rtbh.com.tr
|
|
list.rtbh.com.tr report: tcp/0
|
Brute-Force
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
Rizzy
|
|
Multiple WAF Violations
|
Brute-Force
Web App Attack
|
|
hermawan
|
|
[Sat Aug 10 17:27:09.620689 2024] [authz_core:error] [pid 12164:tid 138620360984128] [client 185.106 ... show more[Sat Aug 10 17:27:09.620689 2024] [authz_core:error] [pid 12164:tid 138620360984128] [client 185.106.93.69:36900] AH01630: client denied by server configuration: /var/www/administrator/ [staklim-malang.info] [staklim-malang.info] top=[12225] [EUe9s8nG7XI] [ZrdAfZD9AG52GTK2ZUN-PgAAAJM] keep_alive=[0] [2024-08-10 17:27:09.620692] [R:ZrdAfZD9AG52GTK2ZUN-PgAAAJM] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36' Host:'staklim-malang.info' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8' Accept-Encoding:'gzip, deflate Accept-Language:'en-US,en;q=0.5 Upgrade-Insecure-Requests:'1
... show less
|
Hacking
Web App Attack
|
|
Cloudkul Cloudkul
|
|
Multiple unauthorized attempts to access web resources
|
Brute-Force
Web App Attack
|
|
stinpriza
|
|
Drupal Authentication failure
|
Brute-Force
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:234930) triggered by 185.106.93.69 (debonair-design_n3.aeza.network) ... show more(mod_security) mod_security (id:234930) triggered by 185.106.93.69 (debonair-design_n3.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 20:57:49.993276 2024] [security2:error] [pid 14084:tid 14084] [client 185.106.93.69:41478] [client 185.106.93.69] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||therocketmice.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "therocketmice.com"] [uri "/2019/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "Zra7DQZpvXpfvBixBh6RyAAAAAM"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
nfsec.pl
|
|
185.106.93.69 - - [09/Aug/2024:18:06:58 +0200] "GET /media/administrator/ HTTP/1.1" 404 24770 "-" "M ... show more185.106.93.69 - - [09/Aug/2024:18:06:58 +0200] "GET /media/administrator/ HTTP/1.1" 404 24770 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
185.106.93.69 - - [09/Aug/2024:18:07:52 +0200] "GET /media/administrator/ HTTP/1.1" 404 30273 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
185.106.93.69 - - [09/Aug/2024:18:07:52 +0200] "GET /media/administrator/ HTTP/1.1" 404 24783 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
185.106.93.69 - - [09/Aug/2024:18:10:25 +0200] "GET /media/administrator/ HTTP/1.1" 404 30208 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
185.106.93.69 - - [09/Aug/2024:18:10:25 +0200] "GET /media/administrator/ HTTP/1.1" 404 24803 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit
... show less
|
Exploited Host
Web App Attack
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:234930) triggered by 185.106.93.69 (debonair-design_n3.aeza.network) ... show more(mod_security) mod_security (id:234930) triggered by 185.106.93.69 (debonair-design_n3.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 05:05:16.563608 2024] [security2:error] [pid 16500:tid 16500] [client 185.106.93.69:47058] [client 185.106.93.69] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||odysseydogasporlari.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "odysseydogasporlari.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZrXbzDcD8niJe37upoLmawAAAAg"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Rizzy
|
|
Multiple WAF Violations
|
Brute-Force
Web App Attack
|
|
hermawan
|
|
[Fri Aug 09 08:37:29.680114 2024] [authz_core:error] [pid 1001870:tid 134779018151488] [client 185.1 ... show more[Fri Aug 09 08:37:29.680114 2024] [authz_core:error] [pid 1001870:tid 134779018151488] [client 185.106.93.69:51822] AH01630: client denied by server configuration: /var/www/administrator/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[1001912] [InO2L+4ZMBA] [ZrVy2UaMUc6qYloO-IGZBgAAAAA] keep_alive=[0] [2024-08-09 08:37:29.680119] [R:ZrVy2UaMUc6qYloO-IGZBgAAAAA] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8' Accept-Encoding:'gzip, deflate Accept-Language:'en-US,en;q=0.5 Upgrade-Insecure-Requests:'1
... show less
|
Hacking
Web App Attack
|
|
stinpriza
|
|
Drupal Authentication failure
|
Brute-Force
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:225170) triggered by 185.106.93.69 (debonair-design_n3.aeza.network) ... show more(mod_security) mod_security (id:225170) triggered by 185.106.93.69 (debonair-design_n3.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 11:54:28.956452 2024] [security2:error] [pid 21896:tid 21896] [client 185.106.93.69:38364] [client 185.106.93.69] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||1954topresent.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "1954topresent.com"] [uri "/blog/wp-json/wp/v2/users/1"] [unique_id "ZrTqNC450ucn1e6mXo7NygAAABg"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:234930) triggered by 185.106.93.69 (debonair-design_n3.aeza.network) ... show more(mod_security) mod_security (id:234930) triggered by 185.106.93.69 (debonair-design_n3.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 10:39:21.940991 2024] [security2:error] [pid 4703:tid 4703] [client 185.106.93.69:33918] [client 185.106.93.69] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.newdirectionsinmusic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.newdirectionsinmusic.com"] [uri "/3455-2/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZrTYmcsbBSjTr530GR6ZBAAAAAI"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|