hermawan
2024-12-10 06:05:00
(1 month ago)
[Tue Dec 10 11:16:02.806450 2024] [security2:error] [pid 40142:tid 124828652660416] [client 103.208. ... show more [Tue Dec 10 11:16:02.806450 2024] [security2:error] [pid 40142:tid 124828652660416] [client 103.208.207.222:56926] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "zh-CN" at REQUEST_HEADERS:Accept-Language. [file "/etc/modsecurity/coreruleset-4.8.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "64"] [id "440001"] [msg "Seperti Ddos bahasa Rusia ada di ip vietnam 2.59.0.188 "] [data "Matched Data: zh-CN found within REQUEST_HEADERS:Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 request_line = GET /index.php/buku/479-buku-edisi-setiap-1-bulan-sekali/555558941-e-buletin-prakiraan-sifat-dan-curah-hujan-di-kabupaten-sidoarjo HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/buku/479-buku-edisi-setiap-1-bulan-sekali/555558941-e-buletin-prakiraan-sifat-dan-curah-hujan-di-kabupaten-sidoarjo"] [unique_id "Z1fAgrKUJIGQoTSEeUfZ8QAABCQ"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[40234] [7fA6vYoNR3g] [Z1fAgrKUJIGQoT
... show less
Hacking
Web App Attack
hermawan
2024-12-06 23:29:12
(1 month ago)
[Fri Dec 06 21:41:27.771144 2024] [security2:error] [pid 640562:tid 138814282528448] [client 103.208 ... show more [Fri Dec 06 21:41:27.771144 2024] [security2:error] [pid 640562:tid 138814282528448] [client 103.208.207.222:55260] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "zh-CN" at REQUEST_HEADERS:Accept-Language. [file "/etc/modsecurity/coreruleset-4.8.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "64"] [id "440001"] [msg "Seperti Ddos bahasa Rusia ada di ip vietnam 2.59.0.188 "] [data "Matched Data: zh-CN found within REQUEST_HEADERS:Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 request_line = GET /index.php/prakiraan-iklim/prakiraan-musim/prakiraan-musim-kemarau HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/prakiraan-iklim/prakiraan-musim/prakiraan-musim-kemarau"] [unique_id "Z1MNF_qzNjnhZc5LwH9UUAAAAAE"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[640645] [MwWHArNjyc4] [Z1MNF_qzNjnhZc5LwH9UUAAAAAE] keep_alive=[0] [2024-12-06 21:41:27.771148] [R:Z1MNF_qzNjnhZc5LwH9UUAAAAAE] UA:'Mozilla/5.0 (Windows NT
... show less
Hacking
Web App Attack
hermawan
2024-12-03 08:55:19
(1 month ago)
[Tue Dec 03 09:27:11.692992 2024] [security2:error] [pid 464423:tid 128589274003136] [client 103.208 ... show more [Tue Dec 03 09:27:11.692992 2024] [security2:error] [pid 464423:tid 128589274003136] [client 103.208.207.222:52220] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "zh-CN" at REQUEST_HEADERS:Accept-Language. [file "/etc/modsecurity/coreruleset-4.8.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "64"] [id "440001"] [msg "Seperti Ddos bahasa Rusia ada di ip vietnam 2.59.0.188 "] [data "Matched Data: zh-CN found within REQUEST_HEADERS:Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 request_line = GET /index.php/prakiraan-bulanan/4115-prakiraan-curah-hujan-bulanan/prakiraan-curah-hujan-bulanan-di-propinsi-jawa-timur/prakiraan-bulanan-curah-hujan-di-propinsi-jawa-timur-tahun-2022/555559498-prakiraan-bulanan-curah-hujan-bulan-juni-tahun-2022-update-dari-analisis-bulan-april-tahun-2022-di-provinsi-jawa-timur HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/prakiraan-bulanan/4115-prakiraan-curah-hujan-bulanan/prakiraan-curah-hu
... show less
Hacking
Web App Attack
hermawan
2024-12-01 09:35:33
(1 month ago)
[Sun Dec 01 11:44:21.044942 2024] [security2:error] [pid 799532:tid 136151377626816] [client 103.208 ... show more [Sun Dec 01 11:44:21.044942 2024] [security2:error] [pid 799532:tid 136151377626816] [client 103.208.207.222:55588] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "zh-CN" at REQUEST_HEADERS:Accept-Language. [file "/etc/modsecurity/coreruleset-4.8.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "64"] [id "440001"] [msg "Seperti Ddos bahasa Rusia ada di ip vietnam 2.59.0.188 "] [data "Matched Data: zh-CN found within REQUEST_HEADERS:Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 request_line = GET /var/www/index.php/layanan/jenis-dan-tarif-pnbp HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/var/www/index.php/layanan/jenis-dan-tarif-pnbp"] [unique_id "Z0vppYQVNVzJuGwsM-67SQAAAmM"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[799645] [M0niFfZjGAA] [Z0vppYQVNVzJuGwsM-67SQAAAmM] keep_alive=[0] [2024-12-01 11:44:21.044947] [R:Z0vppYQVNVzJuGwsM-67SQAAAmM] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
... show less
Hacking
Web App Attack
hermawan
2024-11-29 12:57:44
(1 month ago)
[Fri Nov 29 16:23:43.042281 2024] [security2:error] [pid 348414:tid 126617917585088] [client 103.208 ... show more [Fri Nov 29 16:23:43.042281 2024] [security2:error] [pid 348414:tid 126617917585088] [client 103.208.207.222:60109] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "zh-CN" at REQUEST_HEADERS:Accept-Language. [file "/etc/modsecurity/coreruleset-4.8.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "64"] [id "440001"] [msg "Seperti Ddos bahasa Rusia ada di ip vietnam 2.59.0.188 "] [data "Matched Data: zh-CN found within REQUEST_HEADERS:Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7 request_line = GET /index.php/prakiraan-iklim/prakiraan-bulanan/prakiraan-bulanan-tingkat-ketersediaan-air-bagi-tanaman/555560324-prakiraan-bulanan-tingkat-ketersediaan-air-bagi-tanaman-di-jawa-timur-untuk-bulan-november-tahun-2023-update-dari-analisis-bulan-juli-tahun-2023 HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/prakiraan-iklim/prakiraan-bulanan/prakiraan-bulanan-tingkat-ketersediaan-air-bagi-tanaman/555560324-prakiraan-bulanan-tingkat
... show less
Hacking
Web App Attack
Anonymous
2024-08-09 23:45:00
(5 months ago)
Unauthorized connection attempt
Port Scan
Hacking
Exploited Host
ⓔⓜⓙⓔⓔ
2024-08-09 19:28:52
(5 months ago)
SMB 🖴 Honeypot: connected to port 445 by 103.208.207.222: port 55105
Port Scan
IP Analyzer
2024-08-09 16:30:56
(5 months ago)
Unauthorized connection attempt from IP address 103.208.207.222 on Port 445(SMB)
Port Scan
nfsec.pl
2024-07-26 12:45:32
(5 months ago)
Scanning on port: 445
Port Scan
Anonymous
2024-02-07 03:34:47
(11 months ago)
Unauthorized connection attempt
Port Scan
Hacking
Exploited Host
ⓔⓜⓙⓔⓔ
2024-01-29 21:36:58
(11 months ago)
SMB 🖴 Honeypot: connected to port 445 by 103.208.207.222: port 53717
Port Scan
IP Analyzer
2024-01-29 12:31:12
(11 months ago)
Unauthorized connection attempt from IP address 103.208.207.222 on Port 445(SMB)
Port Scan
Anonymous
2024-01-29 01:56:19
(11 months ago)
Unauthorized connection attempt
Port Scan
Hacking
Exploited Host
RasyiidWho
2023-05-28 14:24:11
(1 year ago)
ip112.20 . 2023-05-28 21:24:10 420123 [Warning] Access denied for user 'root'@'103.20 ... show more ip112.20 . 2023-05-28 21:24:10 420123 [Warning] Access denied for user 'root'@'103.208.207.222' (using password: NO)
... show less
DDoS Attack
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
SSH
Anonymous
2023-03-23 04:29:55
(1 year ago)
postfix blocked attempt from fail2ban
...
Brute-Force