๐ฉ๐ช
yangfan
2026-04-05 08:31:38
(2 months ago)
UFW Blocked [443/TCP]
Source: 79.127.132.34:37146
TTL: 52
Lenth: 60
TOS: 0x00
Port Scan
Web App Attack
๐ณ๐ฑ
Savvii
2025-09-11 06:52:20
(9 months ago)
11 attempts against mh_ha-misc-ban on hydra
Brute-Force
Web App Attack
๐ช๐ธ
el-brujo
2025-09-10 23:56:25
(9 months ago)
Cloudflare WAF: Request Path: /xmlrpc.php Request Query: ?rsd Host: ns2.elhacker.net userAgent: Mozi ...
show more
Cloudflare WAF: Request Path: /xmlrpc.php Request Query: ?rsd Host: ns2.elhacker.net userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 Action: managed_challenge Source: firewallManaged ASN Description: CDNEXT Country: US Method: GET Timestamp: 2025-09-10T23:56:25Z ruleId: 5de7edfa648c4d6891dc3e7f84534ffa. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB).
show less
Hacking
SQL Injection
Web App Attack
๐บ๐ธ
myagent.site
2025-09-10 23:40:06
(9 months ago)
Blocking for trying to access an exploit file: /xmlrpc.php?rsd
Hacking
๐บ๐ธ
TPI-Abuse
2025-09-10 22:09:00
(9 months ago)
(mod_security) mod_security (id:225170) triggered by 79.127.132.34 (unn-79-127-132-34.datapacket.com ...
show more
(mod_security) mod_security (id:225170) triggered by 79.127.132.34 (unn-79-127-132-34.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 10 18:08:56.845566 2025] [security2:error] [pid 5267:tid 5267] [client 79.127.132.34:7740] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.realestatemedia.co.uk|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.realestatemedia.co.uk"] [uri "/wp-json/wp/v2/users/"] [unique_id "aMH2-HWhB5v_Ltt1C7BhOwAAAB0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob.fr
2025-09-10 21:31:00
(9 months ago)
Repeated 403 errors, blocked by Fail2ban in custom-403 jail
Bad Web Bot
๐ณ๐ฑ
CryptoYakari
2025-09-10 21:26:22
(9 months ago)
79.127.132.34 - - [11/Sep/2025:00:26:20 +0300] "GET //wp-includes/ID3/license.txt HTTP/1.0" 404 3184 ...
show more
79.127.132.34 - - [11/Sep/2025:00:26:20 +0300] "GET //wp-includes/ID3/license.txt HTTP/1.0" 404 3184 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
79.127.132.34 - - [11/Sep/2025:00:26:21 +0300] "GET //feed/ HTTP/1.0" 404 3184 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
79.127.132.34 - - [11/Sep/2025:00:26:21 +0300] "GET //xmlrpc.php?rsd HTTP/1.0" 404 200 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
79.127.132.34 - - [11/Sep/2025:00:26:21 +0300] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.0" 404 3184 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
79.127.132.34 - - [11/Sep/2025:00:26:21 +0300] "GET //web/wp-includes/wlwmanifest.xml HTTP/1.0" 404 3184 "-" "Mozilla/5.0 (Windows NT 10.0; Win
...
show less
Web Spam
Blog Spam
Bad Web Bot
Web App Attack
Anonymous
2025-09-10 21:21:02
(9 months ago)
Bot / scanning and/or hacking attempts: POST //xmlrpc.php HTTP/1.1, GET //site/wp-includes/wlwmanife ...
show more
Bot / scanning and/or hacking attempts: POST //xmlrpc.php HTTP/1.1, GET //site/wp-includes/wlwmanifest.xml HTTP/1.1, GET //cms/wp-includes/wlwmanifest.xml HTTP/1.1, GET //shop/wp-includes/wlwmanifest.xml HTTP/1.1, POST //wp-login.php HTTP/1.1, GET //wp/wp-includes/wlwmanifest.xml HTTP/1.1
show less
Hacking
Web App Attack
๐จ๐ญ
ALPHANET
2025-09-10 20:33:41
(9 months ago)
web exploits
Hacking
Exploited Host
Web App Attack
๐ธ๐ช
konseptit
2025-09-10 20:30:26
(9 months ago)
(wordpress) Failed wordpress login from 79.127.132.34 (US/United States/unn-79-127-132-34.datapacket ...
show more
(wordpress) Failed wordpress login from 79.127.132.34 (US/United States/unn-79-127-132-34.datapacket.com)
show less
Brute-Force
๐บ๐ธ
TPI-Abuse
2025-09-10 17:57:01
(9 months ago)
(mod_security) mod_security (id:225170) triggered by 79.127.132.34 (unn-79-127-132-34.datapacket.com ...
show more
(mod_security) mod_security (id:225170) triggered by 79.127.132.34 (unn-79-127-132-34.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 10 13:56:57.474361 2025] [security2:error] [pid 15471:tid 15471] [client 79.127.132.34:24446] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||local639.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "local639.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aMG76da1o1bgkRFjwDGgXAAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-09-10 16:30:00
(9 months ago)
Excessive crawling/scraping. Vulnerable file probing.
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ญ
backslash
2025-09-10 16:15:05
(9 months ago)
block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8
Bad Web Bot
๐ณ๐ฟ
Tripwire
2025-09-10 14:42:17
(9 months ago)
Scanning for exploits - //wp-includes/ID3/license.txt
Web App Attack
๐ง๐ช
cmbplf
2025-09-10 14:25:37
(9 months ago)
1.644 POST requests with url.path */wp-login.php
1.503 requests with url.path */wp-includes/wlwmani ...
show more
1.644 POST requests with url.path */wp-login.php
1.503 requests with url.path */wp-includes/wlwmanifest.xml
show less
Brute-Force
Bad Web Bot