TPI-Abuse
2024-06-02 15:33:00
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 47.128.122.235 (ec2-47-128-122-235.ap-southeast ... show more (mod_security) mod_security (id:210730) triggered by 47.128.122.235 (ec2-47-128-122-235.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 02 11:32:54.079194 2024] [security2:error] [pid 13807] [client 47.128.122.235:13666] [client 47.128.122.235] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.thegitsmovie.com|F|2"] [data ".lastcallmovies.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.thegitsmovie.com"] [uri "/fincludes/www.lastcallmovies.com"] [unique_id "ZlyQphffF0Cgunmt4RRPPwAAAAk"] show less
Brute-Force
Bad Web Bot
Web App Attack
futuremakers.gr
2024-06-02 02:08:47
(3 months ago)
(apache-useragents) Failed apache-useragents trigger with match [redacted] from 47.128.122.235 (SG/S ... show more (apache-useragents) Failed apache-useragents trigger with match [redacted] from 47.128.122.235 (SG/Singapore/ec2-47-128-122-235.ap-southeast-1.compute.amazonaws.com) show less
Bad Web Bot
TheMadBeaker
2024-05-31 20:44:52
(3 months ago)
Fail2Ban Ban Triggered
HTTP Exploit Attempt
Brute-Force
Web App Attack
hermawan
2024-05-31 09:15:02
(3 months ago)
[Fri May 31 16:15:00.827846 2024] [security2:error] [pid 149941:tid 124003932964416] [client 47.128. ... show more [Fri May 31 16:15:00.827846 2024] [security2:error] [pid 149941:tid 124003932964416] [client 47.128.122.235:18376] [client 47.128.122.235] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Feed" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.0.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "37"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Feed found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] ) request_line = GET /index.php/profil/meteorologi/list-of-all-tags/Prakiraan%20Dasarian%20Daerah%20Potensi%20Banjir%20Dasarian%20III%20Bulan%20APRIL%20Tahun%202019%20di%20Provinsi%20Jawa%20Timur%20Update%2020%20April%202019 HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/profil/meteorologi/list-of-all-tags/Prakiraan%20Dasarian%20Daerah%20Potensi%20
... show less
Hacking
Web App Attack
toolsource.com
2024-05-30 20:37:35
(3 months ago)
47.128.122.235 - - [30/May/2024:16:36:24 -0400] "GET /images/prod_images/LEGL8550_1200Wx1200H.png HT ... show more 47.128.122.235 - - [30/May/2024:16:36:24 -0400] "GET /images/prod_images/LEGL8550_1200Wx1200H.png HTTP/2.0" 200 1527102 "https://yourchoicerealtors.com/Hero-6-PROJECTION-BAYMAX-Vinyl-Action-Figure-with-Sound-2812346.html" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )"
... show less
Bad Web Bot
Anonymous
2024-05-30 02:06:45
(3 months ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-05-29 15:12:03
(3 months ago)
Malicious activity detected
Hacking
Web App Attack
Anonymous
2024-05-28 02:28:53
(3 months ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
toolsource.com
2024-05-21 18:42:40
(3 months ago)
47.128.122.235 - - [21/May/2024:14:42:40 -0400] "GET /images/prod_medium/117324.JPG HTTP/2.0" 200 17 ... show more 47.128.122.235 - - [21/May/2024:14:42:40 -0400] "GET /images/prod_medium/117324.JPG HTTP/2.0" 200 17135 "https://www.bolejardinimaginaire.fr/personalizados-para-mujeres-mejor-amiga-o-10629120.html" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )"
... show less
Bad Web Bot
MAGIC
2024-05-21 02:16:13
(3 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
MAGIC
2024-05-17 01:10:15
(3 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
bigorre.org
2024-05-12 21:04:18
(4 months ago)
Excessive crawling : exceed crawl-delay defined in robots.txt
Bad Web Bot
Anonymous
2024-05-12 07:13:48
(4 months ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
hermawan
2024-05-10 03:06:27
(4 months ago)
[Fri May 10 10:06:25.251451 2024] [security2:error] [pid 72696:tid 132371108070976] [client 47.128.1 ... show more [Fri May 10 10:06:25.251451 2024] [security2:error] [pid 72696:tid 132371108070976] [client 47.128.122.235:43160] [client 47.128.122.235] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Feed" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.0.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "37"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Feed found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] ) request_line = GET /index.php/profil/meteorologi/list-all-categories/3961-klimatologi/prakiraan-klimatologi/prakiraan-dasarian/prakiraan-dasarian-daerah-potensi-banjir/prakiraan-dasarian-daerah-potensi-banjir-di-provinsi-jawa-timur/prakiraan-dasarian-daerah-potensi-banjir-di-provinsi-jawa-timur-tahu..."] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/profil/
... show less
Hacking
Web App Attack
MAGIC
2024-05-07 14:01:14
(4 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot