๐บ๐ธ
TPI-Abuse
2026-07-03 10:56:15
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 94.130.207.27 (core.nexgridcloud.com): 1 in the ...
show more
(mod_security) mod_security (id:225170) triggered by 94.130.207.27 (core.nexgridcloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 06:56:09.176281 2026] [security2:error] [pid 29199:tid 29211] [client 94.130.207.27:35436] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||strengthsmatter.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "strengthsmatter.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akeVSbOXzadWHdcNDV4mSQAAAMo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 10:10:05
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 94.130.207.27 (core.nexgridcloud.com): 1 in the ...
show more
(mod_security) mod_security (id:225170) triggered by 94.130.207.27 (core.nexgridcloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 06:09:58.495252 2026] [security2:error] [pid 25996:tid 25996] [client 94.130.207.27:47938] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||lahamradio.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "lahamradio.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akeKdtaO9ZAHBPQ5ax6InAAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
YF
2026-07-03 10:01:22
(1 day ago)
WordPress author enumeration
Web App Attack
๐ฆ๐บ
paulshipley.com.au
2026-07-03 08:46:54
(1 day ago)
paulshipley.com.au:443 94.130.207.27 - - [03/Jul/2026:18:46:51 +1000] "GET /wordpress/xmlrpc.php HTT ...
show more
paulshipley.com.au:443 94.130.207.27 - - [03/Jul/2026:18:46:51 +1000] "GET /wordpress/xmlrpc.php HTTP/1.1" 404 80394 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36, Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 07:30:12
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 94.130.207.27 (core.nexgridcloud.com): 1 in the ...
show more
(mod_security) mod_security (id:225170) triggered by 94.130.207.27 (core.nexgridcloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 03:29:55.900488 2026] [security2:error] [pid 21929:tid 21929] [client 94.130.207.27:56384] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ohwaitiforgot.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ohwaitiforgot.com"] [uri "/wp-json/wp/v2/users/4"] [unique_id "akdk8y61owan-tMpLJVQ-QAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 06:50:22
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 94.130.207.27 (core.nexgridcloud.com): 1 in the ...
show more
(mod_security) mod_security (id:225170) triggered by 94.130.207.27 (core.nexgridcloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 02:50:15.789744 2026] [security2:error] [pid 18418:tid 18418] [client 94.130.207.27:55906] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||hertzan.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "hertzan.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akdbp5V7ecV-aUAWl2x4EgAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-07-03 05:31:04
(1 day ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 18:09:56
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 94.130.207.27 (core.nexgridcloud.com): 1 in the ...
show more
(mod_security) mod_security (id:225170) triggered by 94.130.207.27 (core.nexgridcloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 14:09:49.459130 2026] [security2:error] [pid 32370:tid 32370] [client 94.130.207.27:57606] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||rajabarber.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rajabarber.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "akapbaA41HpOBS8cbUzjLAAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 16:25:45
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 94.130.207.27 (core.nexgridcloud.com): 1 in the ...
show more
(mod_security) mod_security (id:225170) triggered by 94.130.207.27 (core.nexgridcloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 12:25:38.543726 2026] [security2:error] [pid 14743:tid 14743] [client 94.130.207.27:45514] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||crystaljohns.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "crystaljohns.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akaRAt3iLtE0IMNqV1a94gAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
Hippoline
2026-07-02 13:36:24
(2 days ago)
Jul 2 15:36:21 local wp(senioren.lu)[26199]: Authentication attempt for unknown user administrator ...
show more
Jul 2 15:36:21 local wp(senioren.lu)[26199]: Authentication attempt for unknown user administrator from 94.130.207.27
...
show less
Brute-Force
Web App Attack
๐ฉ๐ช
neckaralb-admin.de
2026-07-02 10:31:24
(2 days ago)
(wordpress) Failed login wp-login.php or xmlrpc.php
Web App Attack
๐ฉ๐ช
ger-stg-sifi1
2026-07-02 07:42:49
(2 days ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐ซ๐ท
ingroscart.it
2026-07-02 01:57:41
(2 days ago)
(wordpress) Failed wordpress login from 94.130.207.27 (DE/Germany/Saxony/Falkenstein/core.nexgridclo ...
show more
(wordpress) Failed wordpress login from 94.130.207.27 (DE/Germany/Saxony/Falkenstein/core.nexgridcloud.com/[redacted])
show less
Brute-Force
๐ฉ๐ช
Lino Project
2026-07-01 18:44:34
(2 days ago)
94.130.207.27 - - [01/Jul/2026:20:44:30 +0200] "GET /wp-login.php HTTP/2.0" 403 405 "-" "Mozilla/5.0 ...
show more
94.130.207.27 - - [01/Jul/2026:20:44:30 +0200] "GET /wp-login.php HTTP/2.0" 403 405 "-" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
...
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
nationaleventpros.com
2026-07-01 18:30:35
(2 days ago)
WordPress login attempt
Brute-Force