hermawan
2024-08-03 05:16:25
(2 months ago)
[Sat Aug 03 12:07:49.976877 2024] [authz_core:error] [pid 1430303:tid 127628073764416] [client 128.1 ... show more [Sat Aug 03 12:07:49.976877 2024] [authz_core:error] [pid 1430303:tid 127628073764416] [client 128.199.209.232:50780] AH01630: client denied by server configuration: /usr/lib/cgi-bin/alfacgiapi [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[1430355] [FDTnbJhaiYw] [Zq27JSSHg6CpphRjulENkwAAAQo] keep_alive=[0] [2024-08-03 12:07:49.977069] [R:Zq27JSSHg6CpphRjulENkwAAAQo] UA:'Mozilla/5.0 (Linux; Android 11; Redmi Note 9 Pro Build/RKQ1.200826.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/90.0.4430.210 Mobile Safari/537.36' Host:'staklim-jatim.bmkg.go.id' COOKIE:'fb66df88cff4414b0afe6309464db212=0ubus484clbkjro0fviuh34852' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' Accept-Encoding:'gzip, deflate
... show less
Hacking
Web App Attack
hermawan
2024-08-02 09:21:34
(2 months ago)
[Fri Aug 02 12:19:21.808190 2024] [security2:error] [pid 737303:tid 127439141340736] [client 128.199 ... show more [Fri Aug 02 12:19:21.808190 2024] [security2:error] [pid 737303:tid 127439141340736] [client 128.199.209.232:51523] [client 128.199.209.232] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Mozlila" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.3.0/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "58"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: Mozlila found within REQUEST_HEADERS:User-Agent: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36Team Anon Force request_line = GET /simple.php HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/4.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/simple.p
... show less
Hacking
Web App Attack
niceshops.com
2024-08-02 07:36:13
(2 months ago)
Web Attack (Aug 24 09:36:12 ScriptKiddie: request for /wp-admin/js/about.php7 )
SQL Injection
Brute-Force
Bad Web Bot
Web App Attack
Hirte
2024-08-02 05:39:14
(2 months ago)
SS5: Web Attack GET /wp-includes/install.php
Web Spam
Hacking
Bad Web Bot
Web App Attack
kadosmekaten
2024-07-31 22:21:00
(2 months ago)
128.199.209.232 - - [01/Aug/2024:05:21:05 +0700] "GET /wp-content/alfacgiapi/py.alfa HTTP/1.1" 302 3 ... show more 128.199.209.232 - - [01/Aug/2024:05:21:05 +0700] "GET /wp-content/alfacgiapi/py.alfa HTTP/1.1" 302 350 "-" "Mozilla/5.0 (Linux; Android 11; Redmi Note 9 Pro Build/RKQ1.200826.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/90.0.4430.210 Mobile Safari/537.36" show less
DDoS Attack
Brute-Force
Web App Attack
penjaga BRIN
2024-07-31 14:02:21
(2 months ago)
Multiple WP scan detected from same source ip.-111
Brute-Force
RoboSOC
2024-07-31 13:19:38
(2 months ago)
phpunit Remote Code Execution Vulnerability, PTR: PTR record not found
Hacking
Burayot
2024-07-31 05:40:40
(2 months ago)
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 128.199.209.232 (SG/Singapore/-): 2 ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 128.199.209.232 (SG/Singapore/-): 2 in the last 3600 secs show less
Web App Attack
niceshops.com
2024-07-31 02:32:42
(2 months ago)
Web Attack (Jul 24 04:32:41 ScriptKiddie: request for /wp-content/alfacgiapi/perl.alfa )
SQL Injection
Brute-Force
Bad Web Bot
Web App Attack
Incidents Response Neptus Team
2024-07-31 01:56:00
(2 months ago)
Report Abuse IP
Hacking
Exploited Host
Web App Attack
Swiptly
2024-07-30 19:32:23
(2 months ago)
Multiple critical ModSecurity events
...
Web Spam
Bad Web Bot
Burayot
2024-07-30 15:38:58
(2 months ago)
LF_APACHE_403: 128.199.209.232 (SG/Singapore/-), more than 30 Apache 403 hits in the last 3600 secs
Web App Attack
penjaga BRIN
2024-07-30 11:01:47
(2 months ago)
Multiple WP scan detected from same source ip.-111
Brute-Force
Swadharma Duta Data
2024-07-30 08:17:00
(2 months ago)
Webshells backdoor scan and RCE attempt using Alfa Tesla
Hacking
Web App Attack
Anonymous
2024-07-30 07:49:26
(2 months ago)
128.199.209.232 - - [30/Jul/2024:09:46:21 +0200] "GET /alfacgiapi/perl.alfa HTTP/1.1" 404 23770 "-" ... show more 128.199.209.232 - - [30/Jul/2024:09:46:21 +0200] "GET /alfacgiapi/perl.alfa HTTP/1.1" 404 23770 "-" "Mozilla/5.0 (Linux; Android 11; Redmi Note 9 Pro Build/RKQ1.200826.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/90.0.4430.210 Mobile Safari/537.36"
128.199.209.232 - - [30/Jul/2024:09:46:22 +0200] "GET /alfacgiapi/perl.alfa HTTP/1.1" 404 16149 "-" "Mozilla/5.0 (Linux; Android 11; Redmi Note 9 Pro Build/RKQ1.200826.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/90.0.4430.210 Mobile Safari/537.36"
128.199.209.232 - - [30/Jul/2024:09:46:23 +0200] "GET /alfacgiapi/bash.alfa HTTP/1.1" 404 16150 "-" "Mozilla/5.0 (Linux; Android 11; Redmi Note 9 Pro Build/RKQ1.200826.002; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/90.0.4430.210 Mobile Safari/537.36"
128.199.209.232 - - [30/Jul/2024:09:46:23 +0200] "GET /alfacgiapi/bash.alfa HTTP/1.1" 404 16150 "-" "Mozilla/5.0 (Linux; Android 11; Redmi Note 9 Pro Build/RKQ1.200826.002; wv) AppleWebKi
... show less
DDoS Attack