π«π·
β¨
2026-07-11 01:00:07
(3 days ago)
Domain : intermix.org.uk
Rule : xmlrpc
2026-07-11 00:58:22 ***hidden-privacy***46 GET /xmlrpc.php rs ...
show more
Domain : intermix.org.uk
Rule : xmlrpc
2026-07-11 00:58:22 ***hidden-privacy***46 GET /xmlrpc.php rsd 80 - 52.198.61.81 HTTP/1.1 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36 - intermix.org.uk 404 0 2 1352 387 1000 - -
show less
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-10 22:00:50
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 52.198.61.81 (ec2-52-198-61-81.ap-northeast-1.c ...
show more
(mod_security) mod_security (id:225170) triggered by 52.198.61.81 (ec2-52-198-61-81.ap-northeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 18:00:45.101848 2026] [security2:error] [pid 27237:tid 27237] [client 52.198.61.81:61922] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||thewhispertwins.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "thewhispertwins.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "alFrjW2IyUecpGbSRc1k-wAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-10 17:21:14
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 52.198.61.81 (ec2-52-198-61-81.ap-northeast-1.c ...
show more
(mod_security) mod_security (id:225170) triggered by 52.198.61.81 (ec2-52-198-61-81.ap-northeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 13:21:06.994666 2026] [security2:error] [pid 23122:tid 23127] [client 52.198.61.81:53409] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.datuinc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.datuinc.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "alEqAtzLpv3bDSxr4760uwAAAMM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-10 13:46:54
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 52.198.61.81 (ec2-52-198-61-81.ap-northeast-1.c ...
show more
(mod_security) mod_security (id:225170) triggered by 52.198.61.81 (ec2-52-198-61-81.ap-northeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 09:46:48.936965 2026] [security2:error] [pid 12468:tid 12468] [client 52.198.61.81:49163] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.jennyfiore.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.jennyfiore.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "alD3yB4sifqj3vJxaEwdmwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-10 07:35:44
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 52.198.61.81 (ec2-52-198-61-81.ap-northeast-1.c ...
show more
(mod_security) mod_security (id:225170) triggered by 52.198.61.81 (ec2-52-198-61-81.ap-northeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 03:35:38.401756 2026] [security2:error] [pid 8080:tid 8083] [client 52.198.61.81:50993] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||rockabyecotons.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rockabyecotons.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "alCgymWjwQl8Gt4NqlpavAAAAME"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-10 06:41:10
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 52.198.61.81 (ec2-52-198-61-81.ap-northeast-1.c ...
show more
(mod_security) mod_security (id:225170) triggered by 52.198.61.81 (ec2-52-198-61-81.ap-northeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 02:41:03.289138 2026] [security2:error] [pid 8359:tid 8359] [client 52.198.61.81:62703] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.alafiariverrendezvous.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.alafiariverrendezvous.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "alCT_9oFbH9EFezA_lMQjQAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
ipblock.com
2026-07-10 06:17:00
(4 days ago)
IPBlock protected site ID [3192-af][s=02].
Exploit request, vulnerability scanner.
Hacking
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-10 03:33:10
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 52.198.61.81 (ec2-52-198-61-81.ap-northeast-1.c ...
show more
(mod_security) mod_security (id:225170) triggered by 52.198.61.81 (ec2-52-198-61-81.ap-northeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 23:33:04.822521 2026] [security2:error] [pid 4746:tid 4746] [client 52.198.61.81:50022] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||celebritybikinigossip.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "celebritybikinigossip.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "alBn8I42mlRF80kJp4r-oQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-09 19:18:04
(4 days ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
Anonymous
2026-07-09 14:35:11
(5 days ago)
Failed login attempt detected by Fail2Ban in plesk-modsecurity jail
Exploited Host
π«π·
Kenshin869
2026-07-09 09:58:30
(5 days ago)
Wordpress unauthorized access attempt
Brute-Force
πΊπΈ
lostswordfish.com
2026-07-09 05:30:05
(5 days ago)
Wordfence waf block on decarcerationnation
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-09 04:04:18
(5 days ago)
(mod_security) mod_security (id:225170) triggered by 52.198.61.81 (ec2-52-198-61-81.ap-northeast-1.c ...
show more
(mod_security) mod_security (id:225170) triggered by 52.198.61.81 (ec2-52-198-61-81.ap-northeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 00:04:11.610066 2026] [security2:error] [pid 7148:tid 7148] [client 52.198.61.81:50986] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||arsenalfordemocracy.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "arsenalfordemocracy.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ak8duweppHYq3eX-TxCHXAAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπ¦
URAN Publishing Service
2026-07-09 03:57:46
(5 days ago)
52.198.61.81 - - [09/Jul/2026:06:57:45 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 "- ...
show more
52.198.61.81 - - [09/Jul/2026:06:57:45 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
52.198.61.81 - - [09/Jul/2026:06:57:46 +0300] "GET /xmlrpc.php?rsd HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
...
show less
Web App Attack