๐ซ๐ท
SpaceHost-Server
2026-06-30 22:41:34
(2 days ago)
Brute-Force
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-30 08:44:10
(3 days ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-06-30 08:08:50
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 143.44.169.147 (143.44.169.147-rev.convergeict. ...
show more
(mod_security) mod_security (id:225170) triggered by 143.44.169.147 (143.44.169.147-rev.convergeict.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 04:08:44.076177 2026] [security2:error] [pid 24743:tid 24743] [client 143.44.169.147:56069] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||wholesalelivelobsters.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "wholesalelivelobsters.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akN5jOO120AvmJ5Ci-ffaAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob
2026-06-30 04:45:08
(3 days ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
๐ฉ๐ช
4server
2026-06-30 00:53:56
(3 days ago)
[TueJun3002:53:49.8169992026][security2:error][pid3699160:tid3699236][client143.44.169.147:0]ModSecu ...
show more
[TueJun3002:53:49.8169992026][security2:error][pid3699160:tid3699236][client143.44.169.147:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"mjgold.ch\"][uri\"/xmlrpc.php\"][unique_id\"akMTnU9TswfTIM_v4tw6nAAAAIo\"]
show less
Port Scan
Brute-Force
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-06-29 22:28:17
(3 days ago)
Brute-Force
Web App Attack
๐บ๐ธ
lostswordfish.com
2026-06-29 05:54:03
(4 days ago)
Wordfence waf block on kcuar
Web App Attack
๐ณ๐ฟ
Tripwire
2026-06-23 14:37:53
(1 week ago)
Probing for Wordpress - /xmlrpc.php
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 18:15:07
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 143.44.169.147 (143.44.169.147-rev.convergeict. ...
show more
(mod_security) mod_security (id:225170) triggered by 143.44.169.147 (143.44.169.147-rev.convergeict.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 14:14:59.254511 2026] [security2:error] [pid 19816:tid 19832] [client 143.44.169.147:11260] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||davidholls.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "davidholls.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajl7o_6ur10Ss0XVSiiljAAAAQ0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 13:52:33
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 143.44.169.147 (143.44.169.147-rev.convergeict. ...
show more
(mod_security) mod_security (id:225170) triggered by 143.44.169.147 (143.44.169.147-rev.convergeict.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 09:52:25.578919 2026] [security2:error] [pid 6461:tid 6461] [client 143.44.169.147:49686] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||tourissue.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tourissue.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajk-Gd21ikV9v8aEL0AOKgAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ญ
4server
2026-06-20 23:02:37
(1 week ago)
[SunJun2101:02:34.2247992026][security2:error][pid2082545:tid2082562][client143.44.169.147:0]ModSecu ...
show more
[SunJun2101:02:34.2247992026][security2:error][pid2082545:tid2082562][client143.44.169.147:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"368\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"swisservers.com\"][uri\"/xmlrpc.php\"][unique_id\"ajccCvNRRjbOgep_m7RdfQAAAAY\"]
show less
Hacking
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-06-20 22:35:04
(1 week ago)
Try to access /xmlrpc.php
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-06-20 07:08:14
(1 week ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
US/United States/143.44.169.147-rev.convergeict.com
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-20 01:38:11
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 143.44.169.147 (143.44.169.147-rev.convergeict. ...
show more
(mod_security) mod_security (id:225170) triggered by 143.44.169.147 (143.44.169.147-rev.convergeict.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 21:38:03.613241 2026] [security2:error] [pid 22489:tid 22489] [client 143.44.169.147:56931] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||pleaseaddbacon.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "pleaseaddbacon.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajXu-7mqeN-0lsXjfAoWvAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
wlt-blocker
2026-06-20 01:06:14
(1 week ago)
Unauthorized access to webpage admin
Web App Attack