πΊπΈ
TPI-Abuse
2025-02-10 19:12:28
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 212.30.37.201 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 212.30.37.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 10 14:12:24.759891 2025] [security2:error] [pid 26306:tid 26306] [client 212.30.37.201:5747] [client 212.30.37.201] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||asociacioncopan.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "asociacioncopan.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z6pPmMcuBgyxt7HpR5pMLwAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
octageeks.com
2025-02-09 05:06:24
(1 year ago)
Wordpress malicious attack:[octaxmlrpc]
Web App Attack
π§πͺ
cmbplf
2025-01-30 18:35:33
(1 year ago)
2.000 requests to */xmlrpc.php
Brute-Force
Bad Web Bot
πΊπΈ
TPI-Abuse
2025-01-30 03:05:51
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 212.30.37.201 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 212.30.37.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 29 22:05:44.899919 2025] [security2:error] [pid 953274:tid 953274] [client 212.30.37.201:58909] [client 212.30.37.201] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||phoboschildren.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "phoboschildren.com"] [uri "/game/wp-json/wp/v2/users/"] [unique_id "Z5rsiMh9NISAx0aKPsflhAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-01-29 04:10:58
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 212.30.37.201 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 212.30.37.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 28 23:10:50.452957 2025] [security2:error] [pid 29596:tid 29596] [client 212.30.37.201:32669] [client 212.30.37.201] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||csgohub.gg|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "csgohub.gg"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z5mqSgrCaVUuBZTCkCLU1gAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2025-01-23 18:08:49
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 212.30.37.201 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 212.30.37.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 23 13:08:41.157378 2025] [security2:error] [pid 1383868:tid 1383868] [client 212.30.37.201:48965] [client 212.30.37.201] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mtshastaconcerts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mtshastaconcerts.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "Z5KFqetI9sQmXT2vojiGAgAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¬π§
PulseServers
2025-01-20 21:05:38
(1 year ago)
Probing a honeypot for vulnerabilities. Ignored robots.txt - UK10 Honeypot
...
Hacking
Web App Attack
π©πͺ
alliance
2025-01-20 19:26:21
(1 year ago)
20.01.2025 19:26:20 Environment file scan (/.env)
Hacking
Web App Attack
π«π·
Security_Whaller
2025-01-20 17:30:14
(1 year ago)
Malicious activity detected on Honeypot.
Hacking
Brute-Force
Web App Attack
π¬π§
Interceptor_HQ
2025-01-20 10:50:39
(1 year ago)
request_uri: /1_1_PhpInfo.php -- automatic report --
Hacking
Brute-Force
πΊπΈ
TPI-Abuse
2025-01-20 08:19:50
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.201 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 212.30.37.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 20 03:19:47.096778 2025] [security2:error] [pid 20380:tid 20380] [client 212.30.37.201:54513] [client 212.30.37.201] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mrepoch.art|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mrepoch.art"] [uri "/restore/sql.sql"] [unique_id "Z44HI5z2I_E6g2cjY66o9gAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π§π·
leolemos
2025-01-18 19:12:38
(1 year ago)
212.30.37.201 - - [18/Jan/2025:16:12:36 -0300] "POST //xmlrpc.php HTTP/2.0" 200 507 "-" "Mozilla/5.0 ...
show more
212.30.37.201 - - [18/Jan/2025:16:12:36 -0300] "POST //xmlrpc.php HTTP/2.0" 200 507 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
212.30.37.201 - - [18/Jan/2025:16:12:37 -0300] "POST //xmlrpc.php HTTP/2.0" 200 295 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
212.30.37.201 - - [18/Jan/2025:16:12:37 -0300] "POST //xmlrpc.php HTTP/2.0" 200 271 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
212.30.37.201 - - [18/Jan/2025:16:12:37 -0300] "POST //xmlrpc.php HTTP/2.0" 200 271 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
show less
Brute-Force
Web App Attack
π§πͺ
cmbplf
2025-01-17 04:34:12
(1 year ago)
3.562 requests to */xmlrpc.php
Brute-Force
Bad Web Bot
πΊπΈ
TPI-Abuse
2025-01-15 14:43:56
(1 year ago)
(mod_security) mod_security (id:210730) triggered by 212.30.37.201 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 212.30.37.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 15 09:43:50.349280 2025] [security2:error] [pid 14398:tid 14398] [client 212.30.37.201:1831] [client 212.30.37.201] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||brazilianbikinis.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "brazilianbikinis.com"] [uri "/old/mysql.sql"] [unique_id "Z4fJprTxhJu-JyRs21UL0AAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¦πΊ
MAGIC
2025-01-15 13:09:28
(1 year ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot