๐บ๐ธ
TPI-Abuse
2026-07-02 21:36:49
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 52.161.51.48 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:225170) triggered by 52.161.51.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 17:36:41.778974 2026] [security2:error] [pid 13274:tid 13274] [client 52.161.51.48:38641] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ecodesarrollourbano.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ecodesarrollourbano.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akbZ6barJjRdYwCOPiVyNQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-02 21:19:33
(1 day ago)
Web attack blocked by Wordfence on kernoverlegsibbe-ijzeren.nl (1 hit). Reported by CRMON.
Web App Attack
๐บ๐ธ
ArturShelby
2026-07-02 21:04:57
(1 day ago)
Honeypot triggered: /wp-json/wp/v2/users/
Web App Attack
Anonymous
2026-07-02 20:35:03
(1 day ago)
52.161.51.48 - - [02/Jul/2026:22:34:59 +0200] "POST /xmlrpc.php HTTP/1.1" 200 1044 "-" "Mozilla/5.0 ...
show more
52.161.51.48 - - [02/Jul/2026:22:34:59 +0200] "POST /xmlrpc.php HTTP/1.1" 200 1044 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 Vivaldi/6.7"
52.161.51.48 - - [02/Jul/2026:22:34:59 +0200] "POST /xmlrpc.php HTTP/1.1" 200 594 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
52.161.51.48 - - [02/Jul/2026:22:35:00 +0200] "POST /xmlrpc.php HTTP/1.1" 200 594 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
52.161.51.48 - - [02/Jul/2026:22:35:01 +0200] "POST /xmlrpc.php HTTP/1.1" 200 594 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
52.161.51.48 - - [02/Jul/2026:22:35:01 +0200] "POST /xmlrpc.php HTTP/1.1" 200 594 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0"
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
Penny Packer
2026-07-02 20:26:46
(1 day ago)
Fail2Ban apache-tripwires
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 20:17:56
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 52.161.51.48 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:225170) triggered by 52.161.51.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 16:17:48.771369 2026] [security2:error] [pid 17390:tid 17390] [client 52.161.51.48:38381] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||yakski.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "yakski.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akbHbETkVDxa9qme3cSougAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
stinpriza
2026-07-02 20:08:00
(1 day ago)
Web App Attack
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 19:52:44
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 52.161.51.48 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:225170) triggered by 52.161.51.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 15:52:39.340286 2026] [security2:error] [pid 1485:tid 1485] [client 52.161.51.48:38758] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||tulsatvmemories.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tulsatvmemories.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akbBh_PoFzvIFxKPE8Fn1QAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
bittiguru.fi
2026-07-02 19:37:05
(1 day ago)
52.161.51.48 - [02/Jul/2026:22:37:04 +0300] "POST /xmlrpc.php HTTP/1.1" 200 668 "-" "Mozilla/5.0 (Ma ...
show more
52.161.51.48 - [02/Jul/2026:22:37:04 +0300] "POST /xmlrpc.php HTTP/1.1" 200 668 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" "6.51"
52.161.51.48 - [02/Jul/2026:22:37:05 +0300] "POST /xmlrpc.php HTTP/1.1" 200 235 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" "1.86"
...
show less
Hacking
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 19:29:02
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 52.161.51.48 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:225170) triggered by 52.161.51.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 15:28:54.670931 2026] [security2:error] [pid 24889:tid 24889] [client 52.161.51.48:38919] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||bikinipageone.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bikinipageone.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aka79gvX_4S6sX4OmmPAPgAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
integrantservices.com
2026-07-02 19:28:46
(1 day ago)
(wordpress) Failed wordpress login from 52.161.51.48 (US/United States/-)
Brute-Force
Anonymous
2026-07-02 19:25:01
(1 day ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 19:11:40
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 52.161.51.48 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:225170) triggered by 52.161.51.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 15:11:33.486463 2026] [security2:error] [pid 12070:tid 12070] [client 52.161.51.48:39010] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||jitterbugswing.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jitterbugswing.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aka35fKj9nYY9bRsuA7MhAAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-02 19:09:38
(1 day ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ธ๐ช
vaia.cloud
2026-07-02 18:57:01
(1 day ago)
trying wp-login.php/xmlrpc.php 34 times in 1 minutes
Brute-Force
Web App Attack