Anonymous
2026-07-07 21:34:49
(3 days ago)
Port scan / connection attempts on port 54811/UDP to unused IP
Port Scan
๐ฎ๐ฉ
hermawan
2026-06-04 02:36:58
(1 month ago)
[Thu Jun 04 09:36:54.082627 2026] [security2:error] [pid 142166:tid 140067331827392] [client 179.51. ...
show more
[Thu Jun 04 09:36:54.082627 2026] [security2:error] [pid 142166:tid 140067331827392] [client 179.51.239.42:51457] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "www.yahoo.go.id" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "582"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: www.yahoo.go.id found within REQUEST_HEADERS:Referer: https://www.yahoo.go.id/ request_line = GET /index.php/prediksi-iklim/prediksi-dasarian/monitoring-dan-prediksi-curah-hujan HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/prediksi-iklim/prediksi-dasarian/monitoring-dan-prediksi-curah-hujan"] [unique_id "aiDkxqP6UBWhzjPPlXXgxAAAlxI"], referer https://www.yahoo.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[142185] [WVC/aqQS8xQ] [aiDkxqP6UBWhzjPPlXXgxAAAlxI] keep_alive=[1] [2026-06-04 09:36:54.082633] [R:aiDkxqP6UBWhzjPPlXXgxAAAlxI] UA:'Mozilla/5.0 (L
...
show less
Email Spam
Hacking
๐ฉ๐ช
SMARTNET
2026-05-27 06:03:53
(1 month ago)
Aisuru(Mirai variant) DDoS | Incident ID: fd8a75e9-7ad9-4605-bec7-39ad26683952
DDoS Attack
๐ฆ๐น
urnilxfgbez
2026-05-25 22:45:00
(1 month ago)
Last 24 Hours suspicious: (DPT=445|DPT=3389|DPT=22|DPT=3306|DPT=8080|DPT=23|DPT=5900|DPT=1433)
Port Scan
Anonymous
2026-05-12 08:28:17
(1 month ago)
Unauthorized connection attempt on Port 2323
Port Scan
Hacking
Exploited Host
Anonymous
2026-05-09 23:49:07
(2 months ago)
Unauthorized connection attempt
Port Scan
Hacking
Exploited Host
๐จ๐ญ
Origon
2026-04-24 17:50:00
(2 months ago)
NOQUEUE - IP: 179.51.239.42 - Apr 24 19:50:00 plesk postfix/smtpd[2330478]: NOQUEUE: reject: RCPT f ...
show more
NOQUEUE - IP: 179.51.239.42 - Apr 24 19:50:00 plesk postfix/smtpd[2330478]: NOQUEUE: reject: RCPT from unknown[179.51.239.42]: 554 5.7.1 Service unavailable; Client host [179.51.239.42] blocked using dnsbl-1.uceprotect.net; IP 179.51.239.42 is UCEPROTECT-Level 1 listed. See http://www.uceprotect.net/rblcheck.php?ipr=179.51.239.42; from=<[email protected] > to=<REDACTED@REDACTED> proto=ESMTP helo=<carme.li>
show less
Email Spam
๐ซ๐ฎ
notelseit
2026-04-19 08:00:07
(2 months ago)
2026-04-19T09:59:57.784810+02:00 mail dovecot: auth-worker(778359): conn unix:auth-worker (pid=77603 ...
show more
2026-04-19T09:59:57.784810+02:00 mail dovecot: auth-worker(778359): conn unix:auth-worker (pid=776038,uid=110): auth-worker<55>: sql([email protected] ,179.51.239.42,<J5NVkctPirizM+8q>): unknown user
2026-04-19T10:00:04.006352+02:00 mail dovecot: auth-worker(778359): conn unix:auth-worker (pid=776038,uid=110): auth-worker<56>: sql([email protected] ,179.51.239.42,<J5NVkctPirizM+8q>): unknown user
2026-04-19T10:00:06.009177+02:00 mail dovecot: imap-login: Disconnected: Connection closed (auth failed, 2 attempts in 11 secs): user=<[email protected] >, method=PLAIN, rip=179.51.239.42, lip=65.21.131.50, TLS: Connection closed, session=<J5NVkctPirizM+8q>
...
show less
Brute-Force
Email Spam
Anonymous
2026-03-29 22:24:49
(3 months ago)
Unauthorized connection attempt
Port Scan
Hacking
Exploited Host
Anonymous
2026-03-14 22:31:38
(3 months ago)
Malicious activity
Bad Web Bot
Web App Attack
๐บ๐ธ
johnkarlhill
2026-03-11 04:56:15
(3 months ago)
WebKnight blocked malicious web request on johnkarlhill.com
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-02-19 00:27:01
(4 months ago)
(mod_security) mod_security (id:210730) triggered by 179.51.239.42 (179-51-239-42.ipv4.tvc5.co): 1 i ...
show more
(mod_security) mod_security (id:210730) triggered by 179.51.239.42 (179-51-239-42.ipv4.tvc5.co): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 19:26:53.522024 2026] [security2:error] [pid 14406:tid 14406] [client 179.51.239.42:38450] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||barnrods.com|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "barnrods.com"] [uri "/Family/Vacations/Destin2001/Thumbs.db"] [unique_id "aZZYzXDQiefnPSlQiycVDAAAABs"], referer: http://barnrods.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-02-11 17:52:31
(4 months ago)
botnet
DDoS Attack
๐บ๐ธ
kosada.com
2026-02-10 16:26:30
(5 months ago)
Web bot: DDoS
DDoS Attack
Bad Web Bot
Anonymous
2026-01-29 14:29:44
(5 months ago)
Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to ...
show more
Distributed web crawl botnet attack (like Mellowtel), likely illicit scraping of AI training data to bypass firewall/robots.txt restrictions in printer-friendly.asp
show less
Bad Web Bot
Exploited Host