Steve
2025-02-08 00:27:28
(2 days ago)
Excessive crawling - not obeying robots.txt
Bad Web Bot
Mendip_Defender
2025-02-04 23:03:02
(5 days ago)
47.128.17.21 - - [04/Feb/2025:23:03:01 +0000] "GET /?page=2&pp=25&searchid=1576758 HTTP/1.0" 301 902 ... show more 47.128.17.21 - - [04/Feb/2025:23:03:01 +0000] "GET /?page=2&pp=25&searchid=1576758 HTTP/1.0" 301 902 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )"
... show less
Bad Web Bot
Mendip_Defender
2025-02-01 16:35:25
(1 week ago)
47.128.17.21 - - [01/Feb/2025:16:35:27 +0000] "GET /?page=2&pp=25&searchid=1585924 HTTP/1.0" 301 902 ... show more 47.128.17.21 - - [01/Feb/2025:16:35:27 +0000] "GET /?page=2&pp=25&searchid=1585924 HTTP/1.0" 301 902 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )"
... show less
Bad Web Bot
Anonymous
2025-02-01 05:30:00
(1 week ago)
Excessive crawling/scraping
Hacking
Brute-Force
hermawan
2025-01-26 11:25:20
(2 weeks ago)
[Sun Jan 26 14:44:12.439445 2025] [security2:error] [pid 81706:tid 139759793972928] [client 47.128.1 ... show more [Sun Jan 26 14:44:12.439445 2025] [security2:error] [pid 81706:tid 139759793972928] [client 47.128.17.21:34070] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Feed" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.10.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "59"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Feed found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] ) request_line = GET /index.php/profil/arsip-artikel?catid=474&id=882%3Aprakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-berlaku-tanggal-2-8-pebruari-2016&start=10 HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/profil/arsip-artikel"] [unique_id "Z5XnzDJrWo_WC7iOH7I_7wABNwU"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[81712] [XmM0IP9NdIs] [Z5XnzDJrWo_
... show less
Hacking
Web App Attack
backslash
2025-01-24 01:25:20
(2 weeks ago)
block ruleset 3D3AFA921A373ECE19B6BA285C2D722163304638
Bad Web Bot
Anonymous
2025-01-23 11:29:39
(2 weeks ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2025-01-22 06:14:13
(2 weeks ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Mangelot Hosting
2025-01-11 19:35:43
(4 weeks ago)
(BADBOT) ModSecurity BAD BOT Detected 47.128.17.21 (SG/Singapore/ec2-47-128-17-21.ap-southeast-1.com ... show more (BADBOT) ModSecurity BAD BOT Detected 47.128.17.21 (SG/Singapore/ec2-47-128-17-21.ap-southeast-1.compute.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less
Web App Attack
MAGIC
2025-01-06 19:06:56
(1 month ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
JJR
2025-01-06 18:49:53
(1 month ago)
Automated report (2025-01-06T10:49:53-08:00). Misbehaving bot detected.
Bad Web Bot
Anonymous
2025-01-05 05:57:37
(1 month ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2025-01-04 13:08:51
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 47.128.17.21 (ec2-47-128-17-21.ap-southeast-1.c ... show more (mod_security) mod_security (id:210730) triggered by 47.128.17.21 (ec2-47-128-17-21.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 04 08:08:43.441159 2025] [security2:error] [pid 2793145:tid 2793145] [client 47.128.17.21:13166] [client 47.128.17.21] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.med-engineering.com|F|2"] [data ".snzr.med-engineering.com.xoa.vb"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.med-engineering.com"] [uri "/ugn.snzr.med-engineering.com.xoa.vb"] [unique_id "Z3ky27mLNBNqrv4YAhLSzAAAABA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-12-23 23:01:22
(1 month ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
MAGIC
2024-12-22 17:07:15
(1 month ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot