πΊπΈ
TPI-Abuse
2026-06-22 08:58:22
(18 hours ago)
(mod_security) mod_security (id:225170) triggered by 212.119.47.168 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 212.119.47.168 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 04:58:18.102515 2026] [security2:error] [pid 2434:tid 2434] [client 212.119.47.168:44567] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||asociacioncopan.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "asociacioncopan.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ajj5Ko1wPiuFt1CaMU0_TQAAABA"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-20 05:55:25
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 212.119.47.168 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 212.119.47.168 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 01:55:17.587495 2026] [security2:error] [pid 25388:tid 25388] [client 212.119.47.168:40677] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||henryweb.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "henryweb.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ajYrRVL58CXYOqt1x7BZVwAAAA8"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-19 18:04:04
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 212.119.47.168 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 212.119.47.168 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 14:04:00.140235 2026] [security2:error] [pid 6335:tid 6335] [client 212.119.47.168:38509] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||poltorak.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "poltorak.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ajWEkFlZTGvRtvO6BRUTRAAAAA8"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
π¨π
backslash
2026-02-19 20:07:00
(4 months ago)
block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8
Bad Web Bot
πΊπΈ
TPI-Abuse
2025-12-30 23:36:54
(5 months ago)
(mod_security) mod_security (id:225170) triggered by 212.119.47.168 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 212.119.47.168 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 30 18:36:50.467062 2025] [security2:error] [pid 10457:tid 10457] [client 212.119.47.168:20593] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||virtualmediamasters.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "virtualmediamasters.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "aVRiElLsLnHxCTkTOFQQrgAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
nationaleventpros.com
2025-12-24 04:59:18
(5 months ago)
WordPress login attempt
Brute-Force
π¦πΊ
oncord
2025-12-19 06:41:55
(6 months ago)
Form spam
Web Spam
π§πͺ
voormedia
2025-08-05 13:17:27
(10 months ago)
Accessed trap at '/wp-login.php'
Web App Attack
πΊπΈ
nowyouknow
2025-07-17 15:24:26
(11 months ago)
(From [email protected] ) We have hacked your website https://naturalhealingchiro.com an ...
show more
(From [email protected] ) We have hacked your website https://naturalhealingchiro.com and extracted your databases.
How did this happen?
Our team has found a vulnerability within your site that we were able to exploit. After finding the vulnerability we were able to get your database credentials and extract your entire database and move the information to an offshore server.
What does this mean?
We will systematically go through a series of steps of totally damaging your reputation. First your database will be leaked or sold to the highest bidder which they will use with whatever their intentions are. Next if there are e-mails found they will be e-mailed that their information has been sold or leaked and your site https://naturalhealingchiro.com was at fault thusly damaging your reputation and having angry customers/associates with whatever angry customers/associates do. Lastly any links that you have indexed in the search engines will be de-indexed based off of blackhat techniques tha
show less
Phishing
Web Spam
πΈπͺ
OnTheEdge
2025-03-24 09:18:24
(1 year ago)
Password spraying. Multiple unauthorized login attempts
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2025-02-28 19:18:18
(1 year ago)
(mod_security) mod_security (id:210831) triggered by 212.119.47.168 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 212.119.47.168 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 28 14:18:09.550794 2025] [security2:error] [pid 3077723:tid 3077723] [client 212.119.47.168:46771] [client 212.119.47.168] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||backstore.com|F|4"] [data "a href="] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "backstore.com"] [uri "/usage_202502.html"] [unique_id "Z8IL8S6PHWYHpfEGGJeSCAAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π·πΊ
sms.ru
2024-09-29 01:05:08
(1 year ago)
SMS pumping attack from foreign country
DDoS Attack
2024-06-20 06:36:33
(2 years ago)
Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK
Brute-Force
SSH
πͺπΈ
ofm-abuse
2023-12-18 14:22:56
(2 years ago)
Brute-force
...
Brute-Force
Bad Web Bot
Web App Attack
2023-12-02 20:39:54
(2 years ago)
tuetendichter.de 212.119.47.168 [02/Dec/2023:21:39:52 +0100] "POST /wp-login.php HTTP/1.1" 200 8656 ...
show more
tuetendichter.de 212.119.47.168 [02/Dec/2023:21:39:52 +0100] "POST /wp-login.php HTTP/1.1" 200 8656 "https://tuetendichter.de/wp-login.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 14_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/96.0.4664.116 Mobile/15E148 Safari/604.1"
tuetendichter.de 212.119.47.168 [02/Dec/2023:21:39:53 +0100] "POST /wp-login.php HTTP/1.1" 200 8656 "https://tuetendichter.de/wp-login.php" "Mozilla/5.0 (Linux; Android 12; SM-G975U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.87 Mobile Safari/537.36"
show less
Web App Attack