๐บ๐ธ
TPI-Abuse
2026-06-10 16:25:17
(2 weeks ago)
(mod_security) mod_security (id:225170) triggered by 187.101.204.160 (187-101-204-160.dsl.telesp.net ...
show more
(mod_security) mod_security (id:225170) triggered by 187.101.204.160 (187-101-204-160.dsl.telesp.net.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 12:25:13.567942 2026] [security2:error] [pid 29050:tid 29050] [client 187.101.204.160:55185] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||naominixon.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "naominixon.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aimP6ZZ3WOEBfdlzDXSvLAAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-10 01:31:46
(2 weeks ago)
(mod_security) mod_security (id:225170) triggered by 187.101.204.160 (187-101-204-160.dsl.telesp.net ...
show more
(mod_security) mod_security (id:225170) triggered by 187.101.204.160 (187-101-204-160.dsl.telesp.net.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 21:31:40.987896 2026] [security2:error] [pid 21505:tid 21514] [client 187.101.204.160:54379] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||trulyoriginalpurpleoctopus.art|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "trulyoriginalpurpleoctopus.art"] [uri "/wp-json/wp/v2/users"] [unique_id "aii-fNuusALbk9Yx8p-NKAAAAUI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob.fr
2026-06-09 20:30:16
(2 weeks ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-08 22:36:10
(2 weeks ago)
(mod_security) mod_security (id:225170) triggered by 187.101.204.160 (187-101-204-160.dsl.telesp.net ...
show more
(mod_security) mod_security (id:225170) triggered by 187.101.204.160 (187-101-204-160.dsl.telesp.net.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 18:36:05.636859 2026] [security2:error] [pid 24466:tid 24466] [client 187.101.204.160:50390] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||saadeh.ws|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "saadeh.ws"] [uri "/wp-json/wp/v2/users"] [unique_id "aidD1Zo3xJNSxI6YhGV_1wAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
4server
2026-06-07 21:33:58
(3 weeks ago)
[SunJun0723:33:56.5129932026][security2:error][pid205227:tid205366][client187.101.204.160:0]ModSecur ...
show more
[SunJun0723:33:56.5129932026][security2:error][pid205227:tid205366][client187.101.204.160:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"sito-online.ch\"][uri\"/xmlrpc.php\"][unique_id\"aiXjxItsDpZ3DDIqNG28iwAAARE\"]
show less
Port Scan
Brute-Force
Web App Attack
๐ธ๐ช
SkyDancer
2026-06-07 11:58:51
(3 weeks ago)
Multiple login attempts via RDP and/or SSH using wrong credentials. Attack automatically blocked by ...
show more
Multiple login attempts via RDP and/or SSH using wrong credentials. Attack automatically blocked by SkyDancer Ai via interface.
show less
Hacking
Brute-Force
SSH
๐ซ๐ท
โจ
2026-06-07 00:07:20
(3 weeks ago)
Domain : bangorfc.com
Rule : xmlrpc
2026-06-07 00:05:09 W3SVC464 PLESK72 79.171.34.85 POST /xmlrpc.p ...
show more
Domain : bangorfc.com
Rule : xmlrpc
2026-06-07 00:05:09 W3SVC464 PLESK72 79.171.34.85 POST /xmlrpc.php - 443 - 187.101.204.160 HTTP/1.1 Mozilla/5.0 (Windows NT 10.0; x64) AppleWebKit/537.36 (KHTML, like Gecko) Opera/76.0.0.0 Safari/537.36 - - bangorfc.com 404 0 2 9045 975 1108 - -
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-05 19:22:04
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 187.101.204.160 (187-101-204-160.dsl.telesp.net ...
show more
(mod_security) mod_security (id:225170) triggered by 187.101.204.160 (187-101-204-160.dsl.telesp.net.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 15:21:59.994320 2026] [security2:error] [pid 10197:tid 10197] [client 187.101.204.160:59972] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||d-sinema.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "d-sinema.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiMh11dJLplqUCKvVlPQaQAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
inlink.ltd
2026-06-04 17:22:27
(3 weeks ago)
Known malicious PHP file or CMS probe
Web App Attack