Anonymous
2026-06-10 21:52:36
(3 weeks ago)
CMS (WordPress or Joomla) brute force attempt.
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-10 21:31:33
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 116.202.229.113 (astra5113.nstdmail.de): 1 in t ...
show more
(mod_security) mod_security (id:225170) triggered by 116.202.229.113 (astra5113.nstdmail.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 17:31:29.194732 2026] [security2:error] [pid 981:tid 981] [client 116.202.229.113:47792] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.nekstlevel.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.nekstlevel.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ainXsd6DddUvSEuA36-A7wAAACI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
R.G.
2026-06-10 11:56:51
(3 weeks ago)
(WPLOGINorWHATEVER) Get lost please 116.202.229.113 (DE/Germany/astra5113.nstdmail.de): 7 in the las ...
show more
(WPLOGINorWHATEVER) Get lost please 116.202.229.113 (DE/Germany/astra5113.nstdmail.de): 7 in the last 600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
๐บ๐ธ
Dolphi
2026-06-09 23:00:04
(3 weeks ago)
Excessive POST /wp-login.php requests
Brute-Force
Web App Attack
๐ซ๐ท
dynamix
2026-06-09 19:38:33
(3 weeks ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 23:33:27
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 116.202.229.113 (astra5113.nstdmail.de): 1 in t ...
show more
(mod_security) mod_security (id:225170) triggered by 116.202.229.113 (astra5113.nstdmail.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 19:33:21.330040 2026] [security2:error] [pid 22763:tid 22763] [client 116.202.229.113:34394] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||grabagame.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "grabagame.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aidRQbQJNA8wcY1mJ0WzggAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Mangelot Hosting
2026-06-08 17:55:55
(3 weeks ago)
(modsecurity) srv101 ModSecurity 116.202.229.113 (DE/Germany/astra5113.nstdmail.de): 10 in the last ...
show more
(modsecurity) srv101 ModSecurity 116.202.229.113 (DE/Germany/astra5113.nstdmail.de): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs:
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 08:33:24
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 116.202.229.113 (astra5113.nstdmail.de): 1 in t ...
show more
(mod_security) mod_security (id:225170) triggered by 116.202.229.113 (astra5113.nstdmail.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 04:33:16.004888 2026] [security2:error] [pid 4628:tid 4628] [client 116.202.229.113:32844] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||kmelson.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "kmelson.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiZ-TGdCuoH3r16SAoHk6AAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 22:01:41
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 116.202.229.113 (astra5113.nstdmail.de): 1 in t ...
show more
(mod_security) mod_security (id:225170) triggered by 116.202.229.113 (astra5113.nstdmail.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 18:01:36.496575 2026] [security2:error] [pid 23431:tid 23431] [client 116.202.229.113:58666] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.mkdesignndetailing.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.mkdesignndetailing.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiXqQHyk5I7KfWXdOzMjcgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Jason Howell
2026-06-07 03:15:27
(3 weeks ago)
116.202.229.113 - - [06/Jun/2026:22:15:25 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4307 "-" "Mozilla/5 ...
show more
116.202.229.113 - - [06/Jun/2026:22:15:25 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4307 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:40.0) Gecko/20100101 Firefox/40.0"
116.202.229.113 - - [06/Jun/2026:22:15:25 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4309 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55.0"
116.202.229.113 - - [06/Jun/2026:22:15:26 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4307 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0"
116.202.229.113 - - [06/Jun/2026:22:15:26 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4308 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0"
116.202.229.113 - - [06/Jun/2026:22:15:26 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4307 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:65.0) Gecko/20100101 Firefox/65.0"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 00:11:23
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 116.202.229.113 (astra5113.nstdmail.de): 1 in t ...
show more
(mod_security) mod_security (id:225170) triggered by 116.202.229.113 (astra5113.nstdmail.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 20:11:18.025007 2026] [security2:error] [pid 15217:tid 15217] [client 116.202.229.113:42284] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.soundtrax.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.soundtrax.net"] [uri "/wp-json/wp/v2/users"] [unique_id "aiS3JrHMd0M43zn-tXrUcAAAAB4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-06 22:47:20
(3 weeks ago)
116.202.229.113 - - [07/Jun/2026:00:47:19 +0200] "POST /xmlrpc.php HTTP/1.1" 200 206 "-" "Mozilla/5. ...
show more
116.202.229.113 - - [07/Jun/2026:00:47:19 +0200] "POST /xmlrpc.php HTTP/1.1" 200 206 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
116.202.229.113 - - [07/Jun/2026:00:47:18 +0200] "POST /xmlrpc.php HTTP/1.1" 200 539 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0"
116.202.229.113 - - [07/Jun/2026:00:47:19 +0200] "POST /xmlrpc.php HTTP/1.1" 200 206 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0"
116.202.229.113 - - [07/Jun/2026:00:47:18 +0200] "POST /xmlrpc.php HTTP/1.1" 200 539 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:95.0) Gecko/20100101 Firefox/95.0"
116.202.229.113 - - [07/Jun/2026:00:47:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 206 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-06 19:23:54
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 116.202.229.113 (astra5113.nstdmail.de): 1 in t ...
show more
(mod_security) mod_security (id:225170) triggered by 116.202.229.113 (astra5113.nstdmail.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 15:23:51.287403 2026] [security2:error] [pid 23394:tid 23416] [client 116.202.229.113:42038] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||cynosureinternetservices.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "cynosureinternetservices.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiRzx-yp-fAvhddO7IKjFAAAAEk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-06-06 17:54:15
(3 weeks ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-05 12:29:06
(4 weeks ago)
(mod_security) mod_security (id:225170) triggered by 116.202.229.113 (astra5113.nstdmail.de): 1 in t ...
show more
(mod_security) mod_security (id:225170) triggered by 116.202.229.113 (astra5113.nstdmail.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 08:28:59.264478 2026] [security2:error] [pid 6594:tid 6594] [client 116.202.229.113:42656] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.soonerstone.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.soonerstone.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiLBC06njVBwLfm04_XKfAAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack