๐ฉ๐ช
Vegascosmetics
2026-06-16 04:58:41
(2 weeks ago)
(Kingcopy.org-AI-IDS-Report):IP automatically blocked after obfuscated redirect. Vegas Security
DDoS Attack
Hacking
Exploited Host
๐บ๐ธ
Secure Gatewayยฎ๏ธ
2026-05-31 22:00:08
(4 weeks ago)
Report By Secure Gateway Security Team: Unauthorized Connection Attempt
SQL Injection
๐บ๐ธ
ALSCOยฎ๏ธ
2026-05-31 22:00:08
(4 weeks ago)
Report By ALSCO Security Team: Potential CSRF Attack Detected
SQL Injection
๐ฎ๐น
A000Z
2026-05-26 03:24:13
(1 month ago)
Fail2Ban: 89.39.104.194 was banned for Aggressive Bad Bot detected by Nginx/Fail2Ban. UA: Mozilla/5. ...
show more
Fail2Ban: 89.39.104.194 was banned for Aggressive Bad Bot detected by Nginx/Fail2Ban. UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36
show less
Bad Web Bot
๐บ๐ธ
xmission.com
2026-05-13 01:07:19
(1 month ago)
Blocked by UFW (TCP on 6927)
Source port: 41158
TTL: 49
Packet length: 60
TOS: 0x08
This report (fo ...
show more
Blocked by UFW (TCP on 6927)
Source port: 41158
TTL: 49
Packet length: 60
TOS: 0x08
This report (for 89.39.104.194) was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
๐บ๐ธ
xmission.com
2026-05-12 12:39:59
(1 month ago)
Blocked by UFW (TCP on 6927)
Source port: 2964
TTL: 49
Packet length: 60
TOS: 0x08
This report (for ...
show more
Blocked by UFW (TCP on 6927)
Source port: 2964
TTL: 49
Packet length: 60
TOS: 0x08
This report (for 89.39.104.194) was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
๐บ๐ฆ
URAN Publishing Service
2026-03-05 07:52:20
(3 months ago)
89.39.104.194 - - [05/Mar/2026:09:52:19 +0200] "GET /xmlrpc.php HTTP/1.1" 404 337 "-" "Mozilla/5.0 ( ...
show more
89.39.104.194 - - [05/Mar/2026:09:52:19 +0200] "GET /xmlrpc.php HTTP/1.1" 404 337 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐ฉ๐ช
MusicLibrary
2026-03-05 07:07:53
(3 months ago)
Attempted access to non existent wordpress urls
Bad Web Bot
๐ช๐ธ
el-brujo
2026-03-05 06:29:52
(3 months ago)
Cloudflare WAF: Request Path: /xmlrpc.php Request Query: Host: foro.elhacker.net userAgent: Mozilla ...
show more
Cloudflare WAF: Request Path: /xmlrpc.php Request Query: Host: foro.elhacker.net userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Safari/537.36 Action: managed_challenge Source: firewallManaged ASN Description: WORLDSTREAM Country: NL Method: GET Timestamp: 2026-03-05T06:29:52Z ruleId: 5de7edfa648c4d6891dc3e7f84534ffa. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB).
show less
Hacking
SQL Injection
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-05 06:18:33
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 89.39.104.194 (89-39-104-194.hosted-by-worldstr ...
show more
(mod_security) mod_security (id:225170) triggered by 89.39.104.194 (89-39-104-194.hosted-by-worldstream.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 05 01:18:29.242597 2026] [security2:error] [pid 6596:tid 6596] [client 89.39.104.194:39277] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.grandriverhomes.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.grandriverhomes.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aakgNdK0b_YXFom11FHSIQAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-05 05:37:18
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 89.39.104.194 (89-39-104-194.hosted-by-worldstr ...
show more
(mod_security) mod_security (id:225170) triggered by 89.39.104.194 (89-39-104-194.hosted-by-worldstream.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 05 00:37:10.841530 2026] [security2:error] [pid 25110:tid 25110] [client 89.39.104.194:2183] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.kbalan.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.kbalan.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aakWhq0XXYhWfNJ2XtqdEwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
botreporter
2026-03-05 04:21:38
(3 months ago)
CMS vulnerability/installation scanning
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-05 04:18:34
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 89.39.104.194 (89-39-104-194.hosted-by-worldstr ...
show more
(mod_security) mod_security (id:225170) triggered by 89.39.104.194 (89-39-104-194.hosted-by-worldstream.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 04 23:18:28.882435 2026] [security2:error] [pid 8147:tid 8147] [client 89.39.104.194:3219] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.midway-island.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.midway-island.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aakEFMo-D6q-WoATW2J2WwAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-05 03:51:06
(3 months ago)
(mod_security) mod_security (id:225170) triggered by 89.39.104.194 (89-39-104-194.hosted-by-worldstr ...
show more
(mod_security) mod_security (id:225170) triggered by 89.39.104.194 (89-39-104-194.hosted-by-worldstream.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 04 22:50:58.357898 2026] [security2:error] [pid 6735:tid 6735] [client 89.39.104.194:28337] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||nolaanime.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "nolaanime.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aaj9olo2E-6wGFhAaQrKvgAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
Steve
2026-03-05 03:40:09
(3 months ago)
Abuse of XMLRPC
Brute-Force
Web App Attack