTP/1.1" 200 2678 "https://mail.littleprairie.com.my/wp-login.php" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0"
42.115.192.253 - - [07/Jul/2026:13:44:11 +0800] "POST /xmlrpc.php HTTP/1.1" 200 6323 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36 Edg/133.0.0.0"
...
show less
Brute-Force
π²π½
octageeks.com
2026-07-07 04:16:12
(2 days ago)
Wordpress malicious attack:[octaxmlrpc]
Web App Attack
π©πͺ
4server
2026-07-07 03:29:50
(2 days ago)
[TueJul0705:29:43.8823782026][security2:error][pid830759:tid830871][client42.115.192.253:0]ModSecuri ...
show more
[TueJul0705:29:43.8823782026][security2:error][pid830759:tid830871][client42.115.192.253:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"ipv6.gmint.ch\"][uri\"/xmlrpc.php\"][unique_id\"akxyp2NFETBmoO56P3hJYQAAANU\"]
show less
Port Scan
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-07 01:43:55
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 42.115.192.253 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 42.115.192.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 21:43:40.621945 2026] [security2:error] [pid 21263:tid 21263] [client 42.115.192.253:22022] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||firebelly.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "firebelly.org"] [uri "/wp-json/wp/v2/users/me"] [unique_id "akxZzBdOvdYnJe3kRda-JQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
neckaralb-admin.de
2026-07-07 01:43:38
(2 days ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
π«π·
masterguru
2026-07-07 01:27:42
(2 days ago)
(modsec_5040) ModSec 5040: API Basic Auth blocked from 42.115.192.253 (VN/Vietnam/-): 1 in the last ...
show more
(modsec_5040) ModSec 5040: API Basic Auth blocked from 42.115.192.253 (VN/Vietnam/-): 1 in the last 3600 secs (0-196)
show less
Hacking
π¦πΊ
QT
2026-07-07 01:18:52
(2 days ago)
Unauthorised WordPress admin login attempted at 2026-07-07 11:18:50 +1000
Web App Attack