|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
|
Anonymous
|
|
WordPress Scanner Performing Multiple Requests to Windows Live Writer XML
|
Web App Attack
|
|
|
Anonymous
|
|
Multiple web server 400 error codes from same source ip.
|
Web App Attack
|
|
|
๐ฎ๐ฉ
hermawan
|
|
[Sat Mar 29 01:09:04.810432 2025] [security2:error] [pid 379624:tid 139723122955968] [client 8.215.2 ...
show more
[Sat Mar 29 01:09:04.810432 2025] [security2:error] [pid 379624:tid 139723122955968] [client 8.215.23.227:57686] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "300" at REQUEST_HEADERS:Keep-Alive. [file "/etc/modsecurity/coreruleset-4.10.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "273"] [id "440004"] [msg "Keep Alive Header"] [data "Matched Data: 300 found within REQUEST_HEADERS:Keep-Alive: 300 request_line = GET / HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/"] [unique_id "Z-blwFBkLWgdz3E7NsR6kAAAAQc"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[379683] [ukZB99L3Hic] [Z-blwFBkLWgdz3E7NsR6kAAAAQc] keep_alive=[0] [2025-03-29 01:09:04.810436] [R:Z-blwFBkLWgdz3E7NsR6kAAAAQc] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' Accept-Language:
...
show less
|
Hacking
Web App Attack
|
|
|
๐ฎ๐ฉ
hermawan
|
|
[Fri Mar 28 18:26:21.988322 2025] [security2:error] [pid 215005:tid 140510792959680] [client 8.215.2 ...
show more
[Fri Mar 28 18:26:21.988322 2025] [security2:error] [pid 215005:tid 140510792959680] [client 8.215.23.227:50376] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "300" at REQUEST_HEADERS:Keep-Alive. [file "/etc/modsecurity/coreruleset-4.10.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "273"] [id "440004"] [msg "Keep Alive Header"] [data "Matched Data: 300 found within REQUEST_HEADERS:Keep-Alive: 300 request_line = GET / HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/"] [unique_id "Z-aHXckPDbqQ5dFssMVGvQAAAgA"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[215057] [cuEJV53Af80] [Z-aHXckPDbqQ5dFssMVGvQAAAgA] keep_alive=[0] [2025-03-28 18:26:21.988325] [R:Z-aHXckPDbqQ5dFssMVGvQAAAgA] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' Accept-Language:
...
show less
|
Hacking
Web App Attack
|
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
|
๐บ๐ฆ
URAN Publishing Service
|
|
8.215.23.227 - - [26/Mar/2025:03:22:51 +0200] "GET /xmlrpc.php?rsd HTTP/1.1" 404 196 "-" "Mozilla/5. ...
show more
8.215.23.227 - - [26/Mar/2025:03:22:51 +0200] "GET /xmlrpc.php?rsd HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36"
...
show less
|
Web App Attack
|
|
|
๐ฎ๐ฉ
hermawan
|
|
[Wed Mar 26 02:51:46.887236 2025] [security2:error] [pid 57249:tid 140457006839488] [client 8.215.23 ...
show more
[Wed Mar 26 02:51:46.887236 2025] [security2:error] [pid 57249:tid 140457006839488] [client 8.215.23.227:65151] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "300" at REQUEST_HEADERS:Keep-Alive. [file "/etc/modsecurity/coreruleset-4.10.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "273"] [id "440004"] [msg "Keep Alive Header"] [data "Matched Data: 300 found within REQUEST_HEADERS:Keep-Alive: 300 request_line = GET / HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/"] [unique_id "Z-MJUq6Yagn8ZITx0vztKwAAAWM"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[57386] [LPwEDbh5Vy8] [Z-MJUq6Yagn8ZITx0vztKwAAAWM] keep_alive=[0] [2025-03-26 02:51:46.887241] [R:Z-MJUq6Yagn8ZITx0vztKwAAAWM] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' Accept-Language:'en-US,en;q
...
show less
|
Hacking
Web App Attack
|
|
|
๐ฎ๐ฉ
hermawan
|
|
[Fri Mar 21 13:53:17.886666 2025] [security2:error] [pid 357098:tid 140439382386368] [client 8.215.2 ...
show more
[Fri Mar 21 13:53:17.886666 2025] [security2:error] [pid 357098:tid 140439382386368] [client 8.215.23.227:55445] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "300" at REQUEST_HEADERS:Keep-Alive. [file "/etc/modsecurity/coreruleset-4.10.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "273"] [id "440004"] [msg "Keep Alive Header"] [data "Matched Data: 300 found within REQUEST_HEADERS:Keep-Alive: 300 request_line = GET / HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/"] [unique_id "Z90M3XbSSAiRjE0eLAAsMAAAADI"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[357230] [V6+UtZwSgA0] [Z90M3XbSSAiRjE0eLAAsMAAAADI] keep_alive=[0] [2025-03-21 13:53:17.886671] [R:Z90M3XbSSAiRjE0eLAAsMAAAADI] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' Accept-Language:'en-US,en
...
show less
|
Hacking
Web App Attack
|
|
|
๐ฎ๐ฉ
penjaga BRIN
|
|
apache-alfa-111
|
Web App Attack
|
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
|
๐ฎ๐ฉ
hermawan
|
|
[Thu Mar 20 12:47:18.589044 2025] [security2:error] [pid 123619:tid 140155268601536] [client 8.215.2 ...
show more
[Thu Mar 20 12:47:18.589044 2025] [security2:error] [pid 123619:tid 140155268601536] [client 8.215.23.227:61983] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "300" at REQUEST_HEADERS:Keep-Alive. [file "/etc/modsecurity/coreruleset-4.10.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "273"] [id "440004"] [msg "Keep Alive Header"] [data "Matched Data: 300 found within REQUEST_HEADERS:Keep-Alive: 300 request_line = GET / HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/"] [unique_id "Z9ur5tKefLctdN46S9X1RAAAABQ"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[123721] [0Ty/q1duJp4] [Z9ur5tKefLctdN46S9X1RAAAABQ] keep_alive=[0] [2025-03-20 12:47:18.589049] [R:Z9ur5tKefLctdN46S9X1RAAAABQ] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' Accept-Language:'en-US,en
...
show less
|
Hacking
Web App Attack
|
|
|
Anonymous
|
|
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
|
Brute-Force
SSH
|
|
|
๐ฎ๐ฉ
hermawan
|
|
[Tue Mar 18 21:35:03.149330 2025] [security2:error] [pid 630096:tid 140260000392896] [client 8.215.2 ...
show more
[Tue Mar 18 21:35:03.149330 2025] [security2:error] [pid 630096:tid 140260000392896] [client 8.215.23.227:61919] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "300" at REQUEST_HEADERS:Keep-Alive. [file "/etc/modsecurity/coreruleset-4.10.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "273"] [id "440004"] [msg "Keep Alive Header"] [data "Matched Data: 300 found within REQUEST_HEADERS:Keep-Alive: 300 request_line = GET / HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/"] [unique_id "Z9mEl1plMXeUjT408ZVr9wAAACM"] [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[630213] [9VBrzxbkRRo] [Z9mEl1plMXeUjT408ZVr9wAAACM] keep_alive=[0] [2025-03-18 21:35:03.149335] [R:Z9mEl1plMXeUjT408ZVr9wAAACM] UA:'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36' Host:'staklim-jatim.bmkg.go.id' ACCEPT:'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' Accept-Language:'en-US,en
...
show less
|
Hacking
Web App Attack
|
|