Anonymous
2026-07-07 12:22:04
(2 days ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1, GET /index.php HTTP/1.1
Hacking
Web App Attack
๐ฉ๐ช
findlab
2026-07-07 05:00:02
(2 days ago)
Backdrop CMS module - malicious activity detected
Bad Web Bot
Web App Attack
๐ณ๐ฑ
wlt-blocker
2026-07-07 02:17:50
(2 days ago)
Unauthorized access to webpage admin
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 00:11:49
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 103.214.61.69 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 103.214.61.69 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 20:11:42.138735 2026] [security2:error] [pid 6329:tid 6329] [client 103.214.61.69:59737] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||realclean.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "realclean.net"] [uri "/wp-json/wp/v2/users"] [unique_id "akmhPhGuHq6rwY1d5A8czgAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
PeravixGroup
2026-06-01 11:09:33
(1 month ago)
Honeypot detection: SMB / Windows file sharing exploitation attempt on port 445. Severity: HIGH. Aar ...
show more
Honeypot detection: SMB / Windows file sharing exploitation attempt on port 445. Severity: HIGH. Aaran.cloud
show less
Hacking
Exploited Host
๐บ๐ธ
TPI-Abuse
2026-02-21 17:31:47
(4 months ago)
(mod_security) mod_security (id:225170) triggered by 103.214.61.69 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 103.214.61.69 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 21 12:31:40.002664 2026] [security2:error] [pid 4922:tid 4922] [client 103.214.61.69:63928] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||kotelbarmitzvah.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "kotelbarmitzvah.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aZnr-wDEl9ympWQXZITajAAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Charlesiv
2026-02-21 13:10:19
(4 months ago)
Triggered Cloudflare WAF (firewallCustom) from IN.
Action taken: BLOCK
ASN: 133982 (EXCITEL-AS-IN Ex ...
show more
Triggered Cloudflare WAF (firewallCustom) from IN.
Action taken: BLOCK
ASN: 133982 (EXCITEL-AS-IN Excitel Broadband Private Limited)
Protocol: HTTP/1.1 (POST method)
Endpoint: /xmlrpc.php
Timestamp: 2026-02-21T13:09:21Z
Ray ID: 9d167a470b963a29
UA: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/78.0.0.0 Safari/537.36
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-02-21 10:51:28
(4 months ago)
(mod_security) mod_security (id:225170) triggered by 103.214.61.69 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 103.214.61.69 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 21 05:51:23.790540 2026] [security2:error] [pid 25196:tid 25196] [client 103.214.61.69:49718] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||3beeze.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "3beeze.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aZmOKwYXd1AHmUA5cQoUKQAAACY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-21 04:51:44
(4 months ago)
(mod_security) mod_security (id:225170) triggered by 103.214.61.69 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 103.214.61.69 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 20 23:51:38.921200 2026] [security2:error] [pid 14097:tid 14097] [client 103.214.61.69:61420] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||metcomarine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "metcomarine.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aZk52qk_jB-0b7ZcO8TxDQAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-20 12:00:24
(4 months ago)
(mod_security) mod_security (id:225170) triggered by 103.214.61.69 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 103.214.61.69 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 20 07:00:19.625038 2026] [security2:error] [pid 11764:tid 11764] [client 103.214.61.69:53279] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||gegkal.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gegkal.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aZhM06_KvTnTrKh-q7xbYgAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-20 10:03:52
(4 months ago)
(mod_security) mod_security (id:225170) triggered by 103.214.61.69 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 103.214.61.69 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 20 05:03:46.862558 2026] [security2:error] [pid 27994:tid 27994] [client 103.214.61.69:54277] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||constructionloansfunding.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "constructionloansfunding.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aZgxgrPfkNHyTr473s1PhAAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-12-22 16:17:45
(6 months ago)
(mod_security) mod_security (id:225170) triggered by 103.214.61.69 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 103.214.61.69 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 22 11:17:39.370781 2025] [security2:error] [pid 1459:tid 1459] [client 103.214.61.69:64522] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||danielbrower.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "danielbrower.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aUlvI2lDekiXRLI92DU8BQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Hazzard
2025-12-22 02:40:01
(6 months ago)
(wordpress) Failed wordpress login from 103.214.61.69 (IN/India/Karnataka/Bengaluru/-/[redacted])
Brute-Force
๐ฉ๐ช
LRob
2025-12-22 02:03:29
(6 months ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-10-05 18:57:14
(9 months ago)
(mod_security) mod_security (id:225170) triggered by 103.214.61.69 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 103.214.61.69 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 05 14:57:06.520925 2025] [security2:error] [pid 2561:tid 2561] [client 103.214.61.69:57583] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||agrollum.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "agrollum.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aOK_gl1TJqkowuyzFtScmAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack