πΊπΈ
TPI-Abuse
2026-06-25 21:17:25
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 17:17:19.151566 2026] [security2:error] [pid 11813:tid 11813] [client 43.165.64.145:52184] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||nolaanime.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "nolaanime.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aj2a3zY0LSkxeGOoEE6csgAAACQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-25 18:12:00
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 14:11:54.342582 2026] [security2:error] [pid 23606:tid 23606] [client 43.165.64.145:52970] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||itibitico.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "itibitico.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aj1vasCACNdbjNJ4VstKLAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-25 07:42:54
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 03:42:49.146716 2026] [security2:error] [pid 8273:tid 8273] [client 43.165.64.145:55199] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||portlunchgroup.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "portlunchgroup.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajzb-ac5_-nOQ2y_EmW1vgAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
maxpower
2026-06-25 07:42:03
(1 week ago)
(wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 43.165.64.145 (US/United States/-): 3 in the l ...
show more
(wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 43.165.64.145 (US/United States/-): 3 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 43.165.64.145 - - [25/Jun/2026:09:29:36 +0200] "GET /wp-json/wp/v2/users?per_page=100 HTTP/1.1" 200 1193 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_3_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3.1 Mobile/15E148 Safari/604.1" "-" host=orem.it
43.165.64.145 - - [25/Jun/2026:09:29:37 +0200] "GET /wp-json/wp/v2/users?per_page=100 HTTP/1.1" 200 608 "-" "Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Mobile Safari/537.36" "-" host=oremcorazzati.it
43.165.64.145 - - [25/Jun/2026:09:41:57 +0200] "GET /wp-json/wp/v2/users?per_page=100 HTTP/1.1" 200 1634 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_3_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/363.0.743255906 Mobile/15E148 Safari/604.1" "-" host=manzettorosso.it
show less
Port Scan
π©πͺ
Marc
2026-06-25 00:42:27
(1 week ago)
43.165.64.145 - - [25/Jun/2026:02:42:26 +0200] "GET /wp-json/wp/v2/users?per_page=100 HTTP/1.1" 404 ...
show more
43.165.64.145 - - [25/Jun/2026:02:42:26 +0200] "GET /wp-json/wp/v2/users?per_page=100 HTTP/1.1" 404 3298 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_3_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3.1 Mobile/15E148 Safari/604.1" 43.165.64.145 - - [25/Jun/2026:02:42:26 +0200] "GET /wp-json/wp/v2/users?per_page=100 HTTP/1.1" 404 3297 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 16_7_10 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6 Mobile/15E148 Safari/604.1" 43.165.64.145 - - [25/Jun/2026:02:42:26 +0200] "GET /wp-json/wp/v2/users?per_page=100 HTTP/1.1" 404 3298 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"
show less
Brute-Force
π©πͺ
FeG Deutschland
2026-06-24 22:27:27
(1 week ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 2
Exploited Host
Web App Attack
πΊπΈ
omc
2026-06-24 21:50:17
(1 week ago)
Banned IP [QD]. GET /wp-json/wp/v2/users [Q4].
Bad Web Bot
πΊπΈ
TPI-Abuse
2026-06-24 16:25:49
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 12:25:45.248589 2026] [security2:error] [pid 22273:tid 22273] [client 43.165.64.145:60992] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||stansbracelets.com.lahamradio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "stansbracelets.com.lahamradio.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajwFCQBMhG4oacRVqg9KnAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-24 02:16:02
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 22:15:58.817304 2026] [security2:error] [pid 30956:tid 30956] [client 43.165.64.145:61422] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||kitchen.pizzadata.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "kitchen.pizzadata.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajs93kSjjMrOie-fC3TUDQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-24 01:41:44
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 21:41:40.680419 2026] [security2:error] [pid 4878:tid 4878] [client 43.165.64.145:61311] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||doctorspainmanagement.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "doctorspainmanagement.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajs11GB68ENPMdFBXq3HyQAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-23 23:58:02
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 19:57:58.153359 2026] [security2:error] [pid 11606:tid 11606] [client 43.165.64.145:59854] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||adoniahenterprises.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "adoniahenterprises.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajsdhuOsugcdAg6Zilpv4QAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-23 22:13:13
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 18:13:07.232973 2026] [security2:error] [pid 20181:tid 20181] [client 43.165.64.145:0] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.top-brand.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.top-brand.us"] [uri "/wp-json/wp/v2/users"] [unique_id "ajsE896d6I3C1yBUsj4fMgAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-23 20:06:24
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 16:06:17.978485 2026] [security2:error] [pid 30094:tid 30094] [client 43.165.64.145:62349] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.darkalleyproductions.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.darkalleyproductions.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajrnOQQRlURypRjZ7gEOMQAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-23 19:50:32
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 15:50:24.673801 2026] [security2:error] [pid 9062:tid 9062] [client 43.165.64.145:54375] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||sooperare.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "sooperare.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajrjgPaFw-tzikG1XO-dGgAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-23 19:27:11
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 43.165.64.145 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 15:27:04.436781 2026] [security2:error] [pid 18804:tid 18804] [client 43.165.64.145:59178] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||easttnspayinsulationpros.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "easttnspayinsulationpros.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajreCCivJQhZFnFU24K6EQAAACQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack