Hi @Sajjad_Haider,
Have a look at this thread, which lays out the pattern I’ve been seeing recently. As I say in that thread, I am interested in patterns that would suggest current releases are vulnerable to attack, but I haven’t seen them yet. If you can investigate your access log for activity from the IP address being used by “Disommo”, you may be able to put together a record of their tracks through the system.
Regards,
Alec Smecher
Public Knowledge Project Team