Anonymous
2026-07-08 14:18:28
(2 days ago)
Fail2ban filtered
...
Web App Attack
๐ฉ๐ช
LRob
2026-06-25 16:45:04
(2 weeks ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-05 11:18:20
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 91.245.236.160 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 91.245.236.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 05 07:18:16.443344 2026] [security2:error] [pid 4405:tid 4405] [client 91.245.236.160:45975] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||garysgates.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "garysgates.com"] [uri "/wp-json/wp/v2/users"] [unique_id "afnR-MGCw2HrkwWYskGQQgAAABg"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
kosada.com
2026-04-25 13:31:11
(2 months ago)
Web password guessing
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-04-24 14:12:43
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 91.245.236.160 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 91.245.236.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 24 10:12:39.458232 2026] [security2:error] [pid 3963522:tid 3963522] [client 91.245.236.160:33521] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||grollman.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "grollman.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aet6V5Zh4lGfk1MjPSDppwAAAAs"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Lino Project
2026-04-23 05:45:06
(2 months ago)
91.245.236.160 - - [23/Apr/2026:07:45:05 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3978 "-" "Mozilla/5. ...
show more
91.245.236.160 - - [23/Apr/2026:07:45:05 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3978 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36"
...
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-12 13:56:58
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 91.245.236.160 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 91.245.236.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 12 09:56:52.901462 2026] [security2:error] [pid 4173537:tid 4173537] [client 91.245.236.160:12131] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||siczewicz.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "siczewicz.com"] [uri "/wp-json/wp/v2/users"] [unique_id "adukpD62thq-l4yv0QtiVwAAAAg"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ฟ
ptlab
2026-04-08 04:45:49
(3 months ago)
Detected wp_login attack from WP-host.
Hacking
Web App Attack
๐บ๐ธ
mind5t0rm
2026-04-02 04:12:32
(3 months ago)
(XMLRPC) WP XMLPRC Attack 91.245.236.160 (US/United States/-): 3 in the last 3600 secs; Ports: *; Di ...
show more
(XMLRPC) WP XMLPRC Attack 91.245.236.160 (US/United States/-): 3 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 91.245.236.160 - - [02/Apr/2026:11:12:26 +0700] "POST /xmlrpc.php HTTP/2.0" 403 154 "-" "curl/7.88.1"
91.245.236.160 - - [02/Apr/2026:11:12:27 +0700] "POST /xmlrpc.php HTTP/2.0" 403 154 "-" "curl/8.6.0"
91.245.236.160 - - [02/Apr/2026:11:12:28 +0700] "POST /xmlrpc.php HTTP/2.0" 403 154 "-" "Wget/1.21.4"
show less
Port Scan
๐บ๐ธ
agenciahypelab.com.br
2026-03-30 11:14:19
(3 months ago)
WordPress login brute-force detectado e bloqueado pelo CSF/LFD. Trigger: LF_TRIGGER
Brute-Force
SSH
Anonymous
2026-03-27 17:06:07
(3 months ago)
"GET /wp-login.php HTTP/1.1"
Hacking
Web App Attack
๐จ๐ฆ
polycoda
2026-02-18 15:50:31
(4 months ago)
๐ Probes for xmlrpc.php everywhere
Hacking
Web App Attack
Anonymous
2026-02-01 05:00:33
(5 months ago)
Attempted brute force login to web vpn 2 time(s); last attempt for 2026.02.01 is noted in report tim ...
show more
Attempted brute force login to web vpn 2 time(s); last attempt for 2026.02.01 is noted in report timestamp
show less
Hacking
Brute-Force
๐ฑ๐ป
garmtech.com
2026-01-03 04:52:51
(6 months ago)
IM360 WAF: Attempt to upload malware
Hacking
Anonymous
2025-12-08 17:18:39
(7 months ago)
Attempted brute force login to web vpn 1 time(s); last attempt for 2025.12.08 is noted in report tim ...
show more
Attempted brute force login to web vpn 1 time(s); last attempt for 2025.12.08 is noted in report timestamp
show less
Hacking
Brute-Force