๐ฉ๐ช
FeG Deutschland
2026-07-15 17:09:50
(4 days ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 257
Exploited Host
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-07-13 21:33:01
(6 days ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 257
Exploited Host
Web App Attack
๐ช๐ธ
Cognisant-Security
2026-07-12 16:58:00
(1 week ago)
Attempts to login using known user credentials that were leaked on the Dark Web
Web App Attack
Hacking
๐จ๐ฟ
ptlab
2026-07-11 22:45:08
(1 week ago)
Detected wp_login attack from WP-host.
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 21:03:58
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 88.218.45.119 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 88.218.45.119 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 17:03:51.784705 2026] [security2:error] [pid 2197:tid 2197] [client 88.218.45.119:25985] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||engedal.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "engedal.net"] [uri "/wp-json/wp/v2/users"] [unique_id "alKvt5N7cCLQzECrQDzRdQAAAAQ"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-15 15:44:04
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 88.218.45.119 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 88.218.45.119 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 11:44:00.318637 2026] [security2:error] [pid 8117:tid 8218] [client 88.218.45.119:61913] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||bobchaos.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bobchaos.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajAdwKO9h6pmgfSGBS0ZTgAAAIk"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-15 13:52:14
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 88.218.45.119 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 88.218.45.119 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 09:52:07.954480 2026] [security2:error] [pid 6993:tid 6993] [client 88.218.45.119:54915] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ran101.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ran101.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajADh-sHZSVeWB5LAA_GBQAAAAo"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
F242
2026-06-03 09:56:35
(1 month ago)
Wordpress Login or XMLRPC abuse
Web App Attack
๐ฆ๐บ
paulshipley.com.au
2026-05-27 21:22:41
(1 month ago)
[Thu May 28 07:22:39.993140 2026] [security2:error] [pid 467093] [client 88.218.45.119:60061] [clien ...
show more
[Thu May 28 07:22:39.993140 2026] [security2:error] [pid 467093] [client 88.218.45.119:60061] [client 88.218.45.119] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "furst.com.au"] [uri "/wp-login.php"] [unique_id "ahdgn01GwHOBnXMcpaeeTwAAAAs"], referer: https://furst.com.au/wp-login.php
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-26 08:25:05
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 88.218.45.119 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 88.218.45.119 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 04:24:57.243904 2026] [security2:error] [pid 15597:tid 15597] [client 88.218.45.119:38049] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||sahinozalit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "sahinozalit.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ahVY2bmiSADJbP0nr3PoJgAAAAw"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-21 22:53:02
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 88.218.45.119 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 88.218.45.119 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 18:52:53.957208 2026] [security2:error] [pid 19562:tid 19562] [client 88.218.45.119:63033] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||raynernet.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "raynernet.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ag-MxVYShnsPeHcVMzA1iwAAAAA"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
integrantservices.com
2026-05-21 10:03:30
(1 month ago)
(PERMBLOCK) 88.218.45.119 (US/United States/-) has had more than 4 temp blocks
Hacking
๐บ๐ธ
integrantservices.com
2026-05-21 09:02:27
(1 month ago)
(wordpress) Failed wordpress login from 88.218.45.119 (US/United States/-)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-05-09 18:42:48
(2 months ago)
(mod_security) mod_security (id:210350) triggered by 88.218.45.119 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210350) triggered by 88.218.45.119 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 09 14:42:41.529039 2026] [security2:error] [pid 17300:tid 17300] [client 88.218.45.119:18527] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||nilestree.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "nilestree.com"] [uri "/"] [unique_id "af-AIb2fjOkjXaKbz2OC1AAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-04-13 15:56:22
(3 months ago)
[redacted] 88.218.45.119 - - [13/Apr/2026:17:55:52 +0200] "POST /xmlrpc.php HTTP/1.1" 200 132 "-" "A ...
show more
[redacted] 88.218.45.119 - - [13/Apr/2026:17:55:52 +0200] "POST /xmlrpc.php HTTP/1.1" 200 132 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)"
[redacted] 88.218.45.119 - - [13/Apr/2026:17:55:53 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)"
[redacted] 88.218.45.119 - - [13/Apr/2026:17:56:01 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)"
[redacted] 88.218.45.119 - - [13/Apr/2026:17:56:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)"
[redacted] 88.218.45.119 - - [13/Apr/2026:17:56:06 +0200] "POST /xmlrpc.php HTTP/1.1" 200 251 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)"
[redacted] 88.218.45.119 - - [13/Apr/2026:17:56:11 +0200] "POST /xmlrpc.php HTTP/1.1" 200 251 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)"
[redacted] 88.218.45.119 - - [13/Apr/2026:17:56:12 +0200] "POST /xmlrpc.php HTTP/1.1" 200 251 "-" "Apache-HttpClient/4.5.13 (Java/11.
...
show less
Hacking
Web App Attack