๐ซ๐ท
dynamix
2026-07-03 11:35:56
(4 days ago)
Multiple WAF Violations
Web App Attack
๐บ๐ธ
antlac1
2026-07-01 18:07:57
(5 days ago)
crowdsecurity/http-bf-wordpress_bf
Brute-Force
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-06-17 13:12:29
(2 weeks ago)
Try to access /xmlrpc.php?rsd
Web App Attack
๐ฏ๐ต
SentinalX by uzumaru
2026-06-14 02:18:31
(3 weeks ago)
Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ...
show more
Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: dpc8dvxsgy3qp.cloudfront.net:80
show less
Open Proxy
Port Scan
๐ฆ๐บ
screwlooseit.com.au
2026-06-13 18:30:55
(3 weeks ago)
Blocked by CSF 13 firewall - Rule: XMLRPC
-
Web App Attack
๐บ๐ธ
nowyouknow
2026-06-13 16:35:36
(3 weeks ago)
Phishing
Web Spam
๐บ๐ธ
TPI-Abuse
2026-06-11 03:48:45
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 23.191.200.120 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 23.191.200.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 23:48:42.321456 2026] [security2:error] [pid 1650:tid 1675] [client 23.191.200.120:25428] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.upperwilds.com"] [uri "/.git/config"] [unique_id "aiowGgPdSgQgvDanay1fJAAAAMU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฒ๐ฝ
octageeks.com
2026-06-09 04:09:40
(4 weeks ago)
Wordpress malicious attack:[octaflood]
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-07 22:18:27
(4 weeks ago)
(mod_security) mod_security (id:225170) triggered by 23.191.200.120 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:225170) triggered by 23.191.200.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 18:18:23.927117 2026] [security2:error] [pid 5757:tid 5757] [client 23.191.200.120:47656] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||dancingbearprinting.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "dancingbearprinting.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aiXuLzDk0d2H8e_cBR0NVAAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-03 22:52:36
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 23.191.200.120 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 23.191.200.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 18:52:28.437324 2026] [security2:error] [pid 10773:tid 10773] [client 23.191.200.120:30776] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "brbcash.com"] [uri "/.git/config"] [unique_id "aiCwLMp5oGcp23UCv0gUtwAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
rellik
2026-05-30 23:00:00
(1 month ago)
Scanning Critical File
Hacking
Web App Attack
๐ฎ๐น
Progetto1
2026-05-30 13:30:06
(1 month ago)
Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-29 22:47:56
(1 month ago)
(mod_security) mod_security (id:949110) triggered by 23.191.200.120 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:949110) triggered by 23.191.200.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 18:47:52.260357 2026] [security2:error] [pid 9521:tid 9521] [client 23.191.200.120:44554] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "allhandswashservices.com"] [uri "/dump.sql"] [unique_id "ahoXmKwSVcCkUUc4LyZcvQAAAAM"], referer: allhandswashservices.com/dump.sql
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
mnsf
2026-05-29 09:05:04
(1 month ago)
Abuse Detected (1)
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-26 03:50:45
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 23.191.200.120 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 23.191.200.120 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 23:50:37.899000 2026] [security2:error] [pid 29217:tid 29217] [client 23.191.200.120:25210] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||omahareact.org|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "omahareact.org"] [uri "/dump.sql"] [unique_id "ahUYjQx1_VSv-cCxtJ8ZqwAAABY"], referer: omahareact.org/dump.sql
show less
Brute-Force
Bad Web Bot
Web App Attack