๐ฌ๐ท
setupgr
2026-07-01 04:03:55
(2 days ago)
(wplogin_block) Blocked WP-Login Access Attempt 65.111.21.5 (BR/Brazil/Sรยฃo Paulo/Sรยฃo Paulo/-/[AS20 ...
show more
(wplogin_block) Blocked WP-Login Access Attempt 65.111.21.5 (BR/Brazil/Sรยฃo Paulo/Sรยฃo Paulo/-/[AS200373 DREI-K-TECH-GMBH]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 65.111.21.5 - - [01/Jul/2026:07:01:22 +0300] "POST /wp-login.php HTTP/1.1" 200 5067 "https://gyrosplace.gr/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 13_6_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.1.15"
show less
Port Scan
๐บ๐ธ
cwytech
2026-07-01 01:32:06
(2 days ago)
Fleet-wide ban from the Ghostfleet ๐ป. Triggered by scenario: cwy/wp-us-login-only-high.
Bad Web Bot
Web App Attack
๐ซ๐ท
ELYAZ
2026-06-28 21:02:36
(4 days ago)
(y4) Failed scan -byebye- from 65.111.21.5 (BR/Brazil/-): (CF_ENABLE)
Hacking
๐ซ๐ท
pm33
2026-06-27 17:53:02
(5 days ago)
Wordpress login attempts
Brute-Force
๐ฌ๐ท
setupgr
2026-06-25 04:45:02
(1 week ago)
(mod_security) mod_security (id:900001) triggered by 65.111.21.5 (BR/Brazil/Sรยฃo Paulo/Sรยฃo Paulo/-/ ...
show more
(mod_security) mod_security (id:900001) triggered by 65.111.21.5 (BR/Brazil/Sรยฃo Paulo/Sรยฃo Paulo/-/[AS200373 DREI-K-TECH-GMBH]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 25 07:44:59.823080 2026] [security2:error] [pid 358184:tid 358219] [client 65.111.21.5:15935] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "75"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.babis.photo"] [severity "CRITICAL"] [tag "security"] [hostname "mail.babis.photo"] [uri "/wp-login.php"] [unique_id "ajyyS6O2mzdLeHxqn3rhfwAAAUM"], referer: https://mail.babis.photo/wp-login.php
show less
Port Scan
๐ซ๐ท
tecnicorioja
2026-06-23 22:01:33
(1 week ago)
wp-login attack [23/Jun/2026:17:30:28
Brute-Force
Web App Attack
๐ฌ๐ท
setupgr
2026-06-23 21:51:59
(1 week ago)
(mod_security) mod_security (id:900001) triggered by 65.111.21.5 (BR/Brazil/Sรยฃo Paulo/Sรยฃo Paulo/-/ ...
show more
(mod_security) mod_security (id:900001) triggered by 65.111.21.5 (BR/Brazil/Sรยฃo Paulo/Sรยฃo Paulo/-/[AS200373 DREI-K-TECH-GMBH]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Wed Jun 24 00:51:56.996879 2026] [security2:error] [pid 2059052:tid 2059096] [client 65.111.21.5:51539] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "75"] [id "900001"] [msg "Blocked WP Login attempt on domain: fashionfragonard.gr"] [severity "CRITICAL"] [tag "security"] [hostname "fashionfragonard.gr"] [uri "/wp-login.php"] [unique_id "ajr__FNPFwkSkEkc_m2MsgAAARE"], referer: https://fashionfragonard.gr/wp-login.php
show less
Port Scan
๐ฒ๐น
Malta
2026-06-22 16:50:39
(1 week ago)
65.111.21.5 - - [22/Jun/2026:18:50:39 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (X11; Linux ...
show more
65.111.21.5 - - [22/Jun/2026:18:50:39 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:120.0) Gecko/20100101 Firefox/120.0"
Brute-force password attempt
show less
Hacking
Web App Attack
Brute-Force
๐ซ๐ท
mrcrassi
2026-06-17 16:05:36
(2 weeks ago)
Triggered Cloudflare WAF (firewallCustom) from CA.
Action taken: BLOCK
Protocol: HTTP/1.1 (POST meth ...
show more
Triggered Cloudflare WAF (firewallCustom) from CA.
Action taken: BLOCK
Protocol: HTTP/1.1 (POST method)
Endpoint: /wp-login.php
UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; rv:118.0) Gecko/20100101 Firefox/118.0
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
Anonymous
2026-06-17 09:20:54
(2 weeks ago)
Web attack blocked by Wordfence on cuypersinvalkenburg.nl (1 hit). Reported by CRMON.
Web App Attack
๐ซ๐ท
pm33
2026-06-16 19:37:33
(2 weeks ago)
Wordpress login attempts
Brute-Force
๐บ๐ธ
lostswordfish.com
2026-06-15 10:20:06
(2 weeks ago)
Wordfence waf block on fypeducation
Web App Attack
๐จ๐ด
ingentar
2026-06-15 07:48:34
(2 weeks ago)
2026-06-15T02:44:16.762091-05:00 web wordpress(cemcarga.com.co)[195410]: Blocked authentication atte ...
show more
2026-06-15T02:44:16.762091-05:00 web wordpress(cemcarga.com.co)[195410]: Blocked authentication attempt for root from 65.111.21.5
...
show less
Web App Attack
Brute-Force
๐ฒ๐น
Malta
2026-06-14 17:38:18
(2 weeks ago)
65.111.21.5 - - [14/Jun/2026:19:38:18 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT ...
show more
65.111.21.5 - - [14/Jun/2026:19:38:18 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 11.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
show less
Hacking
Web App Attack
VPN IP
๐ฌ๐ท
setupgr
2026-06-14 12:25:16
(2 weeks ago)
(mod_security) mod_security (id:900001) triggered by 65.111.21.5: 1 in the last 86400 secs; Ports: * ...
show more
(mod_security) mod_security (id:900001) triggered by 65.111.21.5: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Sun Jun 14 15:25:15.322704 2026] [security2:error] [pid 948989:tid 949040] [client 65.111.21.5:49185] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "74"] [id "900001"] [msg "Blocked WP Login attempt on domain: mail.babis.photo"] [severity "CRITICAL"] [tag "security"] [hostname "mail.babis.photo"] [uri "/wp-login.php"] [unique_id "ai6dq9XD3_cY7WcDuxqDbwAAAJg"], referer: https://mail.babis.photo/wp-login.php
show less
Port Scan