๐ง๐ช
cmbplf
2026-07-15 11:04:34
(4 days ago)
50.657 requests in 1 hour (3mos2d18h)
Brute-Force
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-15 10:30:12
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 136.66.36.170 (170.36.66.136.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 136.66.36.170 (170.36.66.136.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 06:30:06.144196 2026] [security2:error] [pid 29369:tid 29369] [client 136.66.36.170:64736] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.nypatriotcards.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.nypatriotcards.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aldhLsK834QJ8fWXkfYEYwAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
ipoac.nl
2026-07-15 10:19:10
(4 days ago)
ipoac.nl:443 136.66.36.170 - - [15/Jul/2026:12:19:09 +0200] ipoac.nl "GET //xmlrpc.php?rsd HTTP/1.1" ...
show more
ipoac.nl:443 136.66.36.170 - - [15/Jul/2026:12:19:09 +0200] ipoac.nl "GET //xmlrpc.php?rsd HTTP/1.1" 403 2001 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
show less
Bad Web Bot
๐บ๐ธ
mnsf
2026-07-15 10:06:39
(4 days ago)
Abuse Detected (9)
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 10:04:52
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 136.66.36.170 (170.36.66.136.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 136.66.36.170 (170.36.66.136.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 06:04:46.551207 2026] [security2:error] [pid 308547:tid 308547] [client 136.66.36.170:60572] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.nordicbuilders.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.nordicbuilders.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "aldbPrEjUDwOz7AtfjncBwAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
kosada.com
2026-07-15 10:01:14
(4 days ago)
Web vulnerability probing: //wordpress/wp-includes/wlwmanifest.xml
Web App Attack
๐ฉ๐ช
spam.must.die
2026-07-15 09:54:44
(4 days ago)
IP triggered category <category>
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 09:37:35
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 136.66.36.170 (170.36.66.136.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 136.66.36.170 (170.36.66.136.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 05:37:30.727287 2026] [security2:error] [pid 928752:tid 928752] [client 136.66.36.170:62618] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||newmooncafe.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "newmooncafe.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aldU2vmcwdIvQo7CdL5qbAAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
VHosting
2026-07-15 09:35:06
(4 days ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐ฉ๐ช
grassau.com
2026-07-15 09:27:54
(4 days ago)
(wordpress) Failed wordpress login from 136.66.36.170 (US/United States/Oregon/The Dalles/170.36.66. ...
show more
(wordpress) Failed wordpress login from 136.66.36.170 (US/United States/Oregon/The Dalles/170.36.66.136.bc.googleusercontent.com)
show less
Brute-Force
๐ณ๐ฑ
Savvii
2026-07-15 09:27:01
(4 days ago)
10 attempts against mh_ha-misc-ban on ethyl
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 09:22:13
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 136.66.36.170 (170.36.66.136.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 136.66.36.170 (170.36.66.136.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 05:22:07.433909 2026] [security2:error] [pid 12376:tid 12376] [client 136.66.36.170:52712] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.nationalenq.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.nationalenq.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aldRP1nGoW4J-WvT6ZM50AAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Ba-Yu
2026-07-15 09:16:35
(4 days ago)
WP-xmlrpc exploit
Web Spam
Blog Spam
Hacking
Exploited Host
Web App Attack
๐ฉ๐ช
NihiliousMonk
2026-07-15 09:14:58
(4 days ago)
Fail2Ban report from jail npm-scanners
Bad Web Bot
Web App Attack
๐ฌ๐ง
Mendip_Defender
2026-07-15 09:12:07
(4 days ago)
136.66.36.170 - - [15/Jul/2026:10:11:55 +0100] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 4866 ...
show more
136.66.36.170 - - [15/Jul/2026:10:11:55 +0100] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 4866 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
136.66.36.170 - - [15/Jul/2026:10:11:56 +0100] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 4866 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
136.66.36.170 - - [15/Jul/2026:10:11:56 +0100] "GET //web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 4866 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
...
show less
Hacking
Web App Attack