๐จ๐ญ
Origon
2026-05-14 18:27:30
(2 months ago)
http-wordpress_user-enum - IP: 50.116.13.92 - time="2026-05-14T20:27:30+02:00" level=info msg="(555 ...
show more
http-wordpress_user-enum - IP: 50.116.13.92 - time="2026-05-14T20:27:30+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-wordpress_user-enum by ip 50.116.13.92 (US/63949) : 4h ban on Ip 50.116.13.92" module=db
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-14 15:55:40
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 50.116.13.92 (jumphost.servermanagement.pro): 1 ...
show more
(mod_security) mod_security (id:225170) triggered by 50.116.13.92 (jumphost.servermanagement.pro): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 11:55:35.202244 2026] [security2:error] [pid 28033:tid 28033] [client 50.116.13.92:59086] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||inverzona.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "inverzona.com"] [uri "/wp-json/wp/v2/users"] [unique_id "agXwd0XDdYeBEtyZi_wqfwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
mnsf
2026-05-14 14:05:03
(2 months ago)
Too many Status 40X (17)
Scanning/Probing (17)
Brute-Force
Web App Attack
๐ซ๐ฎ
stinpriza
2026-05-14 12:30:17
(2 months ago)
WP Authentication attempt for unknown user
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-12 23:21:28
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 50.116.13.92 (jumphost.servermanagement.pro): 1 ...
show more
(mod_security) mod_security (id:225170) triggered by 50.116.13.92 (jumphost.servermanagement.pro): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 19:21:21.786216 2026] [security2:error] [pid 26557:tid 26557] [client 50.116.13.92:55914] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.kellenbarger.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.kellenbarger.com"] [uri "/wp-json/wp/v2/users"] [unique_id "agO18aw2I1SYj7AcCs4QQAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-12 20:48:41
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 50.116.13.92 (jumphost.servermanagement.pro): 1 ...
show more
(mod_security) mod_security (id:225170) triggered by 50.116.13.92 (jumphost.servermanagement.pro): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 16:48:36.320755 2026] [security2:error] [pid 22425:tid 22425] [client 50.116.13.92:39562] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.cartiologyfilms.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.cartiologyfilms.com"] [uri "/wp-json/wp/v2/users"] [unique_id "agOSJPXwCt45eOtps4V8XQAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-12 15:15:23
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 50.116.13.92 (jumphost.servermanagement.pro): 1 ...
show more
(mod_security) mod_security (id:225170) triggered by 50.116.13.92 (jumphost.servermanagement.pro): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 11:15:16.615224 2026] [security2:error] [pid 10588:tid 10588] [client 50.116.13.92:40392] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.riser-astrology.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.riser-astrology.com"] [uri "/wp-json/wp/v2/users"] [unique_id "agNEBPUp73Cd2BOp-NOAjgAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-12 09:07:19
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 50.116.13.92 (jumphost.servermanagement.pro): 1 ...
show more
(mod_security) mod_security (id:225170) triggered by 50.116.13.92 (jumphost.servermanagement.pro): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 05:07:11.622804 2026] [security2:error] [pid 3068:tid 3097] [client 50.116.13.92:38408] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||busybeerestaurant.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "busybeerestaurant.com"] [uri "/wp-json/wp/v2/users"] [unique_id "agLtv41SL6HDjpfSxqHCCwAAAJU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ท
SOC PR
2026-05-12 04:10:50
(2 months ago)
IPS: WordPress REST API Plugin Information Disclosure.
Hacking
๐ฉ๐ช
LRob
2026-05-11 12:30:08
(2 months ago)
Repeated 403 errors, blocked by Fail2ban in custom-403 jail
Bad Web Bot
๐บ๐ธ
nyt
2026-05-11 12:09:42
(2 months ago)
WP User Enumeration, WP Author Enumeration
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-11 11:19:51
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 50.116.13.92 (jumphost.servermanagement.pro): 1 ...
show more
(mod_security) mod_security (id:225170) triggered by 50.116.13.92 (jumphost.servermanagement.pro): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 07:19:45.743330 2026] [security2:error] [pid 15980:tid 15980] [client 50.116.13.92:57100] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||livinghopehighschool.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "livinghopehighschool.org"] [uri "/wp-json/wp/v2/users"] [unique_id "agG7URXYh2e4Fd4g8Cq8ewAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
mnsf
2026-05-11 06:05:05
(2 months ago)
Too many Status 40X (18)
Scanning/Probing (18)
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-10 11:44:15
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 50.116.13.92 (jumphost.servermanagement.pro): 1 ...
show more
(mod_security) mod_security (id:225170) triggered by 50.116.13.92 (jumphost.servermanagement.pro): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 10 07:44:09.269189 2026] [security2:error] [pid 18506:tid 18506] [client 50.116.13.92:50504] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||coolerboxes.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "coolerboxes.com"] [uri "/wp-json/wp/v2/users"] [unique_id "agBviTeOmqKIgQXeLDzG4AAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
YF
2026-05-10 02:13:05
(2 months ago)
WordPress author enumeration
Web App Attack