๐บ๐ธ
bitblockit
2026-04-14 05:02:59
(2 months ago)
Reconnaissance or port-scan activity observed on a honeypot sensor. Honeypot decoy type: Suricata. D ...
show more
Reconnaissance or port-scan activity observed on a honeypot sensor. Honeypot decoy type: Suricata. Decoy listen port: 54244/tcp. Observed event time: 2026-04-14 05:02:59 UTC. Report from passive honeypot only; no payload or credentials included.
show less
Port Scan
๐บ๐ธ
bitblockit
2026-04-14 04:46:33
(2 months ago)
Reconnaissance or port-scan activity observed on a honeypot sensor. Honeypot decoy type: Suricata. D ...
show more
Reconnaissance or port-scan activity observed on a honeypot sensor. Honeypot decoy type: Suricata. Decoy listen port: 54244/tcp. Observed event time: 2026-04-14 04:46:33 UTC. Report from passive honeypot only; no payload or credentials included.
show less
Port Scan
๐บ๐ธ
bitblockit
2026-04-14 04:30:08
(2 months ago)
Reconnaissance or port-scan activity observed on a honeypot sensor. Honeypot decoy type: Suricata. D ...
show more
Reconnaissance or port-scan activity observed on a honeypot sensor. Honeypot decoy type: Suricata. Decoy listen port: 6740/tcp. Observed event time: 2026-04-14 04:30:08 UTC. Report from passive honeypot only; no payload or credentials included.
show less
Port Scan
๐บ๐ธ
bitblockit
2026-04-14 04:22:25
(2 months ago)
Reconnaissance or port-scan activity observed on a honeypot sensor. Honeypot decoy type: Suricata. D ...
show more
Reconnaissance or port-scan activity observed on a honeypot sensor. Honeypot decoy type: Suricata. Decoy listen port: 6740/tcp. Observed event time: 2026-04-14 04:22:25 UTC. Report from passive honeypot only; no payload or credentials included.
show less
Port Scan
๐บ๐ธ
bitblockit
2026-04-14 03:57:49
(2 months ago)
Reconnaissance or port-scan activity observed on a honeypot sensor. Honeypot decoy type: Suricata. D ...
show more
Reconnaissance or port-scan activity observed on a honeypot sensor. Honeypot decoy type: Suricata. Decoy listen port: 6740/tcp. Observed event time: 2026-04-14 03:57:49 UTC. Report from passive honeypot only; no payload or credentials included.
show less
Port Scan
๐จ๐ณ
pengpeng
2026-03-05 01:41:31
(3 months ago)
monitor: on VM-0-7-ubuntu | port: 17138 | ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporte ...
show more
monitor: on VM-0-7-ubuntu | port: 17138 | ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporter
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2025-04-18 14:56:19
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 194.233.96.123 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 194.233.96.123 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 18 10:56:13.372011 2025] [security2:error] [pid 27036:tid 27036] [client 194.233.96.123:54888] [client 194.233.96.123] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.sangalgano.info|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sangalgano.info"] [uri "/logs/access.log"] [unique_id "aAJoDWF8PkVFMztlPxen1AAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-04-18 11:11:58
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 194.233.96.123 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 194.233.96.123 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 18 07:11:53.866228 2025] [security2:error] [pid 3666961:tid 3666961] [client 194.233.96.123:44904] [client 194.233.96.123] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.fatparrots.org|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.fatparrots.org"] [uri "/logs/access.log"] [unique_id "aAIzeUpSJJfBd-Cr_AfptAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-04-17 22:18:39
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 194.233.96.123 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 194.233.96.123 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 17 18:18:33.299466 2025] [security2:error] [pid 3419044:tid 3419044] [client 194.233.96.123:21054] [client 194.233.96.123] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||tracdynamics.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "tracdynamics.com"] [uri "/requests.log"] [unique_id "aAF-Oc1IFBq_3D3ia-ztNAAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-04-17 15:15:08
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 194.233.96.123 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 194.233.96.123 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 17 11:15:00.549322 2025] [security2:error] [pid 12703:tid 12703] [client 194.233.96.123:51666] [client 194.233.96.123] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.orientexpress.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.orientexpress.com"] [uri "/log/access.log"] [unique_id "aAEa9OSK8YKbXzXDqYV9LwAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-04-17 11:37:18
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 194.233.96.123 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 194.233.96.123 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 17 07:37:15.272262 2025] [security2:error] [pid 15909:tid 15909] [client 194.233.96.123:25072] [client 194.233.96.123] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.ecomim.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.ecomim.com"] [uri "/logs/access.log"] [unique_id "aADn6_PnEc84UouzyFw2zgAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-04-17 10:11:24
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 194.233.96.123 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 194.233.96.123 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 17 06:11:17.086169 2025] [security2:error] [pid 1666228:tid 1666228] [client 194.233.96.123:37934] [client 194.233.96.123] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||www.arcaneauto.org|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.arcaneauto.org"] [uri "/log/access.log"] [unique_id "aADTxev54FEHaTuio44qvwAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Cobblepot
2024-12-12 22:04:00
(1 year ago)
automatically mass attempts to post links to scam websites on which user data and credit card data a ...
show more
automatically mass attempts to post links to scam websites on which user data and credit card data are stolen.
show less
Phishing
Blog Spam
๐ฉ๐ช
BestFans.com
2024-09-29 17:23:04
(1 year ago)
Credential brute-force attacks on webpage logins
Brute-Force
Anonymous
2024-07-10 08:10:51
(1 year ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH