clapper
2024-09-09 06:17:18
(2 days ago)
(mod_security) mod_security (id:980001) triggered by 64.124.8.202 (US/United States/64.124.8.202.ava ... show more (mod_security) mod_security (id:980001) triggered by 64.124.8.202 (US/United States/64.124.8.202.available.above.net): 5 in the last 3600 secs; ID: rub show less
Brute-Force
Bad Web Bot
MAGIC
2024-09-09 06:03:14
(2 days ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Anonymous
2024-09-07 09:12:02
(4 days ago)
Malicious activity detected
Hacking
Web App Attack
Anonymous
2024-08-30 15:50:05
(1 week ago)
Excessive crawling/scraping
Hacking
Brute-Force
hermawan
2024-08-18 06:42:00
(3 weeks ago)
[Sun Aug 18 13:38:50.384956 2024] [security2:error] [pid 936203:tid 132454761367104] [client 64.124. ... show more [Sun Aug 18 13:38:50.384956 2024] [security2:error] [pid 936203:tid 132454761367104] [client 64.124.8.202:23439] [client 64.124.8.202] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Image" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.5.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "39"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Image found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; ImagesiftBot; +imagesift.com) request_line = GET /robots.txt HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/robots.txt"] [unique_id "ZsGW-odRHLmYPKoYvJdmqgAAUxg"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[936228] [TC71cXfpmrY] [ZsGW-odRHLmYPKoYvJdmqgAAUxg] keep_alive=[1] [2024-08-18 13:38:50.384959] [R:ZsGW-odRHLmYPKoYvJdmqgAAUxg] UA:'Mozilla/5.0 (compatible; ImagesiftBot; +imagesift.com)' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,ap
... show less
Hacking
Web App Attack
MAGIC
2024-08-17 15:03:54
(3 weeks ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
cmbplf
2024-08-10 15:58:51
(1 month ago)
25.485 requests in 1 hour (6d59m59s)
Brute-Force
Bad Web Bot
COMAITE
2024-07-27 20:26:53
(1 month ago)
Multiple web server 400 error codes from same source ip 64.124.8.202.
Web App Attack
MAGIC
2024-07-27 10:05:09
(1 month ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
marcel-knorr.de
2024-07-26 09:43:00
(1 month ago)
[fwbs-wordpress] Blocked by UFW
Port Scan
Brute-Force
hermawan
2024-07-19 14:35:16
(1 month ago)
[Fri Jul 19 21:35:14.507976 2024] [security2:error] [pid 394305:tid 132068361111104] [client 64.124. ... show more [Fri Jul 19 21:35:14.507976 2024] [security2:error] [pid 394305:tid 132068361111104] [client 64.124.8.202:20675] [client 64.124.8.202] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "Image" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "38"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: Image found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; ImagesiftBot; +imagesift.com) request_line = GET /robots.txt HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/robots.txt"] [unique_id "Zpp5om2f2ykmK6TbKEVhKwAAiAY"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[394312] [6Kp3mirGcEM] [Zpp5om2f2ykmK6TbKEVhKwAAiAY] keep_alive=[1] [2024-07-19 21:35:14.507979] [R:Zpp5om2f2ykmK6TbKEVhKwAAiAY] UA:'Mozilla/5.0 (compatible; ImagesiftBot; +imagesift.com)' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,ap
... show less
Hacking
Web App Attack
TPI-Abuse
2024-07-18 21:48:08
(1 month ago)
(mod_security) mod_security (id:217291) triggered by 64.124.8.202 (64.124.8.202.available.above.net) ... show more (mod_security) mod_security (id:217291) triggered by 64.124.8.202 (64.124.8.202.available.above.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 18 17:48:02.238327 2024] [security2:error] [pid 1019590:tid 1019590] [client 64.124.8.202:40971] [client 64.124.8.202] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(\\\\n|\\\\r)" at ARGS_NAMES:\\nfromwhere. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "145"] [id "217291"] [rev "2"] [msg "HTTP Header Injection Attack via payload (CR/LF detected)||furball.global|F|2"] [data "Matched Data: \\x0a found within ARGS_NAMES:\\x5cnfromwhere: \\x0afromwhere"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "furball.global"] [uri "/g12contactnolog.php"] [unique_id "ZpmNkqjdTJ77sSzYFX7afAAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack