๐ฉ๐ช
neckaralb-admin.de
2026-07-05 13:08:44
(1 day ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐ซ๐ท
masterguru
2026-07-05 04:32:04
(1 day ago)
(modsec_5040) ModSec 5040: API Basic Auth blocked from 125.212.224.208 (VN/Vietnam/208.0-24.224.212. ...
show more
(modsec_5040) ModSec 5040: API Basic Auth blocked from 125.212.224.208 (VN/Vietnam/208.0-24.224.212.125.in-addr.arpa): 1 in the last 3600 secs (0-196)
show less
Hacking
Anonymous
2026-07-05 02:23:06
(1 day ago)
2026-07-05T04:23:06.213088+02:00 aion wordpress[856087]: XML-RPC authentication attempt for unknown ...
show more
2026-07-05T04:23:06.213088+02:00 aion wordpress[856087]: XML-RPC authentication attempt for unknown user michael from 125.212.224.208
...
show less
Hacking
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-04 02:25:24
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 125.212.224.208 (208.0-24.224.212.125.in-addr.a ...
show more
(mod_security) mod_security (id:225170) triggered by 125.212.224.208 (208.0-24.224.212.125.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 22:25:16.642081 2026] [security2:error] [pid 19405:tid 19405] [client 125.212.224.208:45604] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||michaelthompson.biz|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "michaelthompson.biz"] [uri "/wp-json/wp/v2/users"] [unique_id "akhvDKpZFLtUOJQNfFHpkQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 01:20:15
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 125.212.224.208 (208.0-24.224.212.125.in-addr.a ...
show more
(mod_security) mod_security (id:225170) triggered by 125.212.224.208 (208.0-24.224.212.125.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 21:20:02.756107 2026] [security2:error] [pid 26057:tid 26057] [client 125.212.224.208:56322] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||wallawallafirearmstraining.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "wallawallafirearmstraining.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akhfwjpEda4V7nArxWXJ5gAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 23:38:25
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 125.212.224.208 (208.0-24.224.212.125.in-addr.a ...
show more
(mod_security) mod_security (id:225170) triggered by 125.212.224.208 (208.0-24.224.212.125.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 19:38:16.213191 2026] [security2:error] [pid 1710:tid 1710] [client 125.212.224.208:53076] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||kidswow.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "kidswow.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akhH6ODgYXT0vrZ1lMj27QAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 15:43:30
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 125.212.224.208 (208.0-24.224.212.125.in-addr.a ...
show more
(mod_security) mod_security (id:225170) triggered by 125.212.224.208 (208.0-24.224.212.125.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 11:43:26.489448 2026] [security2:error] [pid 23107:tid 23107] [client 125.212.224.208:47042] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||tcit.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tcit.org"] [uri "/wp-json/wp/v2/users"] [unique_id "akfYnv2VODB6LacRyDfb4QAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 14:04:56
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 125.212.224.208 (208.0-24.224.212.125.in-addr.a ...
show more
(mod_security) mod_security (id:225170) triggered by 125.212.224.208 (208.0-24.224.212.125.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 10:04:51.008112 2026] [security2:error] [pid 7553:tid 7553] [client 125.212.224.208:39050] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||fundingworkingcapital.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "fundingworkingcapital.com"] [uri "/wp-json/wp/v2/users/6"] [unique_id "akfBg3lHFYIpFSKpYnDaYgAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 09:32:32
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 125.212.224.208 (208.0-24.224.212.125.in-addr.a ...
show more
(mod_security) mod_security (id:225170) triggered by 125.212.224.208 (208.0-24.224.212.125.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 05:32:22.599968 2026] [security2:error] [pid 1065:tid 1065] [client 125.212.224.208:43568] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||bostonmarathonstories.bostonlog.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bostonmarathonstories.bostonlog.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akeBpgKweOyCsiybb3qAlAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Mundo Bueno
2026-07-03 03:33:57
(3 days ago)
[ISILIA Protection v2.1] Tentative d'accรจs: /wp-json/wp/v2/users/me | Pays: VN | UA: Mozilla/5.0 (Ma ...
show more
[ISILIA Protection v2.1] Tentative d'accรจs: /wp-json/wp/v2/users/me | Pays: VN | UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 17:14:27
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 125.212.224.208 (208.0-24.224.212.125.in-addr.a ...
show more
(mod_security) mod_security (id:225170) triggered by 125.212.224.208 (208.0-24.224.212.125.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 13:14:20.243781 2026] [security2:error] [pid 16807:tid 16807] [client 125.212.224.208:48340] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||susanoneill.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "susanoneill.us"] [uri "/wp-json/wp/v2/users/me"] [unique_id "akacbGzTIOFQtUY3Iff-9wAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
lostswordfish.com
2026-07-02 11:22:04
(4 days ago)
Wordfence waf block on secure uv4sor
Web App Attack
๐ฒ๐น
Malta
2026-07-01 23:14:17
(4 days ago)
125.212.224.208 - - [02/Jul/2026:01:14:17 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (X11; Li ...
show more
125.212.224.208 - - [02/Jul/2026:01:14:17 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0"
show less
Hacking
Web App Attack
VPN IP
๐จ๐ฟ
ptlab
2026-07-01 20:45:32
(4 days ago)
Detected wp_login attack from WP-host.
Hacking
Web App Attack
๐บ๐ธ
nationaleventpros.com
2026-07-01 19:40:59
(5 days ago)
WordPress login attempt
Brute-Force