๐ฎ๐น
paoloartone
2026-07-15 05:00:17
(3 hours ago)
Reverse proxy TCO: 837 richieste malevole bloccate (scan/exploit/brute-force WordPress) il 14/07/202 ...
show more
Reverse proxy TCO: 837 richieste malevole bloccate (scan/exploit/brute-force WordPress) il 14/07/2026.
show less
Web App Attack
Hacking
Port Scan
๐บ๐ธ
TPI-Abuse
2026-07-14 16:15:56
(16 hours ago)
(mod_security) mod_security (id:225170) triggered by 95.173.222.30 (unn-95-173-222-30.datapacket.com ...
show more
(mod_security) mod_security (id:225170) triggered by 95.173.222.30 (unn-95-173-222-30.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 12:15:48.801365 2026] [security2:error] [pid 22522:tid 22622] [client 95.173.222.30:62065] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.asetiadi.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.asetiadi.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "alZgtPLSHduJ3oDXGD0buQAAAM8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
PeravixGroup
2026-07-14 16:00:02
(16 hours ago)
Imunify360 WAF block (graylisted)
Web App Attack
๐ซ๐ฎ
as211431.net
2026-07-14 15:39:25
(17 hours ago)
Triggered Cloudflare WAF (firewallCustom) from FR.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET metho ...
show more
Triggered Cloudflare WAF (firewallCustom) from FR.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: /shop/wp-includes/wlwmanifest.xml
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐ฌ๐ง
Smish
2026-07-14 15:39:19
(17 hours ago)
HONEYPOT HIT --> Fail2ban time=1784043558 log=2026-07-14T16:39:18+01:00 ip=95.173.222.30 host=as2106 ...
show more
HONEYPOT HIT --> Fail2ban time=1784043558 log=2026-07-14T16:39:18+01:00 ip=95.173.222.30 host=as210667.net method=GET uri="//xmlrpc.php?rsd" status=404 ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" ref="-" rid=05e6b4deccc940d2c05b46c4b0d2162e
show less
Web App Attack
๐ณ๐ฑ
ipoac.nl
2026-07-14 15:38:43
(17 hours ago)
-:443 95.173.222.30 - - [14/Jul/2026:17:38:42 +0200] - "GET //wp-includes/wlwmanifest.xml HTTP/1.1" ...
show more
-:443 95.173.222.30 - - [14/Jul/2026:17:38:42 +0200] - "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 404 1979 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36"
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-14 14:57:09
(17 hours ago)
(mod_security) mod_security (id:225170) triggered by 95.173.222.30 (unn-95-173-222-30.datapacket.com ...
show more
(mod_security) mod_security (id:225170) triggered by 95.173.222.30 (unn-95-173-222-30.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 10:57:05.225974 2026] [security2:error] [pid 4514:tid 4514] [client 95.173.222.30:56412] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.arthuryeung.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.arthuryeung.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "alZOQXX3swp3oFzIDQiSdwAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 13:32:24
(19 hours ago)
(mod_security) mod_security (id:225170) triggered by 95.173.222.30 (unn-95-173-222-30.datapacket.com ...
show more
(mod_security) mod_security (id:225170) triggered by 95.173.222.30 (unn-95-173-222-30.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 09:32:17.168220 2026] [security2:error] [pid 25525:tid 25525] [client 95.173.222.30:58388] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||johncyphers.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "johncyphers.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "alY6YU_NvgCH49xD09XpUgAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-14 13:27:47
(19 hours ago)
(PERMBLOCK) 95.173.222.30 (FR/France/unn-95-173-222-30.datapacket.com) has had more than 4 temp bloc ...
show more
(PERMBLOCK) 95.173.222.30 (FR/France/unn-95-173-222-30.datapacket.com) has had more than 4 temp blocks in the last 86400 secs (0-197)
show less
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-14 13:17:16
(19 hours ago)
(mod_security) mod_security (id:225170) triggered by 95.173.222.30 (unn-95-173-222-30.datapacket.com ...
show more
(mod_security) mod_security (id:225170) triggered by 95.173.222.30 (unn-95-173-222-30.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 09:17:11.559964 2026] [security2:error] [pid 14169:tid 14169] [client 95.173.222.30:52655] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ardath.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ardath.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "alY216lpdzzdYPDxbhN6iQAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-14 13:12:36
(19 hours ago)
(PERMBLOCK) 95.173.222.30 (FR/France/unn-95-173-222-30.datapacket.com) has had more than 4 temp bloc ...
show more
(PERMBLOCK) 95.173.222.30 (FR/France/unn-95-173-222-30.datapacket.com) has had more than 4 temp blocks in the last 86400 secs (0-196)
show less
Hacking
Anonymous
2026-07-14 12:50:48
(19 hours ago)
Bad Web Bot
๐ณ๐ฑ
Site.eu
2026-07-14 12:15:13
(20 hours ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-07-14 10:41:08
(22 hours ago)
(mod_security) mod_security (id:240335) triggered by 95.173.222.30 (unn-95-173-222-30.datapacket.com ...
show more
(mod_security) mod_security (id:240335) triggered by 95.173.222.30 (unn-95-173-222-30.datapacket.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 06:41:01.897068 2026] [security2:error] [pid 7255:tid 7255] [client 95.173.222.30:50609] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 95.173.222.30 (+1 hits since last alert)|portalvasco.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "portalvasco.com"] [uri "/blog/xmlrpc.php"] [unique_id "alYSPb9HHXwSsbvWCaD0BwAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
cmbplf
2026-07-14 10:36:16
(22 hours ago)
2.813 POST requests with url.path */wp-login.php
Brute-Force
Bad Web Bot