hermawan - AbuseIPDB User Profile

Check an IP Address, Domain Name, or Subnet

e.g. 44.192.26.60, microsoft.com, or 5.188.10.0/24

User hermawan, the webmaster of karangploso.jatim.bmkg.go.id, joined AbuseIPDB in March 2018 and has reported 444,549 IP addresses.

Standing (weight) is good.

ACTIVE USER WEBMASTER SUPPORTER

IP	Date	Comment	Categories
103.166.187.135	2 minutes ago	1664373526 - 09/28/2022 20:58:46 Host: 103.166.187.135/103.166.187.135 Port: 23 TCP Blocked .. ... show more1664373526 - 09/28/2022 20:58:46 Host: 103.166.187.135/103.166.187.135 Port: 23 TCP Blocked ... show less	Port Scan Hacking
87.250.224.34	8 minutes ago	[Wed Sep 28 20:52:12.958791 2022] [-:error] [pid 146237:tid 139667392902720] [client 87.250.224.34:4 ... show more[Wed Sep 28 20:52:12.958791 2022] [-:error] [pid 146237:tid 139667392902720] [client 87.250.224.34:40884] [client 87.250.224.34] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "bot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "5"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: bot found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots) request_line = GET /b/bulananbondowoso.pdf HTTP/1.1"] [severity "NOTICE"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/b/bulananbondowoso.pdf"] [unique_id "YzRRjAIM1QLw67jd4xJn8QAAAYU"] [karangploso.jatim.bmkg.go.id] [karangploso.jatim.bmkg.go.id] top=[146378] [bjdWEe1Mf2Y] [YzRRjAIM1QLw67jd4xJn8QAAAYU] keep_alive=[0] [2022-09-28 20:52:12.958796] [R:YzRRjAIM1QLw67jd4xJn8QAAAYU] UA:'Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)' Host:'karangploso.jatim.b ... show less	Hacking Web App Attack
5.45.207.140	8 minutes ago	[Wed Sep 28 20:52:06.745131 2022] [-:error] [pid 146237:tid 139667493615168] [client 5.45.207.140:42 ... show more[Wed Sep 28 20:52:06.745131 2022] [-:error] [pid 146237:tid 139667493615168] [client 5.45.207.140:42002] [client 5.45.207.140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "bot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "5"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: bot found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots) request_line = GET /index.php/meteorologi/586-prakiraan-meteorologi/prakiraan-cuaca-sidoarjo/1227-prakiraan-cuaca-sidoarjo HTTP/1.1"] [severity "NOTICE"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/meteorologi/586-prakiraan-meteorologi/prakiraan-cuaca-sidoarjo/1227-prakiraan-cuaca-sidoarjo"] [unique_id "YzRRhgIM1QLw67jd4xJn7QAAAXk"] [karangploso.jatim.bmkg.go.id] [karangploso.jatim.bmkg.go.id] top=[146366] [++H2EO1Bf2Y] [YzRRhgIM1QLw67jd4xJn7QAAAXk] keep_alive=[0 ... show less	Hacking Web App Attack
95.108.213.27	10 minutes ago	[Wed Sep 28 20:50:13.251293 2022] [-:error] [pid 143958:tid 139667609011776] [client 95.108.213.27:6 ... show more[Wed Sep 28 20:50:13.251293 2022] [-:error] [pid 143958:tid 139667609011776] [client 95.108.213.27:64398] [client 95.108.213.27] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "bot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "5"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: bot found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots) request_line = GET /index.php/analisis-iklim/analisis-dasarian/distribusi-curah-hujan-dasarian-provinsi-jawa-timur/555558985-analisis-dasarian-distribusi-curah-hujan-dasarian-i-tanggal-1-10-september-2021-di-provinsi-jawa-timur HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-malang.info"] [uri "/index.php/analisis-iklim/analisis-dasarian/distribusi-curah-hujan-dasarian-provinsi-jawa-timur/555558985-analisis-dasarian-distribusi-curah-hujan-dasarian-i-tanggal-1-10-september-2 ... show less	Hacking Web App Attack
95.108.213.57	10 minutes ago	[Wed Sep 28 20:50:05.048265 2022] [-:error] [pid 143958:tid 139667676153408] [client 95.108.213.57:3 ... show more[Wed Sep 28 20:50:05.048265 2022] [-:error] [pid 143958:tid 139667676153408] [client 95.108.213.57:38308] [client 95.108.213.57] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "bot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "5"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: bot found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots) request_line = GET /robots.txt HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-malang.info"] [uri "/robots.txt"] [unique_id "YzRRDdCyjAUHeBE6-MIC1QAAAMQ"] [staklim-malang.info] [staklim-malang.info] top=[144066] [W2i2CUVhQUQ] [YzRRDdCyjAUHeBE6-MIC1QAAAMQ] keep_alive=[0] [2022-09-28 20:50:05.048270] [R:YzRRDdCyjAUHeBE6-MIC1QAAAMQ] UA:'Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)' Host:'staklim-malang.info' ACCEPT:'/' ... show less	Hacking Web App Attack
95.108.213.76	11 minutes ago	[Wed Sep 28 20:49:37.380317 2022] [-:error] [pid 143958:tid 139667885971008] [client 95.108.213.76:5 ... show more[Wed Sep 28 20:49:37.380317 2022] [-:error] [pid 143958:tid 139667885971008] [client 95.108.213.76:56764] [client 95.108.213.76] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "bot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "5"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: bot found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots) request_line = GET /index.php/meteorologi/586-prakiraan-meteorologi/prakiraan-cuaca-sidoarjo/1227-prakiraan-cuaca-sidoarjo HTTP/1.1"] [severity "NOTICE"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/meteorologi/586-prakiraan-meteorologi/prakiraan-cuaca-sidoarjo/1227-prakiraan-cuaca-sidoarjo"] [unique_id "YzRQ8dCyjAUHeBE6-MICxwAAAKs"] [karangploso.jatim.bmkg.go.id] [karangploso.jatim.bmkg.go.id] top=[144041] [uCMQCAVnQUQ] [YzRQ8dCyjAUHeBE6-MICxwAAAKs] keep_alive= ... show less	Hacking Web App Attack
5.255.253.167	13 minutes ago	[Wed Sep 28 20:47:20.634920 2022] [-:error] [pid 138370:tid 139667940517440] [client 5.255.253.167:3 ... show more[Wed Sep 28 20:47:20.634920 2022] [-:error] [pid 138370:tid 139667940517440] [client 5.255.253.167:39280] [client 5.255.253.167] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "bot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "5"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: bot found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots) request_line = GET /index.php/prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan/3936-prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-tahun-2019/1065-prakiraan-mingguan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-berlaku-24-30-september-2019 HTTP/1.1"] [severity "NOTICE"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan/3936-prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-tahun-2019/ ... show less	Hacking Web App Attack
36.37.140.98	14 minutes ago	[Wed Sep 28 20:46:31.757817 2022] [-:error] [pid 133895:tid 139667669849664] [client 36.37.140.98:56 ... show more[Wed Sep 28 20:46:31.757817 2022] [-:error] [pid 133895:tid 139667669849664] [client 36.37.140.98:56876] [client 36.37.140.98] ModSecurity: Access denied with code 403 (phase 1). Match of "pm karangploso.jatim.bmkg.go.id search.brave.com staklim-jatim.bmkg.go.id staklim-malang.info matomo.staklim-malang.info" against "REQUEST_HEADERS:Host" required. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "10"] [id "440217"] [msg "Not Current Hostname"] [data "Matched Data: found within REQUEST_HEADERS:Host: 103.166.156.58 request_line = GET /.env HTTP/1.1"] [severity "NOTICE"] [hostname "103.166.156.58"] [uri "/.env"] [unique_id "YzRQN3tgoQWudnwuLC4sGAAAAMc"] [103.166.156.58] [karangploso.jatim.bmkg.go.id] top=[134006] [YcUG/QQRbUQ] [YzRQN3tgoQWudnwuLC4sGAAAAMc] keep_alive=[0] [2022-09-28 20:46:31.757825] [R:YzRQN3tgoQWudnwuLC4sGAAAAMc] UA:'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.3 ... show less	Hacking Web App Attack
5.255.231.204	16 minutes ago	[Wed Sep 28 20:44:50.807545 2022] [-:error] [pid 122754:tid 139667846096448] [client 5.255.231.204:5 ... show more[Wed Sep 28 20:44:50.807545 2022] [-:error] [pid 122754:tid 139667846096448] [client 5.255.231.204:56292] [client 5.255.231.204] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "bot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "5"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: bot found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots) request_line = GET /index.php/prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan/3936-prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-tahun-2019/1065-prakiraan-mingguan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-berlaku-24-30-september-2019 HTTP/1.1"] [severity "NOTICE"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan/3936-prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-tahun-2019/ ... show less	Hacking Web App Attack
125.164.7.120	18 minutes ago	[Wed Sep 28 20:41:59.424664 2022] [-:error] [pid 119245:tid 139668089484864] [client 125.164.7.120:4 ... show more[Wed Sep 28 20:41:59.424664 2022] [-:error] [pid 119245:tid 139668089484864] [client 125.164.7.120:47614] [client 125.164.7.120] ModSecurity: Access denied with code 403 (phase 1). Pattern match "((?:[[email protected]#\\\\$%\\\\^&\\\\\\\$\\\$\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>][^[email protected]#\\\\$%\\\\^&\\\\\\\$\\\$\\\\-\\\\+=\\\\{\\\\}\\\\[\\\\]\\\\\|:;\\"'\\xc2\\xb4\\xe2\\x80\\x99\\xe2\\x80\\x98`<>]*?){8})" at REQUEST_COOKIES:opera-interstitial. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "1587"] [id "942420"] [msg "Restricted SQL Character Anomaly Detection (cookies): # of special characters exceeded (8)"] [data "Matched Data: {\\x22count\\x22:1,\\x22lastShow\\x22:null} found within REQUEST_COOKIES:opera-interstitial: {\\x22count\\x22:1,\\x22lastShow\\x22:null}"] [severity "WARNING"] [ver "OWASP_CRS/4.0.0-rc1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack ... show less	Hacking Web App Attack
103.139.10.60	19 minutes ago	[Wed Sep 28 20:41:29.300904 2022] [ssl:info] [pid 119245:tid 139667736991296] [client 103.139.10.60: ... show more[Wed Sep 28 20:41:29.300904 2022] [ssl:info] [pid 119245:tid 139667736991296] [client 103.139.10.60:22947] AH02033: No hostname was provided via SNI for a name based virtual host [karangploso.jatim.bmkg.go.id] [karangploso.jatim.bmkg.go.id] top=[119384] [A1X36gR5RUc] [YzRPCYkfW_o9f2_C0phkFAAAAQ8] keep_alive=[0] [2022-09-28 20:41:29.300908] [R:YzRPCYkfW_o9f2_C0phkFAAAAQ8] UA:'Mozilla/5.0 (Linux; Android 5.1; iris758_4G Build/LRX21M) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/37.0.0.0 Mobile Safari/537.36;' Host:'karangploso.jatim.bmkg.go.id' ... show less	Hacking Web App Attack
87.250.224.148	23 minutes ago	[Wed Sep 28 20:37:44.443649 2022] [-:error] [pid 107513:tid 139667636278848] [client 87.250.224.148: ... show more[Wed Sep 28 20:37:44.443649 2022] [-:error] [pid 107513:tid 139667636278848] [client 87.250.224.148:34210] [client 87.250.224.148] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "bot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "5"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: bot found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots) request_line = GET /index.php/tentang-kami/1707-klimatologi/agroklimatologi/kalender-tanam-katam-terpadu/kalender-tanam-katam-terpadu-provinsi-jawa-timur/kalender-tanam-katam-terpadu-kabupaten-kediri/kalender-tanam-katam-terpadu-kecamatan-kras-kabupaten-kediri HTTP/1.1"] [severity "NOTICE"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/tentang-kami/1707-klimatologi/agroklimatologi/kalender-tanam-katam-terpadu/kalender-tanam-katam-terpadu-provinsi-jawa-timur/kal ... show less	Hacking Web App Attack
114.119.143.104	26 minutes ago	[Wed Sep 28 20:34:00.133974 2022] [-:error] [pid 100533:tid 139667720205888] [client 114.119.143.104 ... show more[Wed Sep 28 20:34:00.133974 2022] [-:error] [pid 100533:tid 139667720205888] [client 114.119.143.104:39455] [client 114.119.143.104] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "bot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "5"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: bot found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 7.0;) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; PetalBot;+https://webmaster.petalsearch.com/site/petalbot) request_line = GET /index.php/prakiraan-iklim/prakiraan-bulanan/prakiraan-curah-hujan-bulanan/555559536-prakiraan-bulanan-curah-hujan-bulan-agustus-tahun-2022-update-dari-analisis-bulan-mei-tahun-2022-di-provinsi-jawa-timur HTTP/1.1"] [severity "NOTICE"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/prakiraan-iklim/prakiraan-bulanan/prakiraan-curah-hujan-bulan ... show less	Hacking Web App Attack
213.180.203.65	33 minutes ago	[Wed Sep 28 20:27:40.587730 2022] [-:error] [pid 94755:tid 139667741181504] [client 213.180.203.65:4 ... show more[Wed Sep 28 20:27:40.587730 2022] [-:error] [pid 94755:tid 139667741181504] [client 213.180.203.65:41606] [client 213.180.203.65] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "bot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "5"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: bot found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots) request_line = GET /index.php/citra-satelit-bmkg/1687-kalender-tanam-katam-terpadu/kalender-tanam-katam-terpadu-provinsi-jawa-timur/kalender-tanam-katam-terpadu-kabupaten-kediri/kalender-tanam-katam-terpadu-kecamatan-gurah-kabupaten-kediri HTTP/1.1"] [severity "NOTICE"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/citra-satelit-bmkg/1687-kalender-tanam-katam-terpadu/kalender-tanam-katam-terpadu-provinsi-jawa-timur/kalender-tanam-katam-terpadu-kabupaten-kediri/k ... show less	Hacking Web App Attack
87.250.224.135	33 minutes ago	[Wed Sep 28 20:27:32.651836 2022] [-:error] [pid 94755:tid 139667766359616] [client 87.250.224.135:6 ... show more[Wed Sep 28 20:27:32.651836 2022] [-:error] [pid 94755:tid 139667766359616] [client 87.250.224.135:63658] [client 87.250.224.135] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "bot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "5"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: bot found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots) request_line = GET /robots.txt HTTP/1.1"] [severity "NOTICE"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/robots.txt"] [unique_id "YzRLxIycKGuSG6jTtT1TQQAAAB0"] [karangploso.jatim.bmkg.go.id] [karangploso.jatim.bmkg.go.id] top=[94856] [0GYhuYTH4UU] [YzRLxIycKGuSG6jTtT1TQQAAAB0] keep_alive=[0] [2022-09-28 20:27:32.651846] [R:YzRLxIycKGuSG6jTtT1TQQAAAB0] UA:'Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)' Host:'karangploso.jatim.bmkg.go.id' ACCEPT:'/' ... show less	Hacking Web App Attack
5.255.253.105	33 minutes ago	[Wed Sep 28 20:27:14.795736 2022] [-:error] [pid 94755:tid 139667934213696] [client 5.255.253.105:61 ... show more[Wed Sep 28 20:27:14.795736 2022] [-:error] [pid 94755:tid 139667934213696] [client 5.255.253.105:61062] [client 5.255.253.105] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "bot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "5"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: bot found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; YandexMetrika/2.0; +http://yandex.com/bots yabs01) request_line = GET / HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-malang.info"] [uri "/"] [unique_id "YzRLsoycKGuSG6jTtT1TJwAAAAk"] [staklim-malang.info] [staklim-malang.info] top=[94836] [xeUQuITC4UU] [YzRLsoycKGuSG6jTtT1TJwAAAAk] keep_alive=[0] [2022-09-28 20:27:14.795741] [R:YzRLsoycKGuSG6jTtT1TJwAAAAk] UA:'Mozilla/5.0 (compatible; YandexMetrika/2.0; +http://yandex.com/bots yabs01)' Host:'staklim-malang.info' ACCEPT:'/' Accept-Encoding:'gzip,deflate ... show less	Hacking Web App Attack
87.250.224.80	33 minutes ago	[Wed Sep 28 20:27:07.063557 2022] [-:error] [pid 94602:tid 139667598505536] [client 87.250.224.80:65 ... show more[Wed Sep 28 20:27:07.063557 2022] [-:error] [pid 94602:tid 139667598505536] [client 87.250.224.80:65494] [client 87.250.224.80] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "bot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "5"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: bot found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots) request_line = GET /robots.txt HTTP/1.1"] [severity "NOTICE"] [hostname "staklim-malang.info"] [uri "/robots.txt"] [unique_id "YzRLq9s7YHTJ7pBlP5sVowAAAIE"] [staklim-malang.info] [staklim-malang.info] top=[94723] [GvOat+xgCDc] [YzRLq9s7YHTJ7pBlP5sVowAAAIE] keep_alive=[0] [2022-09-28 20:27:07.063563] [R:YzRLq9s7YHTJ7pBlP5sVowAAAIE] UA:'Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)' Host:'staklim-malang.info' ACCEPT:'/' ... show less	Hacking Web App Attack
103.139.44.223	44 minutes ago	Sep 28 20:16:04 staklim-malang postfix/smtpd[82920]: disconnect from unknown[103.139.44.223] ehlo=1 ... show moreSep 28 20:16:04 staklim-malang postfix/smtpd[82920]: disconnect from unknown[103.139.44.223] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4 ... show less	Email Spam Hacking
103.175.51.171	45 minutes ago	[Wed Sep 28 20:15:53.427459 2022] [-:error] [pid 81312:tid 139667753764416] [client 103.175.51.171:6 ... show more[Wed Sep 28 20:15:53.427459 2022] [-:error] [pid 81312:tid 139667753764416] [client 103.175.51.171:63518] [client 103.175.51.171] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:^\\\\s[\\"'`;]+\|[\\"'`]+\\\\s$)" at ARGS:option. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "591"] [id "942110"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: ' found within ARGS:option: com_content'"] [severity "WARNING"] [ver "OWASP_CRS/4.0.0-rc1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php"] [unique_id "YzRJCUlTXVLJ8e_NK3zUSgAAAWA"] [karangploso.jatim.bmkg.go.id] [karangploso.jatim.bmkg.go.id] top=[81450] [J7tsj0RU7kc] [YzRJCUlTXVLJ8e_NK3zUSgAAAWA] keep_alive=[0] [2022-09-28 20:15:53.427466] [R ... show less	Hacking Web App Attack
95.108.213.58	46 minutes ago	[Wed Sep 28 20:14:45.039386 2022] [-:error] [pid 77064:tid 139667653051968] [client 95.108.213.58:53 ... show more[Wed Sep 28 20:14:45.039386 2022] [-:error] [pid 77064:tid 139667653051968] [client 95.108.213.58:53924] [client 95.108.213.58] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "bot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "5"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: bot found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots) request_line = GET /index.php/prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan/3875-prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-tahun-2018/555556449-prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-berlaku-27-maret-2-april-2018 HTTP/1.1"] [severity "NOTICE"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan/3875-prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-tahun-2018/5555 ... show less	Hacking Web App Attack
87.250.224.159	48 minutes ago	[Wed Sep 28 20:12:15.104355 2022] [-:error] [pid 74433:tid 139667762157120] [client 87.250.224.159:6 ... show more[Wed Sep 28 20:12:15.104355 2022] [-:error] [pid 74433:tid 139667762157120] [client 87.250.224.159:61566] [client 87.250.224.159] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "bot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "5"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: bot found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots) request_line = GET /index.php/prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan/3875-prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-tahun-2018/555556449-prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-berlaku-27-maret-2-april-2018 HTTP/1.1"] [severity "NOTICE"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan/3875-prakiraan-cuaca-daerah-malang-dan-batu-seminggu-ke-depan-tahun-2018/55 ... show less	Hacking Web App Attack
114.119.151.1	50 minutes ago	[Wed Sep 28 20:10:18.733667 2022] [-:error] [pid 71886:tid 139667946796608] [client 114.119.151.1:43 ... show more[Wed Sep 28 20:10:18.733667 2022] [-:error] [pid 71886:tid 139667946796608] [client 114.119.151.1:43731] [client 114.119.151.1] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "bot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "5"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: bot found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (Linux; Android 7.0;) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; PetalBot;+https://webmaster.petalsearch.com/site/petalbot) request_line = GET /index.php/prakiraan-iklim/prakiraan-bulanan/prakiraan-curah-hujan-bulanan/555559559-prakiraan-bulanan-curah-hujan-bulan-oktober-tahun-2022-update-dari-analisis-bulan-juni-tahun-2022-di-provinsi-jawa-timur HTTP/1.1"] [severity "NOTICE"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/prakiraan-iklim/prakiraan-bulanan/prakiraan-curah-hujan-bulanan/5 ... show less	Hacking Web App Attack
163.220.128.41	53 minutes ago	[Wed Sep 28 20:07:10.338589 2022] [-:error] [pid 55115:tid 139667988760128] [client 163.220.128.41:4 ... show more[Wed Sep 28 20:07:10.338589 2022] [-:error] [pid 55115:tid 139667988760128] [client 163.220.128.41:46216] [client 163.220.128.41] ModSecurity: Access denied with code 403 (phase 1). Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1777"] [id "920300"] [msg "Request Missing an Accept Header"] [data "Matched Data: connection found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0 request_line = GET /images/Klimatologi/Prakiraan/03-Prakiraan-Bulanan/Prakiraan_Daerah_Potensi_Banjir_Bulanan/Prakiraan_Daerah_Potensi_Banjir_Bulan_Provinsi_Jawa_Timur/2019/02/Prakiraan_Bulanan_Daerah_Potensi_Banjir_di_Provinsi_Jawa_Timur_Bulan_APRIL_2019_update_10_Februari_2019.jpg HTTP/1.1"] [severity "NOTICE"] [ver "OWASP_CRS/4.0.0-rc1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attac ... show less	Hacking Web App Attack
103.166.10.15	1 hour ago	1664369751 - 09/28/2022 19:55:51 Host: ip-166-10-15.yam.net.id/103.166.10.15 Port: 23 TCP Blocked<br ... show more1664369751 - 09/28/2022 19:55:51 Host: ip-166-10-15.yam.net.id/103.166.10.15 Port: 23 TCP Blocked ... show less	Port Scan Hacking
5.45.207.143	1 hour ago	[Wed Sep 28 19:55:07.629727 2022] [-:error] [pid 23455:tid 139668007634496] [client 5.45.207.143:447 ... show more[Wed Sep 28 19:55:07.629727 2022] [-:error] [pid 23455:tid 139668007634496] [client 5.45.207.143:44726] [client 5.45.207.143] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "bot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-4.0.0-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "5"] [id "440000"] [msg "BAD BOT - Detected and Blocked"] [data "Matched Data: bot found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots) request_line = GET /index.php/prakiraan-bulanan/4044-prakiraan-curah-hujan-bulanan/prakiraan-curah-hujan-bulanan-di-propinsi-jawa-timur/prakiraan-bulanan-curah-hujan-di-propinsi-jawa-timur-tahun-2020/555557900-prakiraan-bulanan-curah-hujan-bulan-mei-tahun-2020-update-dari-analisis-bulan-januari-2020-di-provinsi-jawa-timur HTTP/1.1"] [severity "NOTICE"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/prakiraan-bulanan/4044-prakiraan-curah-hujan-bulanan/prakiraan-curah- ... show less	Hacking Web App Attack