๐ณ๐ด
jad-abuse
2026-07-06 21:24:23
(3 hours ago)
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: xmlrpc. O ...
show more
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: xmlrpc. Observed by 1 sensor(s); 1 hits.
show less
Brute-Force
Web App Attack
๐บ๐ธ
jcbriar
2026-07-06 20:18:41
(4 hours ago)
Searching for vulnerable scripts
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-06 18:21:03
(6 hours ago)
(mod_security) mod_security (id:225170) triggered by 103.93.32.138 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 103.93.32.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 14:20:59.649757 2026] [security2:error] [pid 21051:tid 21156] [client 103.93.32.138:60636] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||frannykingsmith.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "frannykingsmith.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akvyC2Uq-MwC_rj_GfzmkAAAAhQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฟ
Tripwire
2026-07-05 15:20:23
(1 day ago)
Probing for Wordpress - /xmlrpc.php
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-05 09:38:10
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 103.93.32.138 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 103.93.32.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 05:38:06.374739 2026] [security2:error] [pid 27838:tid 27838] [client 103.93.32.138:52385] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||laura-stone.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "laura-stone.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akol_nV7EzfNdq4r9oNL6gAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
4server
2026-07-04 16:21:21
(2 days ago)
[SatJul0418:21:16.3497122026][security2:error][pid1714347:tid1714461][client103.93.32.138:0]ModSecur ...
show more
[SatJul0418:21:16.3497122026][security2:error][pid1714347:tid1714461][client103.93.32.138:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"solaristech.ch\"][uri\"/xmlrpc.php\"][unique_id\"akky_HWLQdl2B4RAQ3UObAAAAQE\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 14:59:26
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 103.93.32.138 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 103.93.32.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 10:59:21.263019 2026] [security2:error] [pid 3901:tid 3953] [client 103.93.32.138:52018] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||rawhabitat.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rawhabitat.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akkfyfyHzX11MAVqB21xOQAAAJE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 07:35:00
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 103.93.32.138 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 103.93.32.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 03:34:53.248996 2026] [security2:error] [pid 13702:tid 13702] [client 103.93.32.138:50773] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||doublenaughtspycar.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "doublenaughtspycar.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aki3neUkuxgmjN2VcimSxAAAAB4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 15:35:43
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 103.93.32.138 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 103.93.32.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 11:35:37.284388 2026] [security2:error] [pid 6844:tid 6844] [client 103.93.32.138:60979] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||boraimpact.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "boraimpact.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akKQycHB7jdZjlN9ReGzhwAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
4server
2026-06-28 12:41:15
(1 week ago)
[SunJun2814:41:12.1332582026][security2:error][pid1652104:tid1652123][client103.93.32.138:0]ModSecur ...
show more
[SunJun2814:41:12.1332582026][security2:error][pid1652104:tid1652123][client103.93.32.138:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"ponzellini.ch\"][uri\"/xmlrpc.php\"][unique_id\"akEWaBvRJtwdi0Myb_SMGgAAAAY\"]
show less
Port Scan
Brute-Force
Web App Attack
๐ณ๐ฑ
wlt-blocker
2026-06-28 04:36:22
(1 week ago)
Unauthorized access to webpage admin
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 15:37:02
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 103.93.32.138 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 103.93.32.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 11:36:57.377697 2026] [security2:error] [pid 1962:tid 1962] [client 103.93.32.138:50115] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||techsunlimited.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "techsunlimited.net"] [uri "/wp-json/wp/v2/users"] [unique_id "aj_uGRZZowoDTQ4VAmPI6gAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack