This IP was detected 26 times on my original honeypot and also performed automated reconnaissance an ...
show moreThis IP was detected 26 times on my original honeypot and also performed automated reconnaissance and vulnerability scanning against my server between 2025-12-13T18:33:43Z UTC and 2025-12-13T18:34:14Z UTC.
The honeypot folders: /wp-includes/images/,/wp-includes/rest-api/ and /wp-includes/theme-compat/.
The honeypot files included examples such as: /file.php,/wp-signin.php,/about.php and others.
It issued 72 HTTP requests targeting 26 distinct suspicious paths within about 31 seconds.
The targeted paths included examples such as: /wp-good.php, /ioxi-o.php, /abcd.php, /wp-includes/block-bindings, /bless.php, /images/install.php and others.
Many of the requests specifically probed WordPress-related paths (wp-admin, wp-content, wp-includes, themes, plugins, etc.).
Multiple requests used filenames that resemble PHP web shells or exploitation payloads.
The behavior is consistent with an automated directory and CMS reconnaissance scan, not normal user browsing.
show less
Auto-ban: 33 malicious requests on 2025-12-13 (e.g., env/backup probes, brute-force, or error bursts ...
show moreAuto-ban: 33 malicious requests on 2025-12-13 (e.g., env/backup probes, brute-force, or error bursts).
show less