๐ฉ๐ช
Vegascosmetics
2026-07-03 01:43:23
(2 days ago)
(Kingcopy.org-AI-IDS-Report):IP automatically blocked after suspicious activity. Vegas Security
DDoS Attack
Hacking
Exploited Host
๐บ๐ธ
kosada.com
2026-07-02 20:17:16
(2 days ago)
Web vulnerability probing: /wp-config.php~
Web App Attack
๐ฉ๐ช
maxpower
2026-07-02 13:47:40
(2 days ago)
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 98.71.130.25 (-): 2 in the last 3600 sec ...
show more
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 98.71.130.25 (-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 98.71.130.25 - - [02/Jul/2026:15:47:35 +0200] "GET /wp-config.php.old HTTP/1.1" 403 358 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "-" host=dimensioneautosgt.it
98.71.130.25 - - [02/Jul/2026:15:47:35 +0200] "GET /wp-config.php.bak HTTP/1.1" 301 294 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "-" host=dimensioneautosgt.it
show less
Port Scan
๐น๐ญ
MWA SOC
2026-07-02 11:25:10
(2 days ago)
Hacking
๐บ๐ธ
jormaster3k
2026-07-02 09:53:20
(2 days ago)
Attack against Apache (too many 404s)
Web App Attack
๐ซ๐ท
โจ
2026-07-02 00:34:14
(3 days ago)
Domain : redirect.netenergy.uk
Rule : admin
2026-07-02 00:33:13 217.194.210.152 GET /wp-admin/admin- ...
show more
Domain : redirect.netenergy.uk
Rule : admin
2026-07-02 00:33:13 217.194.210.152 GET /wp-admin/admin-ajax.php - 80 - 98.71.130.25 HTTP/1.1 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 - bumperandfriends.com 404 0 2 1436 678 48 - -
show less
Exploited Host
Web App Attack
๐บ๐ธ
Charlesiv
2026-07-01 14:06:28
(3 days ago)
Triggered Cloudflare WAF (firewallCustom) from NL.
Action taken: BLOCK
ASN: 8075 (Microsoft Corporat ...
show more
Triggered Cloudflare WAF (firewallCustom) from NL.
Action taken: BLOCK
ASN: 8075 (Microsoft Corporation)
Protocol: HTTP/1.1 (GET method)
Endpoint: /
Timestamp: 2026-07-01T13:10:02Z
Ray ID: a145a6081e3b3ed0
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
show less
Bad Web Bot
๐ฌ๐ง
consul.to
2026-07-01 05:31:58
(3 days ago)
Web attack/malicious scanning detected
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 01:03:48
(4 days ago)
(mod_security) mod_security (id:210492) triggered by 98.71.130.25 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 98.71.130.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 21:03:41.577005 2026] [security2:error] [pid 6805:tid 6805] [client 98.71.130.25:65220] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "renjunews.com"] [uri "/wp-config.php.bak"] [unique_id "akRnbdCeW92ed5tT75RpsgAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
YF
2026-07-01 00:00:42
(4 days ago)
WordPress config file probe
Web App Attack
๐ฆ๐บ
paulshipley.com.au
2026-07-01 00:00:25
(4 days ago)
[Wed Jul 01 10:00:23.645309 2026] [security2:error] [pid 315594] [client 98.71.130.25:57634] [client ...
show more
[Wed Jul 01 10:00:23.645309 2026] [security2:error] [pid 315594] [client 98.71.130.25:57634] [client 98.71.130.25] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 10)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "levellapromotions.com.au"] [uri "/wp-config.php.bak"] [unique_id "akRYl61xLMj458EW6oQyzgAAAAs"]
...
show less
Web App Attack
๐ฉ๐ช
maxpower
2026-06-30 23:02:59
(4 days ago)
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 98.71.130.25 (-): 2 in the last 3600 sec ...
show more
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 98.71.130.25 (-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 98.71.130.25 - - [01/Jul/2026:01:02:51 +0200] "GET /wp-config.php~ HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "-" host=consac.eu
98.71.130.25 - - [01/Jul/2026:01:02:51 +0200] "GET /wp-config.php.bak HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "-" host=consac.eu
show less
Port Scan
๐ฉ๐ช
stinpriza
2026-06-30 22:42:53
(4 days ago)
common Web Exploits being scanned
Web App Attack
๐ช๐ธ
elcruzado.es
2026-06-30 19:49:20
(4 days ago)
(mod_security) mod_security triggered on hostname [redacted] 98.71.130.25 (-)
SQL Injection
๐บ๐ธ
TPI-Abuse
2026-06-30 19:45:42
(4 days ago)
(mod_security) mod_security (id:210492) triggered by 98.71.130.25 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 98.71.130.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 15:45:37.475913 2026] [security2:error] [pid 5561:tid 5561] [client 98.71.130.25:64321] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bamedica.com"] [uri "/wp-config.php.bak"] [unique_id "akQc4Yex9z2hgm72kMIy6gAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack