Anonymous
2026-01-13 10:28:59
(5 months ago)
XSS Attempt
Hacking
๐ณ๐ฑ
MM-bot
2026-01-12 15:43:03
(5 months ago)
URL-probe: HTTP/1.1 POST request on /WSVulnerabilityCore/VulCore.asmx (2026-01-12 16:43:03 UTC+1)
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-01-12 13:30:43
(5 months ago)
(mod_security) mod_security (id:211070) triggered by 172.245.235.148 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:211070) triggered by 172.245.235.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 12 08:30:34.378067 2026] [security2:error] [pid 21968:tid 21968] [client 172.245.235.148:38116] ModSecurity: Access denied with code 403 (phase 1). Pattern match "," at REQUEST_HEADERS:Transfer-Encoding. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "38"] [id "211070"] [rev "1"] [msg "COMODO WAF: HTTP Request Smuggling Attack.||aquatreat.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "aquatreat.net"] [uri "/tmui/login.jsp"] [unique_id "aWT3eqman45HuF2g7z8J3gAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-01-12 13:30:00
(5 months ago)
"Security violation, excess traffic against library/education infrastructure"
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-01-12 07:39:16
(5 months ago)
(mod_security) mod_security (id:211190) triggered by 172.245.235.148 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:211190) triggered by 172.245.235.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 12 02:39:07.626307 2026] [security2:error] [pid 16118:tid 16118] [client 172.245.235.148:57768] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||brandoncomputergeeks.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /logs/downloadMainLog?fname=../../../../../../..//etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "brandoncomputergeeks.com"] [uri "/logs/downloadMainLog"] [unique_id "aWSlG2y67BmpzZTbu1MaKwAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
kjaerulff
2025-11-26 07:57:59
(7 months ago)
Failed Wordpress login using wp-login.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-12 06:30:27
(7 months ago)
(mod_security) mod_security (id:225170) triggered by 172.245.235.148 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 172.245.235.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 01:30:19.686789 2025] [security2:error] [pid 2029:tid 2029] [client 172.245.235.148:36956] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||homebuilt.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "homebuilt.org"] [uri "/wp-json/wp/v2/users"] [unique_id "aRQpexFOpK1APxRk6wYlUgAAAAA"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-12 03:24:11
(7 months ago)
(mod_security) mod_security (id:225170) triggered by 172.245.235.148 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 172.245.235.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 11 22:24:04.680684 2025] [security2:error] [pid 8489:tid 8489] [client 172.245.235.148:45058] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||idledog.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "idledog.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aRP91MA9DHjdTqOsZohuwgAAAAI"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-08 07:32:03
(7 months ago)
(mod_security) mod_security (id:225170) triggered by 172.245.235.148 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 172.245.235.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 08 02:31:58.038786 2025] [security2:error] [pid 29932:tid 29932] [client 172.245.235.148:43944] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||jiramp.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jiramp.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQ7x7s7miv0-V9S7fvIyXwAAAAk"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-11-04 10:57:03
(7 months ago)
(mod_security) mod_security (id:225170) triggered by 172.245.235.148 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 172.245.235.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 04 05:56:54.747441 2025] [security2:error] [pid 6974:tid 6974] [client 172.245.235.148:51978] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||hpepaper.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "hpepaper.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQnb9o0-XuM0tRqT8EnTPQAAAAE"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-11-04 04:51:17
(7 months ago)
[redacted] 172.245.235.148 - - [04/Nov/2025:05:50:54 +0100] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" ...
show more
[redacted] 172.245.235.148 - - [04/Nov/2025:05:50:54 +0100] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Apache-HttpClient/4.5.13 (Java/11.0.28)"
[redacted] 172.245.235.148 - - [04/Nov/2025:05:50:58 +0100] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Apache-HttpClient/4.5.13 (Java/11.0.28)"
[redacted] 172.245.235.148 - - [04/Nov/2025:05:51:07 +0100] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Apache-HttpClient/4.5.13 (Java/11.0.28)"
[redacted] 172.245.235.148 - - [04/Nov/2025:05:51:11 +0100] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Apache-HttpClient/4.5.13 (Java/11.0.28)"
[redacted] 172.245.235.148 - - [04/Nov/2025:05:51:16 +0100] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Apache-HttpClient/4.5.13 (Java/11.0.28)"
...
show less
Hacking
Web App Attack
๐จ๐ญ
backslash
2025-10-29 18:20:06
(8 months ago)
block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2025-10-06 09:17:15
(8 months ago)
(mod_security) mod_security (id:210730) triggered by 172.245.235.148 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:210730) triggered by 172.245.235.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 06 05:17:10.726730 2025] [security2:error] [pid 5320:tid 5320] [client 172.245.235.148:37784] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||frightlibrary.org|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "frightlibrary.org"] [uri "/citizen/medievaltimes.com"] [unique_id "aOOJFr-JhNcK-XSn8F3x5wAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
exxos
2025-09-28 03:08:38
(9 months ago)
http-no-verb
Hacking
Anonymous
2025-08-04 15:49:08
(10 months ago)
Botnet - login attempts with leaked random user/pass lists
Hacking
Brute-Force
Web App Attack