πΊπΈ
TPI-Abuse
2026-07-07 17:17:18
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 ...
show more
(mod_security) mod_security (id:225170) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 13:17:11.542011 2026] [security2:error] [pid 11446:tid 11446] [client 84.240.4.242:57853] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||naturalacu.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "naturalacu.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ak00l5Am6gbKuah2BdDwPgAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-17 18:34:44
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 14:34:40.907048 2026] [security2:error] [pid 1938:tid 1938] [client 84.240.4.242:57982] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 84.240.4.242 (+1 hits since last alert)|geriterry.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "geriterry.com"] [uri "/xmlrpc.php"] [unique_id "agoKQHlGTPNq8L4G-OHZJAAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
WeekendWeb
2026-05-13 18:00:33
(1 month ago)
Wordpress Vunerability attack
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-13 17:22:23
(1 month ago)
(mod_security) mod_security (id:240335) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 13:22:18.550984 2026] [security2:error] [pid 21508:tid 21508] [client 84.240.4.242:51022] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 84.240.4.242 (+1 hits since last alert)|egelfitness.nl|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "egelfitness.nl"] [uri "/xmlrpc.php"] [unique_id "agSzSmnHglpC1YWxgBKSJgAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-04 10:05:58
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 04 06:05:49.670683 2026] [security2:error] [pid 18472:tid 18472] [client 84.240.4.242:56234] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 84.240.4.242 (+1 hits since last alert)|crcponcha.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "crcponcha.com"] [uri "/xmlrpc.php"] [unique_id "afhvfVlk65Z-vMTF_8oKRQAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-04-29 12:09:56
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 29 08:09:51.944042 2026] [security2:error] [pid 16913:tid 16913] [client 84.240.4.242:50766] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 84.240.4.242 (+1 hits since last alert)|brianwhitty.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "brianwhitty.com"] [uri "/xmlrpc.php"] [unique_id "afH1DzM8VA8Siz5IrTfvmwAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-04-15 17:00:11
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 15 13:00:05.237678 2026] [security2:error] [pid 279656:tid 279656] [client 84.240.4.242:57861] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 84.240.4.242 (+1 hits since last alert)|canebrakes.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "canebrakes.com"] [uri "/xmlrpc.php"] [unique_id "ad_EFdi9F8LQyUjyXI4GOAAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-04-13 18:38:41
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 13 14:38:38.588872 2026] [security2:error] [pid 1081020:tid 1081020] [client 84.240.4.242:61587] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 84.240.4.242 (+1 hits since last alert)|forefrontmusic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "forefrontmusic.com"] [uri "/xmlrpc.php"] [unique_id "ad04LkIYe6rT9LWsiVlGmgAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-04-12 17:31:33
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 ...
show more
(mod_security) mod_security (id:240335) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 12 13:31:27.355493 2026] [security2:error] [pid 7703:tid 7703] [client 84.240.4.242:57263] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 84.240.4.242 (+1 hits since last alert)|climasyequipos.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "climasyequipos.com"] [uri "/xmlrpc.php"] [unique_id "advW7yt4woVKBYgxn0IZ8gAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-03-10 09:58:35
(4 months ago)
(mod_security) mod_security (id:225170) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 ...
show more
(mod_security) mod_security (id:225170) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 10 05:58:29.209728 2026] [security2:error] [pid 7219:tid 7219] [client 84.240.4.242:62425] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||tonytremblayauthor.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "tonytremblayauthor.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aa_rRf6bWReCJK6wEcDVmAAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¦πΊ
Block Rockin' Beats
2026-03-06 11:18:14
(4 months ago)
Scanning for exploitable scripts
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2026-03-05 19:05:42
(4 months ago)
(mod_security) mod_security (id:225170) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 ...
show more
(mod_security) mod_security (id:225170) triggered by 84.240.4.242 (lan-84-240-4-242.vln.penki.lt): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 05 14:05:35.024857 2026] [security2:error] [pid 7566:tid 7566] [client 84.240.4.242:58969] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||prcomputersolutions.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "prcomputersolutions.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aanT_7Cku2KvK056LelJQQAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
SCHAPPY
2026-03-05 19:00:48
(4 months ago)
Multiple attempts to attack Wordpress XMLRPC detected: access blocked.
Web App Attack