Anonymous
2024-11-17 22:15:52
(2 weeks ago)
Failed cPanel login from 78.141.200.197 (GB/United Kingdom/78.141.200.197.vultrusercontent.com): 5 i ... show more Failed cPanel login from 78.141.200.197 (GB/United Kingdom/78.141.200.197.vultrusercontent.com): 5 in the last 3600 secs show less
Hacking
Brute-Force
SSH
rtbh.com.tr
2024-11-13 20:53:19
(3 weeks ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
rtbh.com.tr
2024-11-12 20:53:21
(3 weeks ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
Anonymous
2024-11-12 12:17:19
(3 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-11-12 09:34:23
(3 weeks ago)
(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent ... show more (mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 04:34:17.507580 2024] [security2:error] [pid 3516780:tid 3516780] [client 78.141.200.197:56690] [client 78.141.200.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||cpanel.petraesthetics.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpanel.petraesthetics.com"] [uri "/_users/org.couchdb.user:poc"] [unique_id "ZzMhGXth62BnhtMJDcx-VgAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
Rizzy
2024-11-12 05:29:45
(3 weeks ago)
Multiple WAF Violations
Brute-Force
Web App Attack
TPI-Abuse
2024-11-12 01:37:31
(3 weeks ago)
(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent ... show more (mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 20:37:24.481802 2024] [security2:error] [pid 27395:tid 27395] [client 78.141.200.197:47558] [client 78.141.200.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||cpanel.dogdimension.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpanel.dogdimension.com"] [uri "/_users/org.couchdb.user:poc"] [unique_id "ZzKxVAZJZaeYAx-gn-fYNgAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
rtbh.com.tr
2024-11-11 20:53:22
(3 weeks ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
Anonymous
2024-11-11 15:00:48
(3 weeks ago)
Ports: *; Direction: 0; Trigger: CT_LIMIT
Brute-Force
SSH
TPI-Abuse
2024-11-11 13:20:12
(3 weeks ago)
(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent ... show more (mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 08:20:04.326173 2024] [security2:error] [pid 13378:tid 13378] [client 78.141.200.197:58598] [client 78.141.200.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||cpanel.councilof7elders.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpanel.councilof7elders.com"] [uri "/_users/org.couchdb.user:poc"] [unique_id "ZzIEhMfcqKsKPP48-MjeuwAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-11 12:17:24
(3 weeks ago)
(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent ... show more (mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 07:17:16.270357 2024] [security2:error] [pid 31740:tid 31740] [client 78.141.200.197:57414] [client 78.141.200.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||cpanel.convtek.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpanel.convtek.com"] [uri "/_users/org.couchdb.user:poc"] [unique_id "ZzH1zLQOPJL3H9tsCeww-gAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-11-11 12:05:30
(3 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-11-11 05:54:46
(3 weeks ago)
(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent ... show more (mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 11 00:54:39.321579 2024] [security2:error] [pid 9758:tid 9758] [client 78.141.200.197:48278] [client 78.141.200.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||cpanel.lognlumber.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpanel.lognlumber.com"] [uri "/_users/org.couchdb.user:poc"] [unique_id "ZzGcH_Ol-onUmElHwOXcqgAAAAc"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-11 02:39:42
(3 weeks ago)
(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent ... show more (mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 21:39:37.332663 2024] [security2:error] [pid 27187:tid 27187] [client 78.141.200.197:54610] [client 78.141.200.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||cpanel.willowgrovemusic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpanel.willowgrovemusic.com"] [uri "/_users/org.couchdb.user:poc"] [unique_id "ZzFuaaxqQl5WX54dKVSWCAAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-10 23:51:56
(3 weeks ago)
(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent ... show more (mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 18:51:48.776596 2024] [security2:error] [pid 31885:tid 31885] [client 78.141.200.197:48976] [client 78.141.200.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4539"] [id "240950"] [rev "1"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||cpanel.brushmileage.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpanel.brushmileage.org"] [uri "/_users/org.couchdb.user:poc"] [unique_id "ZzFHFLqo0MgJpEjqM0b8HQAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack