Mendip_Defender
2024-10-04 09:32:12
(5 hours ago)
54.36.149.80 - - [04/Oct/2024:10:31:11 +0100] "GET /galleries/2008/2008-04-06_-_GravityLC_Rd_1_West_ ... show more 54.36.149.80 - - [04/Oct/2024:10:31:11 +0100] "GET /galleries/2008/2008-04-06_-_GravityLC_Rd_1_West_Hill_Farm_Corfe_Castle/GLC_06-04-2008_167.jpg HTTP/2.0" 200 165818 "-" "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)"
... show less
Bad Web Bot
Anonymous
2024-10-02 16:26:52
(1 day ago)
Excessive crawling/scraping
Hacking
Brute-Force
TPI-Abuse
2024-10-02 00:05:07
(2 days ago)
(mod_security) mod_security (id:210730) triggered by 54.36.149.80 (hydrogen336-ext2.a.ahrefs.com): 1 ... show more (mod_security) mod_security (id:210730) triggered by 54.36.149.80 (hydrogen336-ext2.a.ahrefs.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 01 20:04:57.739500 2024] [security2:error] [pid 14990:tid 14990] [client 54.36.149.80:64231] [client 54.36.149.80] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||www.businesspack-lb.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.businesspack-lb.com"] [uri "/Retail/Update.sql"] [unique_id "ZvyOKXYfS5WBIzBuu6ezLgAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
rh24
2024-09-28 06:55:43
(6 days ago)
(apache-useragents) Failed apache-useragents trigger with match [redacted] from 54.36.149.80 (FR/Fra ... show more (apache-useragents) Failed apache-useragents trigger with match [redacted] from 54.36.149.80 (FR/France/hydrogen336-ext2.a.ahrefs.com) show less
Bad Web Bot
Anonymous
2024-09-26 20:48:30
(1 week ago)
Excessive crawling/scraping
Hacking
Brute-Force
Mendip_Defender
2024-09-23 19:48:51
(1 week ago)
54.36.149.80 - - [23/Sep/2024:20:48:58 +0100] "GET /galleries/2008/2008-08-07_-_Ixion_at_Cadwell_Day ... show more 54.36.149.80 - - [23/Sep/2024:20:48:58 +0100] "GET /galleries/2008/2008-08-07_-_Ixion_at_Cadwell_Day_1/IC1_07-08-2008_0253.jpg HTTP/2.0" 200 106635 "-" "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)"
... show less
Bad Web Bot
TPI-Abuse
2024-09-22 20:38:06
(1 week ago)
(mod_security) mod_security (id:217291) triggered by 54.36.149.80 (hydrogen336-ext2.a.ahrefs.com): 1 ... show more (mod_security) mod_security (id:217291) triggered by 54.36.149.80 (hydrogen336-ext2.a.ahrefs.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 22 16:38:02.984089 2024] [security2:error] [pid 31555:tid 31555] [client 54.36.149.80:61321] [client 54.36.149.80] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(\\\\n|\\\\r)" at ARGS_NAMES:\\r fromwhere. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "145"] [id "217291"] [rev "2"] [msg "HTTP Header Injection Attack via payload (CR/LF detected)||kingscruff.com|F|2"] [data "Matched Data: \\x0d found within ARGS_NAMES:\\x5cr fromwhere: \\x0d fromwhere"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "kingscruff.com"] [uri "/g12software.php"] [unique_id "ZvCAKgWlJEb1D83OmQLfUQAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-09-22 16:29:07
(1 week ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
TPI-Abuse
2024-09-22 04:01:09
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 54.36.149.80 (hydrogen336-ext2.a.ahrefs.com): 1 ... show more (mod_security) mod_security (id:210730) triggered by 54.36.149.80 (hydrogen336-ext2.a.ahrefs.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 22 00:01:02.613247 2024] [security2:error] [pid 14391:tid 14391] [client 54.36.149.80:64061] [client 54.36.149.80] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.vangentholding.com|F|2"] [data ".yolasite.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.vangentholding.com"] [uri "/uncategorized/keep-an-individual-relax-with-korean-sleep-socks/cohoiduhoc.yolasite.com"] [unique_id "Zu-WfoJAImJc44-gve7cRwAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
rh24
2024-09-21 14:20:12
(1 week ago)
(apache-useragents) Failed apache-useragents trigger with match [redacted] from 54.36.149.80 (FR/Fra ... show more (apache-useragents) Failed apache-useragents trigger with match [redacted] from 54.36.149.80 (FR/France/hydrogen336-ext2.a.ahrefs.com) show less
Bad Web Bot
tecnicorioja
2024-09-20 22:01:01
(1 week ago)
(Mod_security) X-Real-IP:
Brute-Force
Bad Web Bot
Web App Attack
Mendip_Defender
2024-09-20 10:29:45
(2 weeks ago)
54.36.149.80 - - [20/Sep/2024:11:29:44 +0100] "GET /_data/i/galleries/2015/20150827_Ixion_at_Cadwell ... show more 54.36.149.80 - - [20/Sep/2024:11:29:44 +0100] "GET /_data/i/galleries/2015/20150827_Ixion_at_Cadwell_2015/IC_20150827_0346-th.JPG HTTP/1.0" 200 14264 "-" "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)"
... show less
Bad Web Bot
Anonymous
2024-09-19 16:45:36
(2 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-09-18 00:41:14
(2 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2024-09-16 13:38:41
(2 weeks ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH