๐ซ๐ท
tecnicorioja
2026-07-09 22:01:16
(1 day ago)
wp-login attack [09/Jul/2026:11:08:07
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 08:13:07
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 27.255.166.191 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 27.255.166.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 04:12:50.490323 2026] [security2:error] [pid 14999:tid 14999] [client 27.255.166.191:15081] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||pattenden.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "pattenden.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ak9YAgqGfimxbw0TJ0nUhwAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
brechtr
2026-07-09 08:08:53
(2 days ago)
[Press84-BanHammer] bad username โ Sourced from: www.langsvlaamsewegen.be โ Request: POST /wp-login. ...
show more
[Press84-BanHammer] bad username โ Sourced from: www.langsvlaamsewegen.be โ Request: POST /wp-login.php
show less
Brute-Force
๐บ๐ธ
ambor
2026-07-09 08:06:45
(2 days ago)
L0ss Honeypot: WordPress login access attempt. Path: /wp-login.php
Brute-Force
Web App Attack
๐ฌ๐ง
SCLwebadministrator
2026-07-09 07:54:00
(2 days ago)
Bruteforce WordPress logins detected with Loginizer
Brute-Force
Web App Attack
Hacking
๐ฉ๐ช
Marc
2026-07-09 07:42:18
(2 days ago)
27.255.166.191 - - [09/Jul/2026:07:04:19 +0200] "POST /wp-login.php HTTP/2.0" 403 11209 "https://www ...
show more
27.255.166.191 - - [09/Jul/2026:07:04:19 +0200] "POST /wp-login.php HTTP/2.0" 403 11209 "https://www.saatschule.de/wp-login.php" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/150.0.7871.34 Mobile/15E148 Safari/604.1" 27.255.166.191 - - [09/Jul/2026:07:22:04 +0200] "GET /wp-login.php HTTP/2.0" 200 3455 "-" "Mozilla/5.0 (Linux; Android 14; SM-S928B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Mobile Safari/537.36" 27.255.166.191 - - [09/Jul/2026:09:38:38 +0200] "GET /wp-login.php HTTP/2.0" 200 3928 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Safari/537.36 Edg/150.0.0.0" 27.255.166.191 - - [09/Jul/2026:09:42:16 +0200] "GET /wp-login.php HTTP/2.0" 200 3346 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Safari/537.36" 27.255.166.191 - - [09/Jul/2026:09:42:17 +0200] "POST /wp-login.php HTTP/2.0" 200 4031 "https://lostplace.art/wp-lo
show less
Brute-Force
Web App Attack
Anonymous
2026-07-09 07:20:20
(2 days ago)
[Thu Jul 09 09:20:18.636705 2026] [authz_core:error] [pid 18672:tid 18700] [client 27.255.166.191:59 ...
show more
[Thu Jul 09 09:20:18.636705 2026] [authz_core:error] [pid 18672:tid 18700] [client 27.255.166.191:59207] AH01630: client denied by server configuration: /var/www/cimt-precision/wp-login.php
[Thu Jul 09 09:20:19.007123 2026] [authz_core:error] [pid 18672:tid 18715] [client 27.255.166.191:59207] AH01630: client denied by server configuration: /var/www/cimt-precision/wp-login.php, referer: https://cimt-precision.de/wp-login.php
...
show less
Brute-Force
Web App Attack
๐ซ๐ท
LRob
2026-07-09 07:15:50
(2 days ago)
CrowdSec: lrob/wp-login-slow-bf | req: ["/wp-login.php"] | UA: ["Mozilla/5.0 (Windows NT 10.0; Win64 ...
show more
CrowdSec: lrob/wp-login-slow-bf | req: ["/wp-login.php"] | UA: ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Safari/537.36","Mozilla/5.0 (Macintosh; Intel Mac
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 07:07:13
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 27.255.166.191 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 27.255.166.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 03:06:59.639054 2026] [security2:error] [pid 3042:tid 3042] [client 27.255.166.191:41575] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||americanureport.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "americanureport.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ak9Ik8KhUU17o_49gCoLCAAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 06:49:32
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 27.255.166.191 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 27.255.166.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 02:49:20.264201 2026] [security2:error] [pid 23690:tid 23690] [client 27.255.166.191:29321] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||crittergetterpestcontrol.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "crittergetterpestcontrol.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ak9EcKmgUXQKloLmfaKxugAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TAY
2026-07-09 06:25:09
(2 days ago)
27.255.166.191 - - [09/Jul/2026:14:15:50 +0800] "POST /wp-login.php HTTP/1.1" 200 2647 "https://litt ...
show more
27.255.166.191 - - [09/Jul/2026:14:15:50 +0800] "POST /wp-login.php HTTP/1.1" 200 2647 "https://littleprairie.com.my/wp-login.php" "Mozilla/5.0 (iPad; CPU OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/150.0.7871.34 Mobile/15E148 Safari/604.1"
27.255.166.191 - - [09/Jul/2026:14:20:11 +0800] "POST /wp-login.php HTTP/1.1" 200 2682 "https://littleprairie.com.my/wp-login.php" "Mozilla/5.0 (Linux; Android 12; SM-G991B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Mobile Safari/537.36"
27.255.166.191 - - [09/Jul/2026:14:25:09 +0800] "POST /xmlrpc.php HTTP/1.1" 200 6323 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 13_6_9) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Safari/537.36"
...
show less
Brute-Force
๐ฉ๐ช
wpadm4
2026-07-09 06:23:33
(2 days ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 06:18:25
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 27.255.166.191 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 27.255.166.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 02:18:10.731440 2026] [security2:error] [pid 549589:tid 549589] [client 27.255.166.191:57587] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||stonehill.myomni.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "stonehill.myomni.us"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ak89IqCCO1rsUv10RWyF-AAAACU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
london2038.com
2026-07-09 06:15:36
(2 days ago)
Attacking WordPress
27.255.166.191 - - [09/Jul/2026:08:15:28 +0200] "POST /wp-login.php HTTP/2.0" 50 ...
show more
Attacking WordPress
27.255.166.191 - - [09/Jul/2026:08:15:28 +0200] "POST /wp-login.php HTTP/2.0" 503 19287 "https://<REDACTED>/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/150.0.0.0 Safari/537.36 Edg/150.0.0.0"
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 05:56:22
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 27.255.166.191 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 27.255.166.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 01:56:10.995421 2026] [security2:error] [pid 921:tid 921] [client 27.255.166.191:17799] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||visionremota.info|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "visionremota.info"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ak83-tYycwniS_4kac5cEwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack