Anonymous
2025-01-10 13:15:30
(1 week ago)
Excessive crawling/scraping
Hacking
Brute-Force
Anonymous
2025-01-08 12:47:50
(1 week ago)
Malicious activity detected
Hacking
Web App Attack
Mangelot Hosting
2025-01-06 14:48:24
(1 week ago)
(BADBOT) ModSecurity BAD BOT Detected 47.128.31.196 (SG/Singapore/ec2-47-128-31-196.ap-southeast-1.c ... show more (BADBOT) ModSecurity BAD BOT Detected 47.128.31.196 (SG/Singapore/ec2-47-128-31-196.ap-southeast-1.compute.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less
Web App Attack
MAGIC
2025-01-03 01:08:52
(2 weeks ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Anonymous
2024-12-31 08:55:52
(2 weeks ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
MAGIC
2024-12-22 18:02:55
(3 weeks ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
SkyDancer
2024-12-19 00:31:26
(4 weeks ago)
Multiple login attempts via RDP and/or SSH using wrong credentials. Attack automatically blocked by ... show more Multiple login attempts via RDP and/or SSH using wrong credentials. Attack automatically blocked by SkyDancer Ai. EXT-SYS-A-X show less
Hacking
Brute-Force
SSH
MAGIC
2024-12-11 20:01:54
(1 month ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-12-08 15:43:44
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 47.128.31.196 (ec2-47-128-31-196.ap-southeast-1 ... show more (mod_security) mod_security (id:210730) triggered by 47.128.31.196 (ec2-47-128-31-196.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 08 10:43:39.244565 2024] [security2:error] [pid 2793183:tid 2793183] [client 47.128.31.196:19926] [client 47.128.31.196] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.vitalitywebb.com|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.vitalitywebb.com"] [uri "/backstore/Steelcase/pics/LEAP/Thumbs.db"] [unique_id "Z1W-qyeZYm2AiUvzFsmqPgAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
selahattinalan
2024-12-05 06:33:48
(1 month ago)
47.128.31.196 - - [05/Dec/2024:09:33:47 +0300] "GET /index.php?limit=50&order=DESC&product_id=1081&r ... show more 47.128.31.196 - - [05/Dec/2024:09:33:47 +0300] "GET /index.php?limit=50&order=DESC&product_id=1081&route=product%2Fproduct&sort=p.model&tag=KRM+No.+268+E01+3375 HTTP/2.0" 200 5326 "-" "Mozilla/5.0 (compatible; Bytespider; [email protected] ) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.0.0 Safari/537.36" show less
Brute-Force
MAGIC
2024-11-26 21:07:52
(1 month ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
selahattinalan
2024-11-26 13:51:44
(1 month ago)
47.128.31.196 - - [26/Nov/2024:16:51:43 +0300] "GET /index.php?limit=25&order=DESC&product_id=1112&r ... show more 47.128.31.196 - - [26/Nov/2024:16:51:43 +0300] "GET /index.php?limit=25&order=DESC&product_id=1112&route=product%2Fproduct&sort=pd.name&tag=97.9850.100.00+++-++Trailer HTTP/2.0" 200 5289 "-" "Mozilla/5.0 (compatible; Bytespider; [email protected] ) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.0.0 Safari/537.36" show less
Brute-Force
MAGIC
2024-11-26 04:13:30
(1 month ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
TPI-Abuse
2024-11-24 02:57:04
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 47.128.31.196 (ec2-47-128-31-196.ap-southeast-1 ... show more (mod_security) mod_security (id:210730) triggered by 47.128.31.196 (ec2-47-128-31-196.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 23 21:56:59.365027 2024] [security2:error] [pid 14735:tid 14735] [client 47.128.31.196:41722] [client 47.128.31.196] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||med-engineering.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "med-engineering.com"] [uri "/valtrex.com"] [unique_id "Z0KV-xFaKSVSMwGCAFvG-gAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
hermawan
2024-11-23 02:09:41
(1 month ago)
[Sat Nov 23 00:20:51.563328 2024] [security2:error] [pid 984848:tid 140027245840064] [client 47.128. ... show more [Sat Nov 23 00:20:51.563328 2024] [security2:error] [pid 984848:tid 140027245840064] [client 47.128.31.196:14808] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Feed" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.8.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "61"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Feed found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] ) request_line = GET /index.php/profil/meteorologi/list-all-categories/526-klimatologi/analisis-klimatologi/anomali/anomali-curah-hujan/anomali-curah-hujan-dasarian/anomali-curah-hujan-dasarian-propinsi-jawa-timur/anomali-curah-hujan-dasarian-propinsi-jawa-timur-tahun-2016/1125-anomali-curah-hujan-das..."] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/profil/meteorologi/list-all-cat
... show less
Hacking
Web App Attack