rtbh.com.tr
2024-10-08 20:53:54
(1 month ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
nyuuzyou
2024-10-08 06:00:41
(1 month ago)
Intensive scraping: /web?s=%E2%80%9Clocal%20sports%20equipment%20repair%E2%80%9D%20Bridgewater&count ... show more Intensive scraping: /web?s=%E2%80%9Clocal%20sports%20equipment%20repair%E2%80%9D%20Bridgewater&country=ss-ss&scraper=yandex. User-Agent: Mozilla/5.0 (Linux x86_64; rv:114.0) Gecko/20100101 Firefox/114.0. show less
Bad Web Bot
MSZ
2024-10-06 00:16:35
(1 month ago)
Blocked by Fail2Ban (plesk-modsecurity)
Hacking
Brute-Force
Web App Attack
CryptoYakari
2024-10-05 06:23:36
(1 month ago)
217.138.202.61 - - [05/Oct/2024:09:23:30 +0300] "GET /public_html.tar.gz HTTP/1.0" 404 28908 "-" "-" ... show more 217.138.202.61 - - [05/Oct/2024:09:23:30 +0300] "GET /public_html.tar.gz HTTP/1.0" 404 28908 "-" "-"
217.138.202.61 - - [05/Oct/2024:09:23:31 +0300] "GET /backups/bak.rar HTTP/1.0" 404 28872 "-" "-"
217.138.202.61 - - [05/Oct/2024:09:23:32 +0300] "GET /backups/backup.gz HTTP/1.0" 404 28890 "-" "-"
217.138.202.61 - - [05/Oct/2024:09:23:33 +0300] "GET /backups/backup.sql.gz HTTP/1.0" 404 28926 "-" "-"
217.138.202.61 - - [05/Oct/2024:09:23:33 +0300] "HEAD /restore/sftp-config.json HTTP/1.0" 404 436 "-" "-"
... show less
Web Spam
Blog Spam
Bad Web Bot
Web App Attack
oonux.net
2024-10-03 16:33:46
(1 month ago)
RouterOS: Scanning detected TCP 217.138.202.61:41468 > x.x.x.x:5038
Port Scan
iNetWorker
2024-10-03 15:40:33
(1 month ago)
trying to access non-authorized port
Port Scan
Swiptly
2024-10-02 01:43:15
(1 month ago)
WordPress xmlrpc spam or enumeration
...
Web Spam
Bad Web Bot
Web App Attack
MSZ
2024-09-29 09:16:46
(2 months ago)
Blocked by Fail2Ban (plesk-modsecurity)
Hacking
Brute-Force
Web App Attack
Anonymous
2024-09-29 05:59:02
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-09-28 05:08:20
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 28 01:08:13.311741 2024] [security2:error] [pid 180416:tid 180416] [client 217.138.202.61:2847] [client 217.138.202.61] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||powderriverinc.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "powderriverinc.com"] [uri "/sql.sql"] [unique_id "ZvePPReIFO2Z-DaLsjX_zQAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-28 03:23:27
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 27 23:23:20.796213 2024] [security2:error] [pid 20505:tid 20505] [client 217.138.202.61:63125] [client 217.138.202.61] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.domainexecs.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.domainexecs.com"] [uri "/backup/sql.sql"] [unique_id "Zvd2qCAvAqOoRTMa_lWdkAAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-26 22:18:04
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 26 18:17:58.209226 2024] [security2:error] [pid 26185:tid 26185] [client 217.138.202.61:19969] [client 217.138.202.61] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||oliverhardy.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "oliverhardy.com"] [uri "/site_name_com.sql"] [unique_id "ZvXdljvZABG7VWm7slhr9wAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-25 11:44:34
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 25 07:44:29.803933 2024] [security2:error] [pid 19266:tid 19266] [client 217.138.202.61:35185] [client 217.138.202.61] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bitcointoolfair.com"] [uri "/restore/sftp-config.json"] [unique_id "ZvP3nffEdvezk8lGoWf_nAAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-25 02:12:19
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 217.138.202.61 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 24 22:12:15.088430 2024] [security2:error] [pid 2666936:tid 2666936] [client 217.138.202.61:33643] [client 217.138.202.61] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.ixd.net|F|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.ixd.net"] [uri "/wallet.dat"] [unique_id "ZvNxf5-jN3Ck0-lHzCHsEAAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-09-22 18:23:35
(2 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH