Anonymous
2026-07-03 21:55:11
(14 minutes ago)
IP banned by Fail2Ban in jail nginx-abusive-ips
Web App Attack
Brute-Force
Bad Web Bot
๐บ๐ธ
ambor
2026-07-03 21:10:30
(59 minutes ago)
Honeypot triggered: /wp-json/wp/v2/users/7 on ifebridge.com. User-Agent: Mozilla/5.0 (Windows NT 10. ...
show more
Honeypot triggered: /wp-json/wp/v2/users/7 on ifebridge.com. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36. Method: GET
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 20:50:52
(1 hour ago)
(mod_security) mod_security (id:225170) triggered by 124.253.68.71 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 124.253.68.71 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 16:50:46.242125 2026] [security2:error] [pid 9158:tid 9158] [client 124.253.68.71:34266] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||centrodentalsindolor.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "centrodentalsindolor.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akggpm8gk2oCAbQUnAkjegAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
bsoft.de
2026-07-03 20:15:13
(1 hour ago)
124.253.68.71 - - [03/Jul/2026:16:08:12 +0200] "GET /xmlrpc.php HTTP/1.1" 405 42 "-" "Mozilla/5.0 (W ...
show more
124.253.68.71 - - [03/Jul/2026:16:08:12 +0200] "GET /xmlrpc.php HTTP/1.1" 405 42 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
124.253.68.71 - - [03/Jul/2026:21:59:38 +0200] "GET /wp-json/wp/v2/users/9?_fields=id,slug,roles HTTP/1.1" 404 148 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
124.253.68.71 - - [03/Jul/2026:22:15:06 +0200] "GET /xmlrpc.php HTTP/1.1" 405 42 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 20:13:35
(1 hour ago)
(mod_security) mod_security (id:225170) triggered by 124.253.68.71 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 124.253.68.71 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 16:13:28.903270 2026] [security2:error] [pid 24109:tid 24109] [client 124.253.68.71:37391] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||marcosbarraza.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "marcosbarraza.net"] [uri "/wp-json/wp/v2/users"] [unique_id "akgX6NoyF1cJXskCheJwEgAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ฐ
ScamAware
2026-07-03 19:39:27
(2 hours ago)
Detected by Cloudflare Security Events via WordPress automation. Detection: user_enumeration (WordPr ...
show more
Detected by Cloudflare Security Events via WordPress automation. Detection: user_enumeration (WordPress user enumeration). Hits from same IP in last 60 minutes: 1. Unique request paths counted internally: 1. Cloudflare action: block. Cloudflare source: firewallCustom.
show less
Brute-Force
Web App Attack
Anonymous
2026-07-03 18:10:06
(4 hours ago)
2026-07-03T20:10:05.673902+02:00 aion wordpress[1215]: Blocked user enumeration attempt from 124.253 ...
show more
2026-07-03T20:10:05.673902+02:00 aion wordpress[1215]: Blocked user enumeration attempt from 124.253.68.71
...
show less
Hacking
Brute-Force
๐ฉ๐ช
4server
2026-07-03 18:05:26
(4 hours ago)
[FriJul0320:05:23.9341662026][security2:error][pid463143:tid463252][client124.253.68.71:0]ModSecurit ...
show more
[FriJul0320:05:23.9341662026][security2:error][pid463143:tid463252][client124.253.68.71:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"agilityrossoblu.ch\"][uri\"/xmlrpc.php\"][unique_id\"akf5482RfY-ClRN3z3rRjAAAAQk\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 18:05:16
(4 hours ago)
(mod_security) mod_security (id:225170) triggered by 124.253.68.71 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 124.253.68.71 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 14:05:12.126822 2026] [security2:error] [pid 25320:tid 25320] [client 124.253.68.71:18405] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||pcga.golf|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "pcga.golf"] [uri "/wp-json/wp/v2/users"] [unique_id "akf52Jh-lbk79u7Q4SE-SAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
stinpriza
2026-07-03 18:04:04
(4 hours ago)
Web App Attack
Web App Attack
๐ซ๐ท
Little Iguana
2026-07-03 18:00:43
(4 hours ago)
Attempt to hack Wordpress Login, XMLRPC or other login
Hacking
๐จ๐ฆ
polycoda
2026-07-03 17:24:53
(4 hours ago)
๐ Probes for xmlrpc.php everywhere
Hacking
Web App Attack
๐บ๐ธ
nyt
2026-07-03 17:05:45
(5 hours ago)
WP User Enumeration, 404 error on unusual API endpoint request, WP Author Enumeration, XMLRPC Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 16:59:38
(5 hours ago)
(mod_security) mod_security (id:225170) triggered by 124.253.68.71 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 124.253.68.71 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 12:59:32.853160 2026] [security2:error] [pid 21702:tid 21702] [client 124.253.68.71:28460] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||jerielster.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jerielster.com"] [uri "/wp-json/wp/v2/users/10"] [unique_id "akfqdLI4NkdKdtjC25CdfwAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 16:42:11
(5 hours ago)
(mod_security) mod_security (id:225170) triggered by 124.253.68.71 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 124.253.68.71 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 12:42:04.358652 2026] [security2:error] [pid 5395:tid 5395] [client 124.253.68.71:5195] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||n4fh.cosentient.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "n4fh.cosentient.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akfmXF_etK9Z-4G_b_-8ggAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack