πΊπΈ
TPI-Abuse
2026-07-04 08:39:38
(39 minutes ago)
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com) ...
show more
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 04:39:35.173188 2026] [security2:error] [pid 22375:tid 22375] [client 65.181.111.19:47294] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||asociacioncopan.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "asociacioncopan.org"] [uri "/wp-json/wp/v2/users"] [unique_id "akjGx6nJs-DEIcPuRJ3sOgAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-04 07:28:47
(1 hour ago)
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com) ...
show more
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 03:28:43.731122 2026] [security2:error] [pid 27706:tid 27713] [client 65.181.111.19:38794] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||tradersofficepark.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tradersofficepark.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aki2K4GYnkxKcSTDmeYHCwAAAIU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
aks4226
2026-07-04 06:28:24
(2 hours ago)
Attacking common web applications. (n01)
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-04 04:36:15
(4 hours ago)
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com) ...
show more
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 00:36:10.743297 2026] [security2:error] [pid 5627:tid 5627] [client 65.181.111.19:41450] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||activethinkers.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "activethinkers.net"] [uri "/wp-json/wp/v2/users"] [unique_id "akiNurBwq7SKnRnSwgWEDgAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-04 01:59:33
(7 hours ago)
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com) ...
show more
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 21:59:26.262380 2026] [security2:error] [pid 10759:tid 10791] [client 65.181.111.19:45758] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.luxury.property-management-companies-chicago.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.luxury.property-management-companies-chicago.com"] [uri "/wp-json/wp/v2/users/8"] [unique_id "akho_owInqzfd6c-N4Id7gAAAQ0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-04 00:54:39
(8 hours ago)
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com) ...
show more
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 20:54:36.229829 2026] [security2:error] [pid 17401:tid 17401] [client 65.181.111.19:33250] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||danielbrower.circleofsound.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "danielbrower.circleofsound.org"] [uri "/wp-json/wp/v2/users"] [unique_id "akhZzHTASh1y-K2t9uq1qQAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-03 22:49:15
(10 hours ago)
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com) ...
show more
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 18:49:10.256298 2026] [security2:error] [pid 27509:tid 27524] [client 65.181.111.19:35662] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||nimbll.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "nimbll.com"] [uri "/wp-json/wp/v2/users/4"] [unique_id "akg8ZprUE-0xlDY2CBgwwQAAAIs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-03 21:03:35
(12 hours ago)
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com) ...
show more
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 17:03:31.439541 2026] [security2:error] [pid 13723:tid 13723] [client 65.181.111.19:58936] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||vanmeer.info|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "vanmeer.info"] [uri "/wp-json/wp/v2/users"] [unique_id "akgjo90RJ6PqaPksNtjDAwAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¦πΊ
paulshipley.com.au
2026-07-03 20:22:52
(12 hours ago)
shotbysuzanne.com.au:443 65.181.111.19 - - [04/Jul/2026:06:22:50 +1000] "GET /wordpress/xmlrpc.php H ...
show more
shotbysuzanne.com.au:443 65.181.111.19 - - [04/Jul/2026:06:22:50 +1000] "GET /wordpress/xmlrpc.php HTTP/1.1" 404 57307 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36, Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
...
show less
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-03 19:46:48
(13 hours ago)
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com) ...
show more
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 15:46:44.190280 2026] [security2:error] [pid 27566:tid 27566] [client 65.181.111.19:60368] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||havilahmalone.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "havilahmalone.com"] [uri "/wp-json/wp/v2/users/2"] [unique_id "akgRpMhQr2o-R9ZHWIZmEQAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-03 19:04:28
(14 hours ago)
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com) ...
show more
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 15:04:21.333980 2026] [security2:error] [pid 24897:tid 24897] [client 65.181.111.19:54270] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||newcastle91.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "newcastle91.org"] [uri "/wp-json/wp/v2/users/4"] [unique_id "akgHteUcmGFcYnISKnW9swAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-03 17:18:15
(16 hours ago)
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com) ...
show more
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 13:18:10.397280 2026] [security2:error] [pid 18431:tid 18431] [client 65.181.111.19:36998] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||kotelbarmitzvah.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "kotelbarmitzvah.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akfu0rH8wHysYTiTQT519QAAACE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-03 16:58:15
(16 hours ago)
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com) ...
show more
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 12:58:12.391471 2026] [security2:error] [pid 3253:tid 3253] [client 65.181.111.19:48118] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||celebritybikinigossip.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "celebritybikinigossip.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akfqJBvds06PWNoWexIpeAAAACs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-03 16:34:07
(16 hours ago)
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com) ...
show more
(mod_security) mod_security (id:225170) triggered by 65.181.111.19 (s930.use1.mysecurecloudhost.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 12:34:00.059116 2026] [security2:error] [pid 30130:tid 30130] [client 65.181.111.19:60160] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.thevillagebakeryftw.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.thevillagebakeryftw.com"] [uri "/wp-json/wp/v2/users/5"] [unique_id "akfkeOsYbSJ7saYng4CPegAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
xxkodedxx
2026-07-03 15:35:32
(17 hours ago)
[Zorvexus edge-defense] GET .env / WordPress honeypot probe
Trigger: 1Γ honeypot-get in 10m window.
...
show more
[Zorvexus edge-defense] GET .env / WordPress honeypot probe
Trigger: 1Γ honeypot-get in 10m window.
Active: 15:35:08 UTC
Volume: 1 honeypot probe(s)
Bait taken: /wp-json/wp/v2/users/10?_fields=id,slug,roles
UA: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
Auto-banned 30d. zorvexus-banner.
show less
Bad Web Bot
Web App Attack