TPI-Abuse
2024-04-26 14:00:53
(4 months ago)
(mod_security) mod_security (id:243420) triggered by 47.128.28.90 (ec2-47-128-28-90.ap-southeast-1.c ... show more (mod_security) mod_security (id:243420) triggered by 47.128.28.90 (ec2-47-128-28-90.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 26 10:00:45.959983 2024] [security2:error] [pid 16421:tid 46967261042432] [client 47.128.28.90:54432] [client 47.128.28.90] ModSecurity: Access denied with code 403 (phase 3). Match of "validateByteRange 0-31" against "ARGS:/upload/2020/02/13/20200213073228-c62bdd9f-xl.png" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "6640"] [id "243420"] [rev "4"] [msg "COMODO WAF: Information disclosure vulnerability in Eclipse Jetty before 9.2.9.v20150224 (CVE-2015-2080)||www.ajbruner.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.ajbruner.com"] [uri "/ct/artlib/i.php"] [unique_id "ZiuzjVPSrWXS6wHT6dCW_QAAAlU"] show less
Brute-Force
Bad Web Bot
Web App Attack
toolsource.com
2024-04-25 22:31:42
(4 months ago)
47.128.28.90 - - [25/Apr/2024:18:31:41 -0400] "GET /gaither-m-28451.html?filter_id=33033&page=5&sort ... show more 47.128.28.90 - - [25/Apr/2024:18:31:41 -0400] "GET /gaither-m-28451.html?filter_id=33033&page=5&sort=20a HTTP/2.0" 200 72660 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )"
... show less
Bad Web Bot
Anonymous
2024-04-25 19:17:00
(4 months ago)
Malicious activity detected
Hacking
Web App Attack
Steve
2024-04-25 04:50:56
(4 months ago)
Excessive crawling - not obeying robots.txt
Bad Web Bot
MAGIC
2024-04-21 04:09:15
(4 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TheMadBeaker
2024-04-19 19:02:15
(4 months ago)
Fail2Ban Ban Triggered
HTTP Exploit Attempt
Brute-Force
Web App Attack
toolsource.com
2024-04-11 04:53:34
(4 months ago)
47.128.28.90 - - [11/Apr/2024:00:53:33 -0400] "GET /iwata-m-28461.html?filter_id=27758&page=2&sort=2 ... show more 47.128.28.90 - - [11/Apr/2024:00:53:33 -0400] "GET /iwata-m-28461.html?filter_id=27758&page=2&sort=20a HTTP/2.0" 200 68847 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )"
... show less
Bad Web Bot
toolsource.com
2024-04-08 22:49:20
(5 months ago)
47.128.28.90 - - [08/Apr/2024:18:49:19 -0400] "GET /accutec-m-30771.html?filter_id=28131&page=2&sort ... show more 47.128.28.90 - - [08/Apr/2024:18:49:19 -0400] "GET /accutec-m-30771.html?filter_id=28131&page=2&sort=20a HTTP/2.0" 200 68928 "-" "Mozilla/5.0 (compatible; Bytespider; [email protected] ) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.0.0 Safari/537.36"
... show less
Bad Web Bot
TPI-Abuse
2024-04-05 17:39:37
(5 months ago)
(mod_security) mod_security (id:210730) triggered by 47.128.28.90 (ec2-47-128-28-90.ap-southeast-1.c ... show more (mod_security) mod_security (id:210730) triggered by 47.128.28.90 (ec2-47-128-28-90.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 05 13:39:29.886439 2024] [security2:error] [pid 105511:tid 47376791623424] [client 47.128.28.90:21842] [client 47.128.28.90] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||digital4z.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "digital4z.com"] [uri "/wp-content/plugins/jetpack/modules/markdown/WS_FTP.LOG"] [unique_id "ZhA3UURLOSEXwNSCNf2CrgAAAIM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Sklurk
2024-04-05 04:20:00
(5 months ago)
Web App Attack
Web App Attack
MAGIC
2024-04-02 05:21:13
(5 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
MAGIC
2024-04-01 14:00:25
(5 months ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
toolsource.com
2024-03-31 15:59:39
(5 months ago)
47.128.28.90 - - [31/Mar/2024:11:59:38 -0400] "GET /armstrong-m-27803.html?display=9&filter_id=28077 ... show more 47.128.28.90 - - [31/Mar/2024:11:59:38 -0400] "GET /armstrong-m-27803.html?display=9&filter_id=28077&page=3&sort=20a HTTP/2.0" 200 63461 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )"
... show less
Bad Web Bot
Anonymous
2024-03-31 07:52:31
(5 months ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
toolsource.com
2024-03-22 15:21:31
(5 months ago)
47.128.28.90 - - [22/Mar/2024:11:21:28 -0400] "GET /images/prod_images/MTT500-6050_1200Wx1200H.jpg H ... show more 47.128.28.90 - - [22/Mar/2024:11:21:28 -0400] "GET /images/prod_images/MTT500-6050_1200Wx1200H.jpg HTTP/2.0" 200 89672 "https://karginovasoprano.com/Johnsens-Engine-Flush-6690121.html" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )"
... show less
Bad Web Bot