rtbh.com.tr
|
|
list.rtbh.com.tr report: tcp/0
|
Brute-Force
|
|
hermawan
|
|
[Sun Aug 11 09:58:40.286244 2024] [authz_core:error] [pid 23934:tid 130052226287168] [client 185.106 ... show more[Sun Aug 11 09:58:40.286244 2024] [authz_core:error] [pid 23934:tid 130052226287168] [client 185.106.93.87:52054] AH01630: client denied by server configuration: /var/www/administrator/ [staklim-malang.info] [staklim-malang.info] top=[23985] [A1S1jUeK/1E] [Zrgo4Plr24sIha30otOq8AAAAIk] keep_alive=[0] [2024-08-11 09:58:40.286247] [R:Zrgo4Plr24sIha30otOq8AAAAIk] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36' Host:'staklim-malang.info' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8' Accept-Encoding:'gzip, deflate Accept-Language:'en-US,en;q=0.5 Upgrade-Insecure-Requests:'1
... show less
|
Hacking
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:234930) triggered by 185.106.93.87 (debonair-design_n4.aeza.network) ... show more(mod_security) mod_security (id:234930) triggered by 185.106.93.87 (debonair-design_n4.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 10 20:56:08.665833 2024] [security2:error] [pid 29184:tid 29184] [client 185.106.93.87:59412] [client 185.106.93.87] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.losbarbarosdelnorte.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.losbarbarosdelnorte.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZrgMKEPRBJYFECOAB-3Z_QAAAAQ"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
mawan
|
|
Suspected of having performed illicit activity on LAX server.
|
Web App Attack
|
|
Rizzy
|
|
Multiple WAF Violations
|
Brute-Force
Web App Attack
|
|
hermawan
|
|
[Sat Aug 10 17:19:41.306246 2024] [authz_core:error] [pid 9176:tid 138620000273984] [client 185.106. ... show more[Sat Aug 10 17:19:41.306246 2024] [authz_core:error] [pid 9176:tid 138620000273984] [client 185.106.93.87:44552] AH01630: client denied by server configuration: /var/www/administrator/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[9245] [URoGmclY6XI] [Zrc-vfXy2dFbZxqa1ZTyGwAAABs] keep_alive=[0] [2024-08-10 17:19:41.306249] [R:Zrc-vfXy2dFbZxqa1ZTyGwAAABs] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8' Accept-Encoding:'gzip, deflate Accept-Language:'en-US,en;q=0.5 Upgrade-Insecure-Requests:'1
... show less
|
Hacking
Web App Attack
|
|
stinpriza
|
|
Drupal Authentication failure
|
Brute-Force
Web App Attack
|
|
nfsec.pl
|
|
185.106.93.87 - - [09/Aug/2024:16:38:17 +0200] "GET /media/administrator/ HTTP/1.1" 404 30237 "-" "M ... show more185.106.93.87 - - [09/Aug/2024:16:38:17 +0200] "GET /media/administrator/ HTTP/1.1" 404 30237 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
185.106.93.87 - - [09/Aug/2024:16:43:46 +0200] "GET /media/administrator/ HTTP/1.1" 404 30136 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
185.106.93.87 - - [09/Aug/2024:16:46:51 +0200] "GET /media/administrator/ HTTP/1.1" 404 30228 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
185.106.93.87 - - [09/Aug/2024:16:48:11 +0200] "GET /media/administrator/ HTTP/1.1" 404 30282 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
185.106.93.87 - - [09/Aug/2024:16:48:11 +0200] "GET /media/administrator/ HTTP/1.1" 404 24731 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit
... show less
|
Exploited Host
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:234930) triggered by 185.106.93.87 (debonair-design_n4.aeza.network) ... show more(mod_security) mod_security (id:234930) triggered by 185.106.93.87 (debonair-design_n4.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 05:26:35.997984 2024] [security2:error] [pid 10122:tid 10224] [client 185.106.93.87:54196] [client 185.106.93.87] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.duplexgoldmine.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.duplexgoldmine.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZrXgy6bFlShu0JFikINZwAAAAMI"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Rizzy
|
|
Multiple WAF Violations
|
Brute-Force
Web App Attack
|
|
stinpriza
|
|
Drupal Authentication failure
|
Brute-Force
Web App Attack
|
|
hermawan
|
|
[Fri Aug 09 07:38:55.566425 2024] [authz_core:error] [pid 969050:tid 134778053461568] [client 185.10 ... show more[Fri Aug 09 07:38:55.566425 2024] [authz_core:error] [pid 969050:tid 134778053461568] [client 185.106.93.87:51146] AH01630: client denied by server configuration: /var/www/administrator/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[969131] [Ne9BXvU3xC0] [ZrVlH8zkj1x7C7M1NPgROwAAAGc] keep_alive=[0] [2024-08-09 07:38:55.566429] [R:ZrVlH8zkj1x7C7M1NPgROwAAAGc] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8' Accept-Encoding:'gzip, deflate Accept-Language:'en-US,en;q=0.5 Upgrade-Insecure-Requests:'1
... show less
|
Hacking
Web App Attack
|
|
Ba-Yu
|
|
WordPress hacking/exploits/scanning
|
Web Spam
Hacking
Brute-Force
Exploited Host
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:234930) triggered by 185.106.93.87 (debonair-design_n4.aeza.network) ... show more(mod_security) mod_security (id:234930) triggered by 185.106.93.87 (debonair-design_n4.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 17:04:06.186346 2024] [security2:error] [pid 9877:tid 9877] [client 185.106.93.87:35684] [client 185.106.93.87] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.limestoneroof.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.limestoneroof.com"] [uri "/2013/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZrUyxmPUTmJ3BTJLNDKSMAAAAAg"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:234930) triggered by 185.106.93.87 (debonair-design_n4.aeza.network) ... show more(mod_security) mod_security (id:234930) triggered by 185.106.93.87 (debonair-design_n4.aeza.network): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 16:43:16.956467 2024] [security2:error] [pid 13809:tid 13809] [client 185.106.93.87:36222] [client 185.106.93.87] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)||www.arkafeart.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "www.arkafeart.com"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ZrUt5DLs9M5smq_HpPUpiAAAAAo"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|