Anonymous
2024-10-14 06:31:25
(7 hours ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Jim Keir
2024-10-13 13:55:38
(1 day ago)
2024-10-13 13:55:37 47.128.60.196 Bad bot, blocking Mozilla/5.0
Bad Web Bot
Anonymous
2024-10-10 15:44:06
(3 days ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-09-25 00:17:00
(2 weeks ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-09-22 07:14:26
(3 weeks ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-09-21 15:20:22
(3 weeks ago)
(mod_security) mod_security (id:210730) triggered by 47.128.60.196 (ec2-47-128-60-196.ap-southeast-1 ... show more (mod_security) mod_security (id:210730) triggered by 47.128.60.196 (ec2-47-128-60-196.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 21 11:20:19.348283 2024] [security2:error] [pid 1991:tid 1991] [client 47.128.60.196:13142] [client 47.128.60.196] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||www.coolwebsites.org|F|2"] [data ".lawgirl.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.coolwebsites.org"] [uri "/www.lawgirl.com"] [unique_id "Zu7kMyEYM-Ivti1IkpwxtgAAABU"] show less
Brute-Force
Bad Web Bot
Web App Attack
rtbh.com.tr
2024-09-20 20:54:28
(3 weeks ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
rtbh.com.tr
2024-09-19 20:54:29
(3 weeks ago)
list.rtbh.com.tr report: tcp/0
Brute-Force
bigorre.org
2024-09-19 11:51:31
(3 weeks ago)
Excessive crawling : exceed crawl-delay defined in robots.txt
Bad Web Bot
ghostwarriors
2024-09-19 07:50:04
(3 weeks ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
ksol-hostmaster
2024-09-19 07:21:23
(3 weeks ago)
2024/09/19 09:21:23 [error] 14712#100685: *5273448 limiting requests, excess: 0.123 by zone "crawler ... show more 2024/09/19 09:21:23 [error] 14712#100685: *5273448 limiting requests, excess: 0.123 by zone "crawler", client: 47.128.60.196, server: crxforum.ksol.io, request: "GET /showTopic.php?first=3800&offset=50&seed=66e9c982b7f9c&topicId=12 HTTP/2.0", host: "crxforum.ksol.io"
... show less
Bad Web Bot
TPI-Abuse
2024-09-15 02:37:34
(4 weeks ago)
(mod_security) mod_security (id:210730) triggered by 47.128.60.196 (ec2-47-128-60-196.ap-southeast-1 ... show more (mod_security) mod_security (id:210730) triggered by 47.128.60.196 (ec2-47-128-60-196.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 14 22:37:28.370219 2024] [security2:error] [pid 2715705:tid 2715705] [client 47.128.60.196:14090] [client 47.128.60.196] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.qualityelevatorcabs.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.qualityelevatorcabs.com"] [uri "/[email protected] "] [unique_id "ZuZIaKsvveX3Jdfzfb7bxAAAAA4"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-09-15 02:06:13
(4 weeks ago)
Ports: 80,443; Direction: 1; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
hermawan
2024-09-15 00:26:58
(4 weeks ago)
[Sun Sep 15 00:57:05.701731 2024] [security2:error] [pid 301724:tid 134069631321792] [client 47.128. ... show more [Sun Sep 15 00:57:05.701731 2024] [security2:error] [pid 301724:tid 134069631321792] [client 47.128.60.196:32360] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Feed" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.5.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "39"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Feed found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; [email protected] ) request_line = GET /robots.txt HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-malang.info"] [uri "/robots.txt"] [unique_id "ZuXOcS_eor8pAe8hC1H8RQAAAAk"] [staklim-malang.info] [staklim-malang.info] top=[301760] [XXNRERgaKUE] [ZuXOcS_eor8pAe8hC1H8RQAAAAk] keep_alive=[0] [2024-09-15 00:57:05.701734] [R:ZuXOcS_eor8pAe8hC1H8RQAAAAk] UA:'Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mo
... show less
Hacking
Web App Attack
Jim Keir
2024-09-14 07:07:32
(1 month ago)
2024-09-14 07:07:32 47.128.60.196 Bad bot, blocking Mozilla/5.0
Bad Web Bot