π²π¬
Laurent313
2026-06-24 11:03:00
(1 week ago)
WordPress wp-login.php brute-force, 100+ POST requests in ~90 seconds from a
DigitalOcean VPS. Acti ...
show more
WordPress wp-login.php brute-force, 100+ POST requests in ~90 seconds from a
DigitalOcean VPS. Active Feb 26 2026. AS14061 DigitalOcean. Logged via Apache access.log.
show less
Brute-Force
Web App Attack
Anonymous
2026-04-11 05:34:06
(2 months ago)
DNS AXFR Attempt
DNS Compromise
πΊπΈ
TPI-Abuse
2026-02-28 09:59:20
(4 months ago)
(mod_security) mod_security (id:225170) triggered by 64.23.230.227 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 64.23.230.227 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 28 04:59:11.943134 2026] [security2:error] [pid 15191:tid 15191] [client 64.23.230.227:64226] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.fritsknuf.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.fritsknuf.com"] [uri "/blog/wp-json/wp/v2/users"] [unique_id "aaK8b22q7tXjiHegvTMyyQAAAAI"], referer: https://www.google.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-02-28 07:06:55
(4 months ago)
(mod_security) mod_security (id:225170) triggered by 64.23.230.227 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 64.23.230.227 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 28 02:06:48.461427 2026] [security2:error] [pid 31713:tid 31713] [client 64.23.230.227:63589] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.laboquimia.es|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.laboquimia.es"] [uri "/wp-json/wp/v2/users"] [unique_id "aaKUCLC97Mgbvf8xHWBUcwAAABI"], referer: https://wordpress.org/
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
stinpriza
2026-02-27 20:50:13
(4 months ago)
Web App Attack
Web App Attack
πΊπΈ
TPI-Abuse
2026-02-27 10:25:17
(4 months ago)
(mod_security) mod_security (id:225170) triggered by 64.23.230.227 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 64.23.230.227 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 27 05:25:10.424841 2026] [security2:error] [pid 7754:tid 7754] [client 64.23.230.227:56568] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||konahawaii.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "konahawaii.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aaFxBolRWPiYFWFHrbQlFgAAAAA"], referer: https://wordpress.org/
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-02-27 05:22:36
(4 months ago)
(mod_security) mod_security (id:225170) triggered by 64.23.230.227 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 64.23.230.227 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 27 00:22:29.708018 2026] [security2:error] [pid 18857:tid 18857] [client 64.23.230.227:58083] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||jacquelineperriam.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jacquelineperriam.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aaEqFcXiFbIS85N84ylhsgAAAAQ"], referer: https://www.google.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
πΈπͺ
vaia.cloud
2026-02-26 21:02:02
(4 months ago)
trying wp-login.php/xmlrpc.php 107 times in 1 minutes
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-02-26 19:34:55
(4 months ago)
(mod_security) mod_security (id:225170) triggered by 64.23.230.227 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 64.23.230.227 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 26 14:34:48.420979 2026] [security2:error] [pid 8873:tid 8873] [client 64.23.230.227:54298] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.josephshv.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.josephshv.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aaCgWJTIkUe78MZ8GI5fzgAAAAI"], referer: https://www.google.com/search?q=wordpress
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
mnsf
2026-02-26 19:05:42
(4 months ago)
Login Too Frequent (31)
Request Overload (168)
Brute-Force
Web App Attack
π΅π±
sefinek.net
2025-12-21 04:06:14
(6 months ago)
Blocked by UFW on PL02 [10000/tcp]
Source port: 61013
TTL: 227
Packet length: 44
TOS: 0x00
This rep ...
show more
Blocked by UFW on PL02 [10000/tcp]
Source port: 61013
TTL: 227
Packet length: 44
TOS: 0x00
This report was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
π¨π³
ThreatBook.io
2025-10-29 22:13:44
(8 months ago)
ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/64.23.230.227
2025-10- ...
show more
ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/64.23.230.227
2025-10-29 06:02:19 /
show less
Web App Attack
πΊπΈ
xmission.com
2025-09-16 06:55:32
(9 months ago)
Blocked by UFW (TCP on 3306)
Source port: 61003
TTL: 244
Packet length: 44
TOS: 0x08
This report (f ...
show more
Blocked by UFW (TCP on 3306)
Source port: 61003
TTL: 244
Packet length: 44
TOS: 0x08
This report (for 64.23.230.227) was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
SQL Injection
πΊπΈ
Starburst SysOp Team
2025-09-16 06:18:51
(9 months ago)
Host header is a numeric IP address. Pattern match "(?:^( (920350-mnz6-1)
Hacking
Bad Web Bot
π³π±
EGP Abuse Dept
2025-09-16 06:07:25
(9 months ago)
Unauthorized connection to RDP port 3389
Port Scan
Hacking