rtbh.com.tr
|
|
list.rtbh.com.tr report: tcp/0
|
Brute-Force
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent ... show more(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 15:03:18.170360 2024] [security2:error] [pid 4329:tid 4329] [client 78.141.200.197:42654] [client 78.141.200.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||cpanel.blackballedbook.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpanel.blackballedbook.com"] [uri "/_users/org.couchdb.user:poc"] [unique_id "ZzERho_iGTcKg_DmwL02dwAAABY"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent ... show more(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 12:16:15.383881 2024] [security2:error] [pid 13537:tid 13537] [client 78.141.200.197:44018] [client 78.141.200.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||cpanel.jatglobalsolution.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpanel.jatglobalsolution.com"] [uri "/_users/org.couchdb.user:poc"] [unique_id "ZzDqXxXsyxXl81NVCi7ZJAAAAA4"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent ... show more(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 10:26:49.712919 2024] [security2:error] [pid 1249588:tid 1249588] [client 78.141.200.197:59098] [client 78.141.200.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4539"] [id "240950"] [rev "1"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||cpanel.tiffanyshouses.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpanel.tiffanyshouses.com"] [uri "/_users/org.couchdb.user:poc"] [unique_id "ZzDQuQQHmMzxjiViKXqRRQAAAAk"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent ... show more(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 07:46:17.946229 2024] [security2:error] [pid 10636:tid 10636] [client 78.141.200.197:41650] [client 78.141.200.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||cpanel.thecollective.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpanel.thecollective.org"] [uri "/_users/org.couchdb.user:poc"] [unique_id "ZzCrGX7XQRx0Dd9yWMaWBQAAAAM"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
Anonymous
|
|
Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_CPANEL
|
Brute-Force
SSH
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent ... show more(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 06:15:24.334171 2024] [security2:error] [pid 20370:tid 20370] [client 78.141.200.197:47644] [client 78.141.200.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||cpanel.ilovecoffeegroup.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpanel.ilovecoffeegroup.com"] [uri "/_users/org.couchdb.user:poc"] [unique_id "ZzCVzMn3TByLEIXe7OZCDQAAAAg"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent ... show more(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 05:48:54.790867 2024] [security2:error] [pid 1340:tid 1340] [client 78.141.200.197:43588] [client 78.141.200.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||cpanel.teamrealduck.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpanel.teamrealduck.com"] [uri "/_users/org.couchdb.user:poc"] [unique_id "ZzCPlgGDhPize2U6zjPXPAAAAAE"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent ... show more(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 04:59:06.076295 2024] [security2:error] [pid 8055:tid 8055] [client 78.141.200.197:36538] [client 78.141.200.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||cpanel.ianmagarzo.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpanel.ianmagarzo.com"] [uri "/_users/org.couchdb.user:poc"] [unique_id "ZzCD6qeYPVKW8PZbdj8rSwAAAAU"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent ... show more(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 04:01:25.086359 2024] [security2:error] [pid 32199:tid 32199] [client 78.141.200.197:49842] [client 78.141.200.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||cpanel.hsg777.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpanel.hsg777.com"] [uri "/_users/org.couchdb.user:poc"] [unique_id "ZzB2ZbGEQMwAJUEwUUDqKwAAAAE"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent ... show more(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 03:31:27.148336 2024] [security2:error] [pid 17917:tid 17917] [client 78.141.200.197:50412] [client 78.141.200.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||cpanel.supporttrax.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpanel.supporttrax.com"] [uri "/_users/org.couchdb.user:poc"] [unique_id "ZzBvXx8Aws68611uurOd1QAAAAM"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Anonymous
|
|
Ports: *; Direction: 0; Trigger: CT_LIMIT
|
Brute-Force
SSH
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent ... show more(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 10 01:02:06.935392 2024] [security2:error] [pid 9690:tid 9690] [client 78.141.200.197:41868] [client 78.141.200.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||cpanel.hickorygrovecottages.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpanel.hickorygrovecottages.com"] [uri "/_users/org.couchdb.user:poc"] [unique_id "ZzBMXnCWviTWPIcEALQqzwAAAAk"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
TPI-Abuse
|
|
(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent ... show more(mod_security) mod_security (id:240950) triggered by 78.141.200.197 (78.141.200.197.vultrusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 09 23:41:48.600509 2024] [security2:error] [pid 7536:tid 7536] [client 78.141.200.197:56340] [client 78.141.200.197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "\\\\D" at TX:1. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "4530"] [id "240950"] [rev "2"] [msg "COMODO WAF: XSS & SQL injection vulnerability in Pragyan CMS 3.0 (CVE-2015-1471)||cpanel.hazardvillefire.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cpanel.hazardvillefire.org"] [uri "/_users/org.couchdb.user:poc"] [unique_id "ZzA5jKLNBCW5xtezfE9xDAAAAAk"] show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|