rtbh.com.tr
2024-08-24 00:56:07
(3 weeks ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
TPI-Abuse
2024-08-19 05:02:30
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 5.62.20.38 (r-38-20-62-5.consumer-pool.prcdn.ne ... show more (mod_security) mod_security (id:225170) triggered by 5.62.20.38 (r-38-20-62-5.consumer-pool.prcdn.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 19 01:02:25.198351 2024] [security2:error] [pid 1998986:tid 1998986] [client 5.62.20.38:43913] [client 5.62.20.38] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||portsload.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "portsload.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZsLR4e-YmpHCXrHf7Yql2gAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Savvii
2024-08-19 04:59:58
(3 weeks ago)
10 attempts against mh_ha-misc-ban on storm
Brute-Force
Web App Attack
taivas.nl
2024-08-19 04:32:24
(3 weeks ago)
Many_bad_calls
Web App Attack
taivas.nl
2024-08-19 04:02:13
(3 weeks ago)
Bad_requests
Bad Web Bot
Anonymous
2024-08-19 03:21:39
(3 weeks ago)
Detected abusive req: GET //wp-includes/ID3/license.txt User Agent: Mozilla/5.0 (Windows NT 10.0; Wi ... show more Detected abusive req: GET //wp-includes/ID3/license.txt User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36. Reason: AID hint show less
Hacking
Bad Web Bot
TPI-Abuse
2024-08-19 02:46:19
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 5.62.20.38 (r-38-20-62-5.consumer-pool.prcdn.ne ... show more (mod_security) mod_security (id:225170) triggered by 5.62.20.38 (r-38-20-62-5.consumer-pool.prcdn.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 18 22:46:14.201034 2024] [security2:error] [pid 9464:tid 9464] [client 5.62.20.38:43831] [client 5.62.20.38] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.abundancecompany.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.abundancecompany.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZsKx9lpQBEJvdQfdKqRpTwAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
strefapi_com
2024-08-19 01:26:11
(3 weeks ago)
Brute-force web
...
Hacking
Brute-Force
Web App Attack
TPI-Abuse
2024-08-19 01:05:27
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 5.62.20.38 (r-38-20-62-5.consumer-pool.prcdn.ne ... show more (mod_security) mod_security (id:225170) triggered by 5.62.20.38 (r-38-20-62-5.consumer-pool.prcdn.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 18 21:05:23.650035 2024] [security2:error] [pid 29327:tid 29327] [client 5.62.20.38:43856] [client 5.62.20.38] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||krystalsgiftshopandboutique.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "krystalsgiftshopandboutique.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZsKaUyaM7yTThXiwmw3T1AAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Savvii
2024-08-18 23:49:36
(3 weeks ago)
10 attempts against mh-misc-ban on ether
Web App Attack
0xffffffff
2024-08-18 23:46:11
(3 weeks ago)
[2024-08-19 02:46:09.422265] [authz_core:error] [pid 811205:tid 139721951741504] [client 5.62.20.38: ... show more [2024-08-19 02:46:09.422265] [authz_core:error] [pid 811205:tid 139721951741504] [client 5.62.20.38:0] AH01630: client denied by server configuration: /var/www/*/wp-includes/ID3/license.txt , error_notes:double-slash , URI:'/wp-includes/ID3/license.txt'
[2024-08-19 02:46:09.532545] [authz_core:error] [pid 811205:tid 139721960134208] [client 5.62.20.38:0] AH01630: client denied by server configuration: /var/www/*/feed , error_notes:double-slash , URI:'/feed/'
[2024-08-19 02:46:09.623918] [authz_core:error] [pid 811205:tid 139721968526912] [client 5.62.20.38:0] AH01630: client denied by server configuration: /var/www/*/xmlrpc.php , error_notes:double-slash , URI:'/xmlrpc.php?rsd'
[2024-08-19 02:46:09.713806] [authz_core:error] [pid 811205:tid 139721976919616] [client 5.62.20.38:0] AH01630: client denied by server configuration: /var/www/*/blog , error_notes:double-slash , URI:'/blog/wp-includes/wlwmanifest.xml'
[2024-08-19 02:46:09.826543] [authz_core:error] [pid 811205:tid 139721934956096] [client 5.62.20.38:0 show less
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-18 21:36:13
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 5.62.20.38 (r-38-20-62-5.consumer-pool.prcdn.ne ... show more (mod_security) mod_security (id:225170) triggered by 5.62.20.38 (r-38-20-62-5.consumer-pool.prcdn.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 18 17:36:05.461770 2024] [security2:error] [pid 14070:tid 14070] [client 5.62.20.38:43996] [client 5.62.20.38] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||modestosoftwater.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "modestosoftwater.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZsJpRWbmpnyROs8IVf9g0AAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-18 20:10:13
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 5.62.20.38 (r-38-20-62-5.consumer-pool.prcdn.ne ... show more (mod_security) mod_security (id:225170) triggered by 5.62.20.38 (r-38-20-62-5.consumer-pool.prcdn.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 18 16:10:06.840652 2024] [security2:error] [pid 28471:tid 28471] [client 5.62.20.38:43839] [client 5.62.20.38] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.enduratuff.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.enduratuff.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZsJVHsXYHVQRYPgKMylnzgAAABQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-18 19:38:42
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 5.62.20.38 (r-38-20-62-5.consumer-pool.prcdn.ne ... show more (mod_security) mod_security (id:225170) triggered by 5.62.20.38 (r-38-20-62-5.consumer-pool.prcdn.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 18 15:38:37.346585 2024] [security2:error] [pid 1127:tid 1127] [client 5.62.20.38:43856] [client 5.62.20.38] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.dianamead.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.dianamead.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZsJNvXwn_HuDEq1RE9wXGAAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-18 19:05:27
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 5.62.20.38 (r-38-20-62-5.consumer-pool.prcdn.ne ... show more (mod_security) mod_security (id:225170) triggered by 5.62.20.38 (r-38-20-62-5.consumer-pool.prcdn.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 18 15:05:21.542968 2024] [security2:error] [pid 32499:tid 32499] [client 5.62.20.38:43974] [client 5.62.20.38] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.7bsuperfruit.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.7bsuperfruit.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZsJF8S90U8XrdY7rPAAUOQAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack