Anonymous
2024-08-08 00:35:42
(3 months ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Steve
2024-08-02 03:01:59
(3 months ago)
Excessive crawling - not obeying robots.txt
Bad Web Bot
TPI-Abuse
2024-07-31 09:27:01
(3 months ago)
(mod_security) mod_security (id:210730) triggered by 47.128.39.126 (ec2-47-128-39-126.ap-southeast-1 ... show more (mod_security) mod_security (id:210730) triggered by 47.128.39.126 (ec2-47-128-39-126.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 31 05:26:56.065254 2024] [security2:error] [pid 11031:tid 11031] [client 47.128.39.126:57970] [client 47.128.39.126] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.disabilitiestravel.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.disabilitiestravel.com"] [uri "/amazon/WS_FTP.LOG"] [unique_id "ZqoDYLdp2MNJ93nyZYYE0QAAACg"] show less
Brute-Force
Bad Web Bot
Web App Attack
toolsource.com
2024-07-28 13:29:55
(3 months ago)
47.128.39.126 - - [28/Jul/2024:09:29:55 -0400] "GET /images/prod_images/SCUPSW-7700_1200Wx1200H.jpg ... show more 47.128.39.126 - - [28/Jul/2024:09:29:55 -0400] "GET /images/prod_images/SCUPSW-7700_1200Wx1200H.jpg HTTP/2.0" 200 88491 "https://wardavn.com/ePRO-Battery-Charger-24V-50A-ENERDRIVE-1223652.html" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )"
... show less
Bad Web Bot
bigorre.org
2024-07-27 01:29:46
(3 months ago)
Excessive crawling : exceed crawl-delay defined in robots.txt
Bad Web Bot
hermawan
2024-07-26 19:02:28
(3 months ago)
[Sat Jul 27 02:02:24.896176 2024] [security2:error] [pid 990014:tid 139453385410112] [client 47.128. ... show more [Sat Jul 27 02:02:24.896176 2024] [security2:error] [pid 990014:tid 139453385410112] [client 47.128.39.126:19966] [client 47.128.39.126] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Feed" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "38"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Feed found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] ) request_line = GET /index.php/prakiraan-iklim/prakiraan-dasarian/prakiraan-dasarian-daerah-potensi-banjir/941-prakiraan-dasarian-daerah-potensi-banjir-di-provinsi-jawa-timur-untuk-bulan-agustus-dasarian-iii-tahun-2019-update-20-juli-2019 HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/prakiraan-iklim/prakiraan-dasarian/prakiraan-dasarian-daerah-pote
... show less
Hacking
Web App Attack
MAGIC
2024-07-17 15:08:35
(3 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
MAGIC
2024-07-16 13:00:57
(3 months ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
MAGIC
2024-07-15 00:02:23
(3 months ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
toolsource.com
2024-07-12 03:29:43
(3 months ago)
47.128.39.126 - - [11/Jul/2024:23:29:42 -0400] "GET /fluke-m-23711.html?filter_id=28089&page=7&sort= ... show more 47.128.39.126 - - [11/Jul/2024:23:29:42 -0400] "GET /fluke-m-23711.html?filter_id=28089&page=7&sort=20a HTTP/2.0" 200 73036 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] )"
... show less
Bad Web Bot
TPI-Abuse
2024-07-07 00:09:54
(4 months ago)
(mod_security) mod_security (id:243420) triggered by 47.128.39.126 (ec2-47-128-39-126.ap-southeast-1 ... show more (mod_security) mod_security (id:243420) triggered by 47.128.39.126 (ec2-47-128-39-126.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 06 20:09:49.258460 2024] [security2:error] [pid 29651:tid 47627732256512] [client 47.128.39.126:23324] [client 47.128.39.126] ModSecurity: Access denied with code 403 (phase 3). Match of "validateByteRange 0-31" against "ARGS:/upload/2020/02/11/20200211130754-6935eaeb-xl.png" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "6640"] [id "243420"] [rev "4"] [msg "COMODO WAF: Information disclosure vulnerability in Eclipse Jetty before 9.2.9.v20150224 (CVE-2015-2080)||www.ajbruner.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.ajbruner.com"] [uri "/ct/artlib/i.php"] [unique_id "ZonczN7YNSSHpUCq1EBxlQAAAAU"] show less
Brute-Force
Bad Web Bot
Web App Attack
bigorre.org
2024-07-04 19:17:56
(4 months ago)
Excessive crawling : exceed crawl-delay defined in robots.txt
Bad Web Bot
Anonymous
2024-07-04 06:11:42
(4 months ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
10dencehispahard SL
2024-07-04 02:05:50
(4 months ago)
Unauthorized login attempts [ accesslogs]
Brute-Force
Anonymous
2024-07-02 05:04:30
(4 months ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH