๐บ๐ธ
integrantservices.com
2026-07-07 17:48:30
(5 days ago)
(wordpress) Failed wordpress login from 191.96.146.179 (GR/Greece/-)
Brute-Force
๐ณ๐ฑ
wlt-blocker
2026-07-07 14:55:34
(5 days ago)
Unauthorized access to webpage admin
Web App Attack
๐บ๐ธ
nyt
2026-07-07 14:55:04
(5 days ago)
WP Author Enumeration, WP User Enumeration
Web App Attack
๐ฏ๐ต
demonsword
2026-05-31 13:10:59
(1 month ago)
Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ...
show more
Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: api.ipvanish.com:443
show less
Open Proxy
Port Scan
๐บ๐ธ
TPI-Abuse
2026-05-04 03:15:13
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 191.96.146.179 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:240335) triggered by 191.96.146.179 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 03 23:15:10.001142 2026] [security2:error] [pid 29397:tid 29397] [client 191.96.146.179:65367] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 191.96.146.179 (+1 hits since last alert)|www.dpcfab.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.dpcfab.com"] [uri "/xmlrpc.php"] [unique_id "afgPPX5H5Rrq6wWeMpLmCwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐ฑ
Dolphi
2026-05-04 02:40:09
(2 months ago)
POST //xmlrpc.php
Brute-Force
Web App Attack
๐ง๐ช
cmbplf
2026-05-04 01:36:06
(2 months ago)
2.681 requests with url.path //xmlrpc.php
Brute-Force
Bad Web Bot
๐ฏ๐ต
Valhalla
2026-03-17 04:02:37
(3 months ago)
/config.json
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-14 00:19:14
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 191.96.146.179 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 191.96.146.179 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 13 20:19:10.310683 2026] [security2:error] [pid 5876:tid 5876] [client 191.96.146.179:39535] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||trafficstopper.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "trafficstopper.com"] [uri "/backup/www.sql"] [unique_id "abSpfucEcL7VA-oI9l45XQAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-13 13:53:23
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 191.96.146.179 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 191.96.146.179 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 13 09:53:16.120664 2026] [security2:error] [pid 7653:tid 7653] [client 191.96.146.179:62365] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.enriquelaw.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.enriquelaw.com"] [uri "/www.sql"] [unique_id "abQWzJmYGRZE-aRGlPdV4wAAAC0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-12 23:20:42
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 191.96.146.179 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 191.96.146.179 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 12 19:20:36.080829 2026] [security2:error] [pid 16677:tid 16677] [client 191.96.146.179:51429] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "secureonebank.net"] [uri "/.env"] [unique_id "abNKRG03jYlNV1GRaNhouwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐ณ
dineshskt4all
2026-03-12 14:27:12
(4 months ago)
[Thu Mar 12 14:27:04.199706 2026] [proxy_fcgi:error] [pid 4128053:tid 130518821566144] [client 191.9 ...
show more
[Thu Mar 12 14:27:04.199706 2026] [proxy_fcgi:error] [pid 4128053:tid 130518821566144] [client 191.96.146.179:0] AH01071: Got error 'Primary script unknown'
...
show less
Brute-Force
๐บ๐ธ
Penny Packer
2026-03-12 06:59:19
(4 months ago)
Fail2Ban apache-tripwires
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-12 06:37:53
(4 months ago)
(mod_security) mod_security (id:210492) triggered by 191.96.146.179 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 191.96.146.179 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 12 02:37:48.806219 2026] [security2:error] [pid 12895:tid 12895] [client 191.96.146.179:60481] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crypto-stamps.com"] [uri "/sftp-config.json"] [unique_id "abJfPCuNzSjLHQOmSE1XzQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-03 09:14:54
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 191.96.146.179 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 191.96.146.179 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 03 04:14:50.373553 2026] [security2:error] [pid 17686:tid 17686] [client 191.96.146.179:60005] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||www.robcohn.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.robcohn.com"] [uri "/backups/sql.sql"] [unique_id "aaamig53KWapPFCxZ_2NFwAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack