rtbh.com.tr
2024-08-23 08:55:23
(2 weeks ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
stinpriza
2024-08-10 01:55:33
(1 month ago)
Drupal Authentication failure
Brute-Force
Web App Attack
TPI-Abuse
2024-08-09 20:08:51
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 16:08:42.829547 2024] [security2:error] [pid 3178137:tid 3178137] [client 109.120.179.126:40754] [client 109.120.179.126] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||drwolberg.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "drwolberg.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZrZ3SibakcUbqVG1c2_y6wAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
rsa
2024-08-09 15:11:00
(1 month ago)
POST /admin/index.php?route=common/login HTTP/1.1
Hacking
Brute-Force
Web App Attack
bigscoots.com
2024-08-09 14:28:35
(1 month ago)
(PERMBLOCK) 109.120.179.126 (FR/France/kwzln1.aeza.network) has had more than 4 temp blocks in the l ... show more (PERMBLOCK) 109.120.179.126 (FR/France/kwzln1.aeza.network) has had more than 4 temp blocks in the last 86400 secs; Ports: *; Direction: 1; Trigger: LF_PERMBLOCK_COUNT; Logs: show less
Brute-Force
SSH
TPI-Abuse
2024-08-09 13:04:53
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 09:04:48.238237 2024] [security2:error] [pid 27029:tid 27029] [client 109.120.179.126:34778] [client 109.120.179.126] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.ideaofauniversity.website|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.ideaofauniversity.website"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZrYT8IgnJ7kRLFLMOhvZCwAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-09 11:56:40
(1 month ago)
(mod_security) mod_security (id:234930) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the ... show more (mod_security) mod_security (id:234930) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 07:56:31.818748 2024] [security2:error] [pid 9002:tid 9008] [client 109.120.179.126:51614] [client 109.120.179.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.killasgarage.bike|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.killasgarage.bike"] [uri "/uncategorized/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZrYD72GgKrK_IheMUXqr8QAAAQQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-09 08:44:38
(1 month ago)
(mod_security) mod_security (id:234930) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the ... show more (mod_security) mod_security (id:234930) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 04:44:34.372474 2024] [security2:error] [pid 3204:tid 3204] [client 109.120.179.126:34014] [client 109.120.179.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.mounthoodhistory.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.mounthoodhistory.com"] [uri "/tag/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZrXW8jQ8114SdOe1-hxvnQAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-09 08:06:38
(1 month ago)
(mod_security) mod_security (id:234930) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the ... show more (mod_security) mod_security (id:234930) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 04:06:33.893716 2024] [security2:error] [pid 2249:tid 2249] [client 109.120.179.126:38124] [client 109.120.179.126] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6787"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||1954topresent.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "1954topresent.com"] [uri "/blog/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZrXOCVWcfVJD6SAitVk-agAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-09 07:46:52
(1 month ago)
2024/08/08 Large number of invalid logon attempts to admin portal
Brute-Force
Web App Attack
TPI-Abuse
2024-08-09 05:35:27
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 01:35:22.459873 2024] [security2:error] [pid 14172:tid 14172] [client 109.120.179.126:43466] [client 109.120.179.126] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.arkafeart.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.arkafeart.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZrWqmk_Bytfn1gc_yqe8aQAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-09 03:57:12
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_MODSEC
Brute-Force
SSH
4server
2024-08-09 03:09:19
(1 month ago)
[FriAug0905:09:13.8748802024][security2:error][pid3497797:tid3497919][client109.120.179.126:0][clien ... show more [FriAug0905:09:13.8748802024][security2:error][pid3497797:tid3497919][client109.120.179.126:0][client109.120.179.126]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"wp-content/uploads/.\*\\\\\\\\.ph\(\?:p\|tml\|t\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/99_asl_jitp.conf\"][line\"5056\"][id\"382238\"][rev\"2\"][msg\"Atomicorp.comWAFRules-VirtualJustInTimePatch:PHPfileexecutioninuploadsdirectorydenied\"][data\"wp-content/uploads/mfw-activity-logger/csv-uploads/evil.php\"][severity\"CRITICAL\"][hostname\"prstartup.ch\"][uri\"/wp-content/uploads/mfw-activity-logger/csv-uploads/evil.php\"][unique_id\"ZrWIWcb4EEeC5fGeEufspwAAARY\"][FriAug0905:09:13.9648462024][security2:error][pid3497797:tid3497919][client109.120.179.126:0][client109.120.179.126]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"wp-content/uploads/.\*\\\\\\\\.ph\(\?:p\|tml\|t\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/99_asl_jitp.conf\"][line\"5056\"][id\"382238\"][rev\"2\"][msg\"Atomicor show less
Port Scan
Brute-Force
Web App Attack
TPI-Abuse
2024-08-09 02:57:43
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 109.120.179.126 (kwzln1.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 22:57:38.343684 2024] [security2:error] [pid 31123:tid 31123] [client 109.120.179.126:54424] [client 109.120.179.126] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.combustiblesymineralesbyc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.combustiblesymineralesbyc.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZrWFoqreztou8UpNv9Fn8QAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Rizzy
2024-08-09 02:37:50
(1 month ago)
Multiple WAF Violations
Brute-Force
Web App Attack