๐ฉ๐ช
ger-stg-sifi1
2026-07-05 22:20:35
(1 day ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐ซ๐ท
masterguru
2026-07-04 17:22:56
(2 days ago)
(modsec_5040) ModSec 5040: API Basic Auth blocked from 152.53.53.76 (US/United States/srv.us1.aelix. ...
show more
(modsec_5040) ModSec 5040: API Basic Auth blocked from 152.53.53.76 (US/United States/srv.us1.aelix.top): 1 in the last 3600 secs (0-196)
show less
Hacking
๐ฉ๐ช
4server
2026-07-04 16:46:08
(2 days ago)
[SatJul0418:46:03.2576492026][security2:error][pid1729911:tid1730041][client152.53.53.76:0]ModSecuri ...
show more
[SatJul0418:46:03.2576492026][security2:error][pid1729911:tid1730041][client152.53.53.76:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"ipv6.gmint.ch\"][uri\"/xmlrpc.php\"][unique_id\"akk4y49QJ60ZGsLgfM8rBgAAARA\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 07:41:22
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 152.53.53.76 (srv.us1.aelix.top): 1 in the last ...
show more
(mod_security) mod_security (id:225170) triggered by 152.53.53.76 (srv.us1.aelix.top): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 03:41:18.529141 2026] [security2:error] [pid 14548:tid 14548] [client 152.53.53.76:51226] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||bigholegolf.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bigholegolf.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aki5HhI5kPob7khAwbTPQQAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 00:15:32
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 152.53.53.76 (srv.us1.aelix.top): 1 in the last ...
show more
(mod_security) mod_security (id:225170) triggered by 152.53.53.76 (srv.us1.aelix.top): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 20:15:25.689635 2026] [security2:error] [pid 3537:tid 3537] [client 152.53.53.76:53140] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||visionremota.info|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "visionremota.info"] [uri "/wp-json/wp/v2/users"] [unique_id "akhQnYV8hTJf-ZHE5tustAAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 22:41:39
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 152.53.53.76 (srv.us1.aelix.top): 1 in the last ...
show more
(mod_security) mod_security (id:225170) triggered by 152.53.53.76 (srv.us1.aelix.top): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 18:41:34.164661 2026] [security2:error] [pid 27509:tid 27527] [client 152.53.53.76:41984] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||nabsci.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "nabsci.com"] [uri "/wp-json/wp/v2/users/4"] [unique_id "akg6nprUE-0xlDY2CBgq4gAAAI4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 20:05:22
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 152.53.53.76 (srv.us1.aelix.top): 1 in the last ...
show more
(mod_security) mod_security (id:225170) triggered by 152.53.53.76 (srv.us1.aelix.top): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 16:05:15.748075 2026] [security2:error] [pid 18370:tid 18370] [client 152.53.53.76:37732] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||iplantotravel.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "iplantotravel.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akgV-6pV1MueEE3vA9mwQgAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-07-03 09:04:45
(3 days ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
๐บ๐ธ
wordpresshosting.solutions
2026-07-01 18:49:54
(5 days ago)
WordPress login/xmlrpc abuse or user enumeration detected. Evidence: 152.53.53.76 - - [01/Jul/2026:1 ...
show more
WordPress login/xmlrpc abuse or user enumeration detected. Evidence: 152.53.53.76 - - [01/Jul/2026:18:49:53 +0000] "GET /wp-login.php HTTP/1.1" 200 8091 "https://[DOMAIN]/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
152.53.53.76 - - [01/Jul/2026:18:49:53 +0000] "GET /wp-login.php HTTP/1.1" 200 8091 "https://[DOMAIN]/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
show less
Brute-Force
Web App Attack
๐ฉ๐ช
neckaralb-admin.de
2026-07-01 13:41:07
(5 days ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-06-30 23:37:44
(5 days ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 07:38:36
(6 days ago)
(mod_security) mod_security (id:225170) triggered by 152.53.53.76 (srv.us1.aelix.top): 1 in the last ...
show more
(mod_security) mod_security (id:225170) triggered by 152.53.53.76 (srv.us1.aelix.top): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 03:38:28.351456 2026] [security2:error] [pid 14051:tid 14051] [client 152.53.53.76:36062] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||rocksolidhomebuilders.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rocksolidhomebuilders.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "akNydCbWkoHloWWbP1dorQAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฒ๐น
Malta
2026-06-29 19:29:35
(1 week ago)
152.53.53.76 - - [29/Jun/2026:21:29:35 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT ...
show more
152.53.53.76 - - [29/Jun/2026:21:29:35 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0"
Brute-force password attempt
show less
Hacking
Web App Attack
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-29 09:08:51
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 152.53.53.76 (srv.us1.aelix.top): 1 in the last ...
show more
(mod_security) mod_security (id:225170) triggered by 152.53.53.76 (srv.us1.aelix.top): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 05:08:47.207223 2026] [security2:error] [pid 4688:tid 4688] [client 152.53.53.76:36080] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.eatatlotone.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.eatatlotone.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akI2H6QVAsV0AfVspIIeXwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 08:34:22
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 152.53.53.76 (srv.us1.aelix.top): 1 in the last ...
show more
(mod_security) mod_security (id:225170) triggered by 152.53.53.76 (srv.us1.aelix.top): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 04:34:16.842496 2026] [security2:error] [pid 17458:tid 17458] [client 152.53.53.76:37936] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||freemanfoundationcle.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "freemanfoundationcle.org"] [uri "/wp-json/wp/v2/users"] [unique_id "akIuCAjRDo9yaZWlDfUe3AAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack