๐บ๐ธ
TPI-Abuse
2026-07-09 00:48:31
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 197.255.79.197 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 197.255.79.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 20:48:23.783916 2026] [security2:error] [pid 22590:tid 22782] [client 197.255.79.197:51693] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||leaderoftheopposition.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "leaderoftheopposition.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ak7v13lwUu9tA32ouzDbPwAAAlM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
QT
2026-07-08 20:14:37
(1 day ago)
Unauthorised WordPress admin login attempted at 2026-07-09 06:14:35 +1000
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 18:44:36
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 197.255.79.197 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 197.255.79.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 14:44:30.726443 2026] [security2:error] [pid 21052:tid 21052] [client 197.255.79.197:34787] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||dandksupply.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "dandksupply.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ak6ajnt2dXufimutq1LsQgAAACY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
screwlooseit.com.au
2026-07-08 18:37:14
(1 day ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
GH/Ghana/-
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 14:26:31
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 197.255.79.197 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 197.255.79.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 10:26:26.126436 2026] [security2:error] [pid 11573:tid 11583] [client 197.255.79.197:62026] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||willmanlawfirm.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "willmanlawfirm.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ak5eEheBHaxTr6_z1Xzk5gAAAIc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ฐ
SaltySoftworks
2026-07-08 11:59:32
(1 day ago)
Page: /xmlrpc.php
Hacking
Web App Attack
๐ณ๐ฑ
wlt-blocker
2026-07-08 05:38:14
(2 days ago)
Unauthorized access to webpage admin
Web App Attack
๐ง๐พ
lns.bz
2026-07-07 21:26:07
(2 days ago)
Banned for trying to access xmlrpc [BY]
Web App Attack
๐ฌ๐ง
seniorlinuxadmin
2026-07-07 18:30:08
(2 days ago)
197.255.79.197 - - [07/Jul/2026:19:30:05 +0100] "POST /xmlrpc.php HTTP/1.1" 404 158 "-" "Mozilla/5.0 ...
show more
197.255.79.197 - - [07/Jul/2026:19:30:05 +0100] "POST /xmlrpc.php HTTP/1.1" 404 158 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/11.0.0.0 Safari/537.36"
show less
Port Scan
Web App Attack
๐ต๐ฑ
skoczo
2026-07-05 14:54:06
(4 days ago)
Honeytoken tripped (detected by https://github.com/skoczo/repgate): /xmlrpc.php
Web App Attack
๐ฆ๐บ
FireGuard Server
2026-07-04 17:25:04
(5 days ago)
Blocked by os-abuseipdb; 3 hits, proto=tcp, ports=443
Port Scan
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-04 16:12:46
(5 days ago)
(mod_security) mod_security (id:225170) triggered by 197.255.79.197 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 197.255.79.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 12:12:41.069876 2026] [security2:error] [pid 17815:tid 17815] [client 197.255.79.197:33254] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||scswat.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "scswat.org"] [uri "/wp-json/wp/v2/users"] [unique_id "akkw-TcJ4E73aOYjyuxV1wAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 15:32:35
(6 days ago)
(mod_security) mod_security (id:225170) triggered by 197.255.79.197 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 197.255.79.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 11:32:31.096279 2026] [security2:error] [pid 29795:tid 29795] [client 197.255.79.197:42851] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||naturalacu.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "naturalacu.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akfWD8K2CtbRCdewzATN5wAAAFw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
4server
2026-07-02 22:49:14
(1 week ago)
[FriJul0300:49:11.9533052026][security2:error][pid3551418:tid3551491][client197.255.79.197:0]ModSecu ...
show more
[FriJul0300:49:11.9533052026][security2:error][pid3551418:tid3551491][client197.255.79.197:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"respiratrentino.it\"][uri\"/xmlrpc.php\"][unique_id\"akbq5_OM-9RlVr-zf89MjQAAAIU\"]
show less
Port Scan
Brute-Force
Web App Attack
๐ณ๐ฑ
wlt-blocker
2026-07-02 00:02:41
(1 week ago)
Unauthorized access to webpage admin
Web App Attack