๐บ๐ธ
TPI-Abuse
2025-11-21 09:35:47
(7 months ago)
(mod_security) mod_security (id:225170) triggered by 198.54.126.104 (server52.web-hosting.com): 1 in ...
show more
(mod_security) mod_security (id:225170) triggered by 198.54.126.104 (server52.web-hosting.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 21 04:35:40.658129 2025] [security2:error] [pid 21052:tid 21052] [client 198.54.126.104:57296] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.webuydinwiddiehouses.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.webuydinwiddiehouses.com"] [uri "/Wp-JsOn/Wp/V2/UsErS"] [unique_id "aSAybPVu_Obv0f-CYT1kuAAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-21 02:04:20
(7 months ago)
(mod_security) mod_security (id:240335) triggered by 198.54.126.104 (server52.web-hosting.com): 1 in ...
show more
(mod_security) mod_security (id:240335) triggered by 198.54.126.104 (server52.web-hosting.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 20 21:04:15.007524 2025] [security2:error] [pid 6227:tid 6227] [client 198.54.126.104:45532] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 198.54.126.104 (+1 hits since last alert)|puckerbuttbikinis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "puckerbuttbikinis.com"] [uri "/xmlrpc.php"] [unique_id "aR_In8ojvoUoWkJQlSeQHAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
myagent.site
2025-11-20 14:49:06
(7 months ago)
Blocking for trying to access an exploit file: /xmlrpc.php
Hacking
๐ฌ๐ง
thetomtaylor.co.uk
2025-11-18 07:20:20
(7 months ago)
Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer
... [wa01]
Bad Web Bot
Web App Attack
๐บ๐ธ
xmission.com
2025-11-18 06:20:05
(7 months ago)
198.54.126.104 - - [17/Nov/2025:23:20:02 -0700] "POST /wp-login.php HTTP/2.0" 200 2317 "https://dooc ...
show more
198.54.126.104 - - [17/Nov/2025:23:20:02 -0700] "POST /wp-login.php HTTP/2.0" 200 2317 "https://dooce.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36"
...
show less
Brute-Force
๐ฒ๐น
Malta
2025-11-16 10:20:54
(7 months ago)
198.54.126.104 - - [16/Nov/2025:11:20:54 +0100] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows ...
show more
198.54.126.104 - - [16/Nov/2025:11:20:54 +0100] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36"
show less
Hacking
Web App Attack
๐บ๐ธ
xmission.com
2025-11-16 00:36:12
(7 months ago)
198.54.126.104 - - [15/Nov/2025:17:36:11 -0700] "POST /wp-login.php HTTP/2.0" 200 2317 "https://dooc ...
show more
198.54.126.104 - - [15/Nov/2025:17:36:11 -0700] "POST /wp-login.php HTTP/2.0" 200 2317 "https://dooce.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36"
...
show less
Brute-Force
๐ฒ๐น
Malta
2025-11-15 09:52:58
(7 months ago)
198.54.126.104 - - [15/Nov/2025:10:52:58 +0100] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows ...
show more
198.54.126.104 - - [15/Nov/2025:10:52:58 +0100] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36"
show less
Hacking
Web App Attack
๐ซ๐ท
dynamix
2025-11-15 00:21:41
(7 months ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐ซ๐ท
dynamix
2025-11-13 22:34:49
(7 months ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
myagent.site
2025-11-12 22:03:47
(7 months ago)
Authentication failure for eboney
Hacking
๐ฒ๐น
Malta
2025-11-11 23:48:08
(7 months ago)
198.54.126.104 - - [12/Nov/2025:00:48:08 +0100] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows ...
show more
198.54.126.104 - - [12/Nov/2025:00:48:08 +0100] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36"
show less
Hacking
Web App Attack
๐บ๐ธ
myagent.site
2025-11-11 22:00:33
(7 months ago)
Authentication failure for eboney
Hacking
๐ฒ๐น
Malta
2025-11-10 17:21:14
(7 months ago)
198.54.126.104 - - [10/Nov/2025:18:21:14 +0100] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT ...
show more
198.54.126.104 - - [10/Nov/2025:18:21:14 +0100] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; Touch; rv:11.0) like Gecko"
Brute-force password attempt
show less
Hacking
Brute-Force
Web App Attack
๐บ๐ธ
octageeks.com
2025-11-10 05:07:39
(7 months ago)
Wordpress malicious attack:[octaxmlrpc]
Web App Attack