๐ง๐ช
taivas.nl
2026-06-17 04:32:31
(3 weeks ago)
Many_bad_calls
Web App Attack
๐ญ๐ฐ
Harold Wong
2026-06-16 16:18:13
(3 weeks ago)
$f2bV_matches
Brute-Force
๐ฉ๐ช
Trashware
2026-06-16 16:17:00
(3 weeks ago)
Vulnerability scan
Hacking
Bad Web Bot
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-06-16 16:16:50
(3 weeks ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
US/United States/59.96.228.8.bc.googleusercontent.com
Web App Attack
๐ฌ๐ง
Smish
2026-06-16 16:07:53
(3 weeks ago)
HONEYPOT HIT --> Fail2ban time=1781626072 log=2026-06-16T17:07:52+01:00 ip=8.228.96.59 host=vmhost01 ...
show more
HONEYPOT HIT --> Fail2ban time=1781626072 log=2026-06-16T17:07:52+01:00 ip=8.228.96.59 host=vmhost01.mci.as210667.net method=GET uri="//xmlrpc.php?rsd" status=404 ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" ref="-" rid=5ddaec0d7ca0f78a74b0f3c57c1de0f3
show less
Web App Attack
๐ง๐ช
taivas.nl
2026-06-16 16:02:11
(3 weeks ago)
Bad_requests
Bad Web Bot
๐ณ๐ฑ
Lentini
2026-06-16 15:48:06
(3 weeks ago)
visuitslagen.nl: malicious request://wp-includes/ID3/license.txt
Web App Attack
๐ณ๐ฟ
Antinson
2026-06-16 15:46:56
(3 weeks ago)
Scraping with a high error ratio and request rate
Bad Web Bot
๐บ๐ฆ
URAN Publishing Service
2026-06-16 15:44:11
(3 weeks ago)
8.228.96.59 - - [16/Jun/2026:18:44:10 +0300] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 3156 " ...
show more
8.228.96.59 - - [16/Jun/2026:18:44:10 +0300] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 3156 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
8.228.96.59 - - [16/Jun/2026:18:44:10 +0300] "GET //xmlrpc.php?rsd HTTP/1.1" 404 712 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
...
show less
Web App Attack
๐ช๐ธ
matatunos
2026-06-16 15:30:05
(3 weeks ago)
Honeypot favala.es: 1 peticiones web a rutas de ataque (/wp-login, /.env, etc.) en 24h. Reporte auto ...
show more
Honeypot favala.es: 1 peticiones web a rutas de ataque (/wp-login, /.env, etc.) en 24h. Reporte automรกtico.
show less
Web App Attack
Bad Web Bot
๐ซ๐ท
SpaceHost-Server
2026-06-16 15:26:47
(3 weeks ago)
8.228.96.59 - - [16/Jun/2026:17:26:46 +0200] "POST //xmlrpc.php HTTP/1.1" 200 6519 "-" "Mozilla/5.0 ...
show more
8.228.96.59 - - [16/Jun/2026:17:26:46 +0200] "POST //xmlrpc.php HTTP/1.1" 200 6519 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
8.228.96.59 - - [16/Jun/2026:17:26:46 +0200] "POST //xmlrpc.php HTTP/1.1" 200 6519 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
8.228.96.59 - - [16/Jun/2026:17:26:47 +0200] "POST //xmlrpc.php HTTP/1.1" 200 6519 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-16 15:25:25
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 8.228.96.59 (59.96.228.8.bc.googleusercontent.c ...
show more
(mod_security) mod_security (id:225170) triggered by 8.228.96.59 (59.96.228.8.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 11:25:21.031865 2026] [security2:error] [pid 27197:tid 27197] [client 8.228.96.59:50709] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||vintageamptubes.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "vintageamptubes.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ajFq4Rk4CA_0cCtbhEomVAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ด
jad-abuse
2026-06-16 15:23:10
(3 weeks ago)
ThreatFeed automated detection: malicious HTTP scanning / exploit attempts. Signatures: xmlrpc. Obse ...
show more
ThreatFeed automated detection: malicious HTTP scanning / exploit attempts. Signatures: xmlrpc. Observed by 1 sensor(s); 14 hits.
show less
Brute-Force
Web App Attack
๐ช๐ธ
Francisco Vallejo
2026-06-16 15:13:44
(3 weeks ago)
[Tue Jun 16 17:13:43.238984 2026] [authz_core:error] [pid 644721:tid 130565982377664] [client 8.228. ...
show more
[Tue Jun 16 17:13:43.238984 2026] [authz_core:error] [pid 644721:tid 130565982377664] [client 8.228.96.59:63307] AH01630: client denied by server configuration: proxy:http://localhost:8096/wp-includes/ID3/license.txt
[Tue Jun 16 17:13:43.441452 2026] [authz_core:error] [pid 644721:tid 130567435699904] [client 8.228.96.59:63307] AH01630: client denied by server configuration: proxy:http://localhost:8096/feed/
[Tue Jun 16 17:13:43.686212 2026] [authz_core:error] [pid 644721:tid 130566938687168] [client 8.228.96.59:63307] AH01630: client denied by server configuration: proxy:http://localhost:8096/xmlrpc.php
[Tue Jun 16 17:13:43.892955 2026] [authz_core:error] [pid 644721:tid 130567452485312] [client 8.228.96.59:63307] AH01630: client denied by server configuration: proxy:http://localhost:8096/blog/wp-includes/wlwmanifest.xml
[Tue Jun 16 17:13:44.032212 2026] [authz_core:error] [pid 644721:tid 130567418914496] [client 8.228.96.59:63307] AH01630: client denied by server configuration: proxy
...
show less
Brute-Force
SSH
๐ฆ๐ฑ
router.al
2026-06-16 15:11:22
(3 weeks ago)
06/16/2026-15:11:22.087503 8.228.96.59 Protocol: 6 GPL WEB_SERVER 403 Forbidden
Port Scan