π¨π¦
polycoda
2026-06-01 10:35:50
(1 month ago)
π Probes for wp-login.php and other inexistent URLs
Hacking
Web App Attack
π©πͺ
london2038.com
2026-05-31 21:22:33
(1 month ago)
Attacking WordPress
93.157.102.240 - - [31/May/2026:23:22:30 +0200] "POST /wp-login.php HTTP/2.0" 50 ...
show more
Attacking WordPress
93.157.102.240 - - [31/May/2026:23:22:30 +0200] "POST /wp-login.php HTTP/2.0" 503 19291 "https://<REDACTED>/wp-login.php" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
show less
Brute-Force
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-31 06:28:38
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 93.157.102.240 (www-cl-7.cyberadmin.cyber-folks ...
show more
(mod_security) mod_security (id:225170) triggered by 93.157.102.240 (www-cl-7.cyberadmin.cyber-folks.pl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 02:28:33.894345 2026] [security2:error] [pid 26881:tid 26881] [client 93.157.102.240:54500] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||davidharrisgriffith.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "davidharrisgriffith.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ahvVEXihVNoIn-BMo0m0wQAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
FeG Deutschland
2026-05-30 21:45:16
(1 month ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-30 15:14:17
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 93.157.102.240 (www-cl-7.cyberadmin.cyber-folks ...
show more
(mod_security) mod_security (id:225170) triggered by 93.157.102.240 (www-cl-7.cyberadmin.cyber-folks.pl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 11:14:13.918564 2026] [security2:error] [pid 13689:tid 13689] [client 93.157.102.240:42590] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||pakistanvision.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "pakistanvision.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ahr-xQtffYXU9mhMdhtT5wAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
barbarella
2026-05-30 13:41:02
(1 month ago)
Hacking attempt of Wordpress (scan for users) (GET /?author=19)
Hacking
Web App Attack
π«π·
tecnicorioja
2026-05-24 22:00:31
(1 month ago)
wp-login attack [24/May/2026:03:25:31
Brute-Force
Web App Attack
π΅π±
bmino.pl
2026-05-24 09:46:39
(1 month ago)
Autoban IP(2): 93.157.102.240 - Hostname: Cyber_Folks S.A. - City: Poznan - Region: Greater Poland - ...
show more
Autoban IP(2): 93.157.102.240 - Hostname: Cyber_Folks S.A. - City: Poznan - Region: Greater Poland - Country: Poland - Location: 52.4071,16.9118 - Organization: H88 S.A - failed attempts.
show less
Web App Attack
π²πΉ
Malta
2026-05-23 21:51:49
(1 month ago)
93.157.102.240 - - [23/May/2026:23:51:49 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows ...
show more
93.157.102.240 - - [23/May/2026:23:51:49 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
show less
Hacking
Web App Attack
π«π·
ingroscart.it
2026-05-23 06:50:12
(1 month ago)
(wordpress) Failed wordpress login from 93.157.102.240 (PL/Poland/www-cl-7.cyberadmin.cyber-folks.pl ...
show more
(wordpress) Failed wordpress login from 93.157.102.240 (PL/Poland/www-cl-7.cyberadmin.cyber-folks.pl)
show less
Brute-Force
πΊπΈ
cwytech
2026-05-22 23:55:05
(1 month ago)
Fleet-wide ban from the Ghostfleet π». Triggered by scenario: cwy/wp-us-login-only-high.
Bad Web Bot
Web App Attack
πΊπΈ
lostswordfish.com
2026-05-22 16:22:03
(1 month ago)
Wordfence waf block on wp20190711M4
Web App Attack
π©πͺ
FeG Deutschland
2026-05-21 05:16:27
(1 month ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 2
Exploited Host
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-21 03:59:02
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 93.157.102.240 (www-cl-7.cyberadmin.cyber-folks ...
show more
(mod_security) mod_security (id:225170) triggered by 93.157.102.240 (www-cl-7.cyberadmin.cyber-folks.pl): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 23:58:58.334645 2026] [security2:error] [pid 29154:tid 29232] [client 93.157.102.240:49574] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||cynosurelandscapers.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "cynosurelandscapers.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ag6DAqOEXkzqnjMdeqQDqAAAAhQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π²πΉ
Malta
2026-05-19 14:33:30
(1 month ago)
93.157.102.240 - - [19/May/2026:16:33:30 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Macintos ...
show more
93.157.102.240 - - [19/May/2026:16:33:30 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_7_10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
Brute-force password attempt
show less
Hacking
Web App Attack
Brute-Force