๐ซ๐ท
tecnicorioja
2026-07-03 22:00:24
(2 days ago)
wp-login attack [03/Jul/2026:05:35:01
Brute-Force
Web App Attack
๐ฌ๐ง
Axel
2026-07-03 10:27:20
(2 days ago)
Blocked by ModSecurity. Rule ID: 225170 Message: COMODO WAF: Sensitive Information Disclosure Vulner ...
show more
Blocked by ModSecurity. Rule ID: 225170 Message: COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||catboy.host|F|2 Phase: 2 Severity: CRITICAL URI: /wp-json/wp/v2/users Server: UK-01
show less
Web App Attack
Hacking
SQL Injection
๐บ๐ธ
TPI-Abuse
2026-07-03 10:23:17
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 124.253.121.171 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 124.253.121.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 06:23:11.640813 2026] [security2:error] [pid 25186:tid 25186] [client 124.253.121.171:18930] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||broneksuchanek.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "broneksuchanek.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akeNjyj8wBNUk-NmsNE3yQAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ฆ
polycoda
2026-07-03 10:03:05
(2 days ago)
๐ Probes for wp-login.php and other inexistent URLs
Hacking
Web App Attack
๐ท๐ด
iulianh
2026-07-03 09:51:39
(2 days ago)
80,443
Brute-Force
SSH
๐ซ๐ฎ
stinpriza
2026-07-03 09:45:08
(2 days ago)
Web App Attack
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 09:28:28
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 124.253.121.171 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 124.253.121.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 05:28:20.001417 2026] [security2:error] [pid 24704:tid 24704] [client 124.253.121.171:39575] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||fundingworkingcapital.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "fundingworkingcapital.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akeAs3Wn7o8JZ2VzkJtgZgAAACA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
cmbplf
2026-07-03 09:04:14
(2 days ago)
1.324 requests to many distinct domains in 1 hour (2w13h39m)
Brute-Force
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-03 08:35:07
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 124.253.121.171 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 124.253.121.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 04:35:03.657881 2026] [security2:error] [pid 27463:tid 27463] [client 124.253.121.171:32004] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||seagrovesrealty.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "seagrovesrealty.com"] [uri "/wp-json/wp/v2/users/3"] [unique_id "akd0N4QxQUNztBWajlDBKQAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ญ
4server
2026-07-03 08:26:32
(3 days ago)
[FriJul0310:26:28.6513932026][security2:error][pid1209954:tid1210118][client124.253.121.171:0]ModSec ...
show more
[FriJul0310:26:28.6513932026][security2:error][pid1209954:tid1210118][client124.253.121.171:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"368\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"edilmarra.ch\"][uri\"/wp/xmlrpc.php\"][unique_id\"akdyNCb3IEfNLtDNrveaEwAAAQQ\"]
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 08:03:19
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 124.253.121.171 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 124.253.121.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 04:03:07.783462 2026] [security2:error] [pid 20595:tid 20595] [client 124.253.121.171:40331] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||jasonmcquain.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jasonmcquain.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akdsu5vTHl62n8iexONkrgAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 07:44:01
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 124.253.121.171 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 124.253.121.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 03:43:57.647926 2026] [security2:error] [pid 7273:tid 7273] [client 124.253.121.171:35583] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||majesticsolutions.co|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "majesticsolutions.co"] [uri "/wp-json/wp/v2/users/8"] [unique_id "akdoPQQbnciBffd__GBqBQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
glaserceramics
2026-07-03 07:34:01
(3 days ago)
GET /wp-json/wp/v2/users/6?_fields=id,slug,roles via HTTP/1.1 - User-Agent: Mozilla/5.0 (Windows NT ...
show more
GET /wp-json/wp/v2/users/6?_fields=id,slug,roles via HTTP/1.1 - User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36, Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 06:59:53
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 124.253.121.171 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 124.253.121.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 02:59:46.718361 2026] [security2:error] [pid 8572:tid 8572] [client 124.253.121.171:12743] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||georgesmarina.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "georgesmarina.com"] [uri "/wp-json/wp/v2/users/10"] [unique_id "akdd4sJRDKlCUoQxneQpsQAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ketovoila.pl
2026-07-03 06:53:07
(3 days ago)
ketovoila.pl WordPress user/author enumeration: hits=1; unique_paths=1; sample_paths=/wp-json/wp/v2/ ...
show more
ketovoila.pl WordPress user/author enumeration: hits=1; unique_paths=1; sample_paths=/wp-json/wp/v2/users?per_page=100; UA="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"; window=2026-07-03T06:53:07Z..2026-07-03T06:53:07Z
show less
Web App Attack