๐บ๐ธ
TPI-Abuse
2026-07-18 13:25:51
(1 hour ago)
(mod_security) mod_security (id:225170) triggered by 98.91.189.62 (ec2-98-91-189-62.compute-1.amazon ...
show more
(mod_security) mod_security (id:225170) triggered by 98.91.189.62 (ec2-98-91-189-62.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 09:25:47.648631 2026] [security2:error] [pid 23771:tid 23771] [client 98.91.189.62:33750] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||messengersforchrist.charity|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "messengersforchrist.charity"] [uri "/wp-json/wp/v2/users"] [unique_id "alt-2-QFqrN3cAtHZmMK3gAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
maxpower
2026-07-18 13:17:12
(1 hour ago)
(wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 98.91.189.62 (US/United States/ec2-98-91-189-6 ...
show more
(wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 98.91.189.62 (US/United States/ec2-98-91-189-62.compute-1.amazonaws.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 98.91.189.62 - - [18/Jul/2026:15:17:01 +0200] "GET /wp-json/wp/v2/users?per_page=10&_fields=name,slug,url HTTP/1.1" 200 89 "-" "Mozilla/5.0 (compatible; MeasureboardResearchBot/1.0; +https://measureboard.com/bot)" "-" host=matteoappignani.it
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-07-18 11:29:47
(3 hours ago)
(mod_security) mod_security (id:225170) triggered by 98.91.189.62 (ec2-98-91-189-62.compute-1.amazon ...
show more
(mod_security) mod_security (id:225170) triggered by 98.91.189.62 (ec2-98-91-189-62.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 07:29:42.710502 2026] [security2:error] [pid 7578:tid 7578] [client 98.91.189.62:34842] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ibermar.info|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ibermar.info"] [uri "/wp-json/wp/v2/users"] [unique_id "altjpvefClYMlqYTxmm2mAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
CoreTech srl
2026-07-18 10:53:56
(3 hours ago)
cloudlinux2 fail2ban: 2026-07-18 12:48:50,070 fail2ban.filter [1598]: INFO [plesk-modsecu ...
show more
cloudlinux2 fail2ban: 2026-07-18 12:48:50,070 fail2ban.filter [1598]: INFO [plesk-modsecurity] Found 49.36.81.234 - 2026-07-18 12:48:49cloudlinux2 fail2ban: 2026-07-18 12:49:10,975 fail2ban.filter [1598]: INFO [plesk-modsecurity] Found 49.36.81.234 - 2026-07-18 12:49:10cloudlinux2 fail2ban: 2026-07-18 12:49:11,096 fail2ban.actions [1598]: NOTICE [plesk-modsecurity] Ban 49.36.81.234cloudlinux2 fail2ban: 2026-07-18 12:49:11,103 fail2ban.filter [1598]: INFO [recidive] Found 49.36.81.234 - 2026-07-18 12:49:11cloudlinux2 fail2ban: 2026-07-18 12:50:17,495 fail2ban.filter [1598]: INFO [plesk-wordpress] Found 173.239.214.201 - 2026-07-18 12:50:16cloudlinux2 fail2ban: 2026-07-18 12:51:00,905 fail2ban.filter [1598]: INFO [plesk-modsecurity] Found 98.91.189.62 - 2026-07-18 12:51:00cloudlinux2 fail2ban: 2026-07-18 12:51:12,449 fail2ban.actions [1598]: NOTICE [plesk-modsecurity] Unban 106.51.207.2cloudlinux2 fail2ban: 2026-07-18 12:52:15,954 fail2ban.f
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-18 10:21:18
(4 hours ago)
(mod_security) mod_security (id:225170) triggered by 98.91.189.62 (ec2-98-91-189-62.compute-1.amazon ...
show more
(mod_security) mod_security (id:225170) triggered by 98.91.189.62 (ec2-98-91-189-62.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 06:21:13.587868 2026] [security2:error] [pid 3989:tid 3989] [client 98.91.189.62:47380] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||forerunnersjazz.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "forerunnersjazz.org"] [uri "/wp-json/wp/v2/users"] [unique_id "altTmQVXahrGH6u1NaHQYwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-18 09:51:11
(4 hours ago)
nginx-444 from fail2ban
...
Web App Attack
๐ซ๐ท
IRISIO
2026-07-18 07:25:08
(7 hours ago)
scans/SQL injection/spam posts : 4 queries
Web App Attack
SQL Injection
Anonymous
2026-07-18 07:07:41
(7 hours ago)
Blocked: Reason='Suspicious traffic score=70 (review-based detection)'; Requests=4
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-18 06:13:55
(8 hours ago)
(mod_security) mod_security (id:225170) triggered by 98.91.189.62 (ec2-98-91-189-62.compute-1.amazon ...
show more
(mod_security) mod_security (id:225170) triggered by 98.91.189.62 (ec2-98-91-189-62.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 02:13:49.882458 2026] [security2:error] [pid 15595:tid 15595] [client 98.91.189.62:48398] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||rootsofwellnessayurveda.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "rootsofwellnessayurveda.com"] [uri "/wp-json/wp/v2/users"] [unique_id "alsZnaHVyhqcS1G3LjccygAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
MM-bot
2026-07-18 05:56:28
(8 hours ago)
URL-probe: HTTP/1.1 GET request on /wp-json/ (2026-07-18 07:56:28 UTC+2)
Web App Attack
Hacking
๐ฉ๐ช
maxpower
2026-07-18 05:52:18
(8 hours ago)
(wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 98.91.189.62 (US/United States/ec2-98-91-189-6 ...
show more
(wp_fingerprint) REGOLA 6 - WP Exploit Attempt xmlrpc 98.91.189.62 (US/United States/ec2-98-91-189-62.compute-1.amazonaws.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 98.91.189.62 - - [18/Jul/2026:07:52:15 +0200] "GET /wp-json/wp/v2/users?per_page=10&_fields=name,slug,url HTTP/1.1" 200 134 "-" "Mozilla/5.0 (compatible; MeasureboardResearchBot/1.0; +https://measureboard.com/bot)" "-" host=falone.com
show less
Port Scan