πΊπΈ
lostswordfish.com
2026-06-14 21:06:02
(11 hours ago)
Wordfence waf block on registrymatters
Web App Attack
πΊπΈ
factor1
2026-06-14 19:59:01
(12 hours ago)
Fail2ban at churndash Reports Abuse.
Brute-Force
Web App Attack
πΊπΈ
xmission.com
2026-06-14 15:44:43
(16 hours ago)
163.227.6.243 - - [14/Jun/2026:09:44:43 -0600] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 ...
show more
163.227.6.243 - - [14/Jun/2026:09:44:43 -0600] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0"
...
show less
Web App Attack
π³π΄
jad-abuse
2026-06-14 12:13:09
(20 hours ago)
ThreatFeed automated detection: malicious HTTP scanning / exploit attempts. Signatures: wp_login. Ob ...
show more
ThreatFeed automated detection: malicious HTTP scanning / exploit attempts. Signatures: wp_login. Observed by 1 sensor(s); 2 hits.
show less
Brute-Force
Web App Attack
πΊπΈ
etu brutus
2026-06-13 23:52:40
(1 day ago)
163.227.6.243 has been banned for [WebApp Attack]
...
Hacking
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-13 02:34:54
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 163.227.6.243 (pulse.whitelabelwebpanel.com): 1 ...
show more
(mod_security) mod_security (id:225170) triggered by 163.227.6.243 (pulse.whitelabelwebpanel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 22:34:47.524149 2026] [security2:error] [pid 24124:tid 24124] [client 163.227.6.243:43230] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ronjamestelevision.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ronjamestelevision.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "aizBx5FQWGS6m-p5N0B-vAAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
FeG Deutschland
2026-06-12 19:13:34
(2 days ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 2
Exploited Host
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-12 03:46:10
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 163.227.6.243 (pulse.whitelabelwebpanel.com): 1 ...
show more
(mod_security) mod_security (id:225170) triggered by 163.227.6.243 (pulse.whitelabelwebpanel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 23:46:05.575172 2026] [security2:error] [pid 6131:tid 6131] [client 163.227.6.243:58836] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||baselinesc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "baselinesc.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiuA_SNoG_X3eHNi86WmbAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¬π§
spamverify.com
2026-06-09 23:31:58
(5 days ago)
Honeypot Hit: WordPress Login
Web Spam
Blog Spam
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-09 07:31:05
(6 days ago)
(mod_security) mod_security (id:225170) triggered by 163.227.6.243 (pulse.whitelabelwebpanel.com): 1 ...
show more
(mod_security) mod_security (id:225170) triggered by 163.227.6.243 (pulse.whitelabelwebpanel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 03:30:57.414734 2026] [security2:error] [pid 18618:tid 18618] [client 163.227.6.243:36760] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||airdriedrivingschool.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "airdriedrivingschool.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "aifBMQ_t4ZpyZ4w75Nzg7wAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π«π·
ELYAZ
2026-06-08 22:46:31
(6 days ago)
(y4) Failed scan -byebye- from 163.227.6.243 (BD/Bangladesh/pulse.whitelabelwebpanel.com): (CF_ENAB ...
show more
(y4) Failed scan -byebye- from 163.227.6.243 (BD/Bangladesh/pulse.whitelabelwebpanel.com): (CF_ENABLE)
show less
Hacking
πΊπΈ
xmission.com
2026-06-08 20:25:00
(6 days ago)
163.227.6.243 - - [08/Jun/2026:14:24:59 -0600] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 ...
show more
163.227.6.243 - - [08/Jun/2026:14:24:59 -0600] "POST /xmlrpc.php HTTP/2.0" 200 401 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11_7_10) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
...
show less
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-08 09:18:16
(6 days ago)
(mod_security) mod_security (id:225170) triggered by 163.227.6.243 (pulse.whitelabelwebpanel.com): 1 ...
show more
(mod_security) mod_security (id:225170) triggered by 163.227.6.243 (pulse.whitelabelwebpanel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 05:18:09.103703 2026] [security2:error] [pid 11371:tid 11371] [client 163.227.6.243:52272] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||qatest.soudertonbigred.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "qatest.soudertonbigred.org"] [uri "/wp-json/wp/v2/users/me"] [unique_id "aiaI0QIUSQxe6P39FORfGwAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-07 21:34:44
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 163.227.6.243 (pulse.whitelabelwebpanel.com): 1 ...
show more
(mod_security) mod_security (id:225170) triggered by 163.227.6.243 (pulse.whitelabelwebpanel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 17:34:39.147185 2026] [security2:error] [pid 3959:tid 3959] [client 163.227.6.243:36844] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||peterjohnsonauthor.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "peterjohnsonauthor.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiXj7wkIp5uJZhRb8CdTugAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
LRob.fr
2026-06-07 10:15:06
(1 week ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack