rtbh.com.tr
2024-09-02 20:55:02
(6 days ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
rtbh.com.tr
2024-09-01 20:55:03
(1 week ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
rtbh.com.tr
2024-08-29 20:55:09
(1 week ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
Savvii
2024-08-27 11:45:19
(1 week ago)
10 attempts against mh-pma-try-ban on wheat
Web App Attack
TPI-Abuse
2024-08-24 08:43:08
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 81.25.112.49 (cl2023030814002.dnssw.net): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 81.25.112.49 (cl2023030814002.dnssw.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Aug 24 04:43:01.680088 2024] [security2:error] [pid 3411:tid 3411] [client 81.25.112.49:39098] [client 81.25.112.49] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||masterpiecemorgans.com|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "masterpiecemorgans.com"] [uri "/masterpiecemorgans_com.bak"] [unique_id "ZsmdFUew86wDyTuFcDfv6gAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-23 19:10:01
(2 weeks ago)
(mod_security) mod_security (id:210730) triggered by 81.25.112.49 (cl2023030814002.dnssw.net): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 81.25.112.49 (cl2023030814002.dnssw.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 23 15:09:53.035552 2024] [security2:error] [pid 8497:tid 8550] [client 81.25.112.49:49518] [client 81.25.112.49] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||trejbal.com|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "trejbal.com"] [uri "/test.bak"] [unique_id "ZsjegQ4YtCeGeKCHqpq1YgAAAIg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-20 05:05:21
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 81.25.112.49 (cl2023030814002.dnssw.net): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 81.25.112.49 (cl2023030814002.dnssw.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 20 01:05:14.382191 2024] [security2:error] [pid 22331:tid 22331] [client 81.25.112.49:52518] [client 81.25.112.49] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "copanmaya.org"] [uri "/.env.bak"] [unique_id "ZsQkCvzM7dR0u2sQxQ3JGwAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Christopher Hughes
2024-08-14 17:57:25
(3 weeks ago)
81.25.112.49 - - [14/Aug/2024:18:57:24 +0100] "GET /narrowboatmagazine.combackup.zip HTTP/1.1" 302 5 ... show more 81.25.112.49 - - [14/Aug/2024:18:57:24 +0100] "GET /narrowboatmagazine.combackup.zip HTTP/1.1" 302 5386 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.201 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
... show less
Web App Attack
Christopher Hughes
2024-08-14 15:57:48
(3 weeks ago)
81.25.112.49 - - [14/Aug/2024:16:57:47 +0100] "GET /2.tar.gz HTTP/1.1" 302 5386 "-" "Mozilla/5.0 (Li ... show more 81.25.112.49 - - [14/Aug/2024:16:57:47 +0100] "GET /2.tar.gz HTTP/1.1" 302 5386 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.201 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
... show less
Web App Attack
bigorre.org
2024-08-10 19:36:06
(4 weeks ago)
suspicious query, Sniffing for wordpress log:/wp-includes.rar
Web App Attack
bigorre.org
2024-08-10 18:28:21
(4 weeks ago)
suspicious query, try to find admin area log:/adminer-4.4.0.php
Web App Attack
avaio-media
2024-08-09 14:35:19
(4 weeks ago)
Web App Attack
Anonymous
2024-08-05 21:22:00
(1 month ago)
Attack on wp-login.php.
Hacking
Brute-Force
Web App Attack
Anonymous
2024-08-05 13:02:56
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-08-04 11:46:36
(1 month ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH