fortypoundhead
2025-02-16 13:15:52
(2 hours ago)
PHP vulnerability scan
Web App Attack
Séfora Srl
2025-02-11 10:30:27
(5 days ago)
Bad user agents ignoring web crawling rules. Draing bandwidth - detected by Fail2Ban in plesk-apache ... show more Bad user agents ignoring web crawling rules. Draing bandwidth - detected by Fail2Ban in plesk-apache-badbot jail show less
Bad Web Bot
librebit
2025-02-06 22:20:42
(1 week ago)
Brute force
Brute-Force
Steve
2025-02-05 21:03:14
(1 week ago)
Excessive crawling - not obeying robots.txt
Bad Web Bot
ThreatBook.io
2025-02-05 01:16:03
(1 week ago)
2025-02-04 15:06:28 /cc.gif
Web App Attack
TPI-Abuse
2025-02-02 15:43:46
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 47.128.121.172 (ec2-47-128-121-172.ap-southeast ... show more (mod_security) mod_security (id:210730) triggered by 47.128.121.172 (ec2-47-128-121-172.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 02 10:43:40.447375 2025] [security2:error] [pid 521:tid 521] [client 47.128.121.172:32668] [client 47.128.121.172] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.disabilitiestravel.com|F|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.disabilitiestravel.com"] [uri "/INDEX~1.BAK"] [unique_id "Z5-SrOIlicA01u3cP-wtOQAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
Progetto1
2025-01-27 23:15:01
(2 weeks ago)
Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
backslash
2025-01-24 01:10:22
(3 weeks ago)
block ruleset 3D3AFA921A373ECE19B6BA285C2D722163304638
Bad Web Bot
Anonymous
2025-01-23 01:37:12
(3 weeks ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2025-01-21 15:48:48
(3 weeks ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
hermawan
2025-01-18 02:43:13
(4 weeks ago)
[Sat Jan 18 06:29:29.531897 2025] [security2:error] [pid 127931:tid 133938545080000] [client 47.128. ... show more [Sat Jan 18 06:29:29.531897 2025] [security2:error] [pid 127931:tid 133938545080000] [client 47.128.121.172:52938] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Feed" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.10.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "59"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Feed found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] ) request_line = GET /index.php/profil/arsip-artikel?catid=478&id=1030%3Aprakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-berlaku-tanggal-14-20-juni-2016&start=140 HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-malang.info"] [uri "/index.php/profil/arsip-artikel"] [unique_id "Z4rn2QQLRyci5u6J8k3LTgACBUk"] [staklim-malang.info] [staklim-malang.info] top=[128005] [3Po7SOcMlac] [Z4rn2QQLRyci5u6J8k3LTg
... show less
Hacking
Web App Attack
TPI-Abuse
2025-01-17 00:10:54
(4 weeks ago)
(mod_security) mod_security (id:210730) triggered by 47.128.121.172 (ec2-47-128-121-172.ap-southeast ... show more (mod_security) mod_security (id:210730) triggered by 47.128.121.172 (ec2-47-128-121-172.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 16 19:10:46.508165 2025] [security2:error] [pid 29776:tid 29779] [client 47.128.121.172:48420] [client 47.128.121.172] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.digital4z.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.digital4z.com"] [uri "/wp-content/plugins/jetpack/modules/custom-post-types/comics/rtl/WS_FTP.LOG"] [unique_id "Z4mgBlb9WCUpFpO5D9r51wAAAUE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2025-01-14 06:50:41
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 47.128.121.172 (ec2-47-128-121-172.ap-southeast ... show more (mod_security) mod_security (id:210730) triggered by 47.128.121.172 (ec2-47-128-121-172.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 14 01:50:35.085515 2025] [security2:error] [pid 1969664:tid 1969664] [client 47.128.121.172:15418] [client 47.128.121.172] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||civilwarzone.com|F|2"] [data ".dll"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "civilwarzone.com"] [uri "/~site/Scripts_ExternalRedirect/ExternalRedirect.dll"] [unique_id "Z4YJOy2B0twgsgPlBPCW6QAAAAo"], referer: https://civilwarzone.com/StonewallsRequiem.html show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2025-01-13 08:48:16
(1 month ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Charles
2025-01-13 07:34:16
(1 month ago)
47.128.121.172 - - [13/Jan/2025:15:34:13 +0800] "GET / HTTP/2.0" 301 334 "-" "Mozilla/5.0 (Linux; An ... show more 47.128.121.172 - - [13/Jan/2025:15:34:13 +0800] "GET / HTTP/2.0" 301 334 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )"
... show less
Web Spam
Email Spam
Brute-Force
Bad Web Bot
Web App Attack
SSH