城市(city): unknown
省份(region): unknown
国家(country): United States
运营商(isp): Facebook Inc.
主机名(hostname): unknown
机构(organization): unknown
使用类型(Usage Type): Commercial
| 类型 | 评论内容 | 时间 |
|---|---|---|
| attackspambots | [Mon Mar 16 12:10:55.022567 2020] [:error] [pid 24549:tid 140077959034624] [client 173.252.95.10:44302] [client 173.252.95.10] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/images/Klimatologi/Prakiraan/02-Prakiraan-Dasarian/Potensi_Banjir/Provinsi_Jawa_Timur/2020/03_Maret_2020/Das-I/01-Prakiraan_Dasarian_Daerah_Potensi_Banjir_di_Provinsi_Jawa_Timur_DASARIAN-II-Bulan-MARET-Tahun-2020_update_10_Maret_2020.webp"] [unique_id "Xm8KX@gHwTxT814jZTFA3AAAAAE"] ... |
2020-03-16 19:46:55 |
| IP | 类型 | 评论内容 | 时间 |
|---|---|---|---|
| 173.252.95.36 | attack | [Sun Sep 06 23:53:43.920622 2020] [:error] [pid 31433:tid 140397593237248] [client 173.252.95.36:54642] [client 173.252.95.36] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/TableFilter/total-v62.js"] [unique_id "X1UUF3Jrmc0na8dwfwZeEAAAZgo"] ... |
2020-09-07 21:40:00 |
| 173.252.95.35 | attack | Port Scan: TCP/80 |
2020-09-07 21:32:14 |
| 173.252.95.36 | attackbots | [Sun Sep 06 23:53:43.920622 2020] [:error] [pid 31433:tid 140397593237248] [client 173.252.95.36:54642] [client 173.252.95.36] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/TableFilter/total-v62.js"] [unique_id "X1UUF3Jrmc0na8dwfwZeEAAAZgo"] ... |
2020-09-07 13:25:14 |
| 173.252.95.35 | attack | Port Scan: TCP/80 |
2020-09-07 13:17:20 |
| 173.252.95.36 | attack | [Sun Sep 06 23:53:43.920622 2020] [:error] [pid 31433:tid 140397593237248] [client 173.252.95.36:54642] [client 173.252.95.36] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/TableFilter/total-v62.js"] [unique_id "X1UUF3Jrmc0na8dwfwZeEAAAZgo"] ... |
2020-09-07 05:59:58 |
| 173.252.95.35 | attack | [Sun Sep 06 23:53:54.625273 2020] [:error] [pid 31435:tid 140397542881024] [client 173.252.95.35:42156] [client 173.252.95.35] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/depan/service-worker-v4.js"] [unique_id "X1UUIqKFltyTD6lc4lcewAAAOwQ"], referer: https://karangploso.jatim.bmkg.go.id/depan/service-worker-v4.js ... |
2020-09-07 05:53:17 |
| 173.252.95.35 | attackspambots | [Sat Aug 15 19:25:50.690691 2020] [:error] [pid 3316:tid 140592583423744] [client 173.252.95.35:45702] [client 173.252.95.35] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/prakiraan-iklim/prakiraan-bulanan/prakiraan-daerah-potensi-banjir-di-provinsi-jawa-timur/555558208-prakiraan-bulanan-daerah-potensi-banjir-di-provinsi-jawa-timur-untuk-bulan-september-tahun-2020-update-10-agustus-2020"] [unique_id "XzfUTua0Xgxjnrgkau-8LgACeAM"] ... |
2020-08-15 20:38:36 |
| 173.252.95.112 | attackbotsspam | [Sat Aug 15 19:25:56.354856 2020] [:error] [pid 1165:tid 140592558245632] [client 173.252.95.112:49236] [client 173.252.95.112] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/image-loader-worker-v3.js"] [unique_id "XzfUVOniW-eKEEIJLUNKMQABwwA"] ... |
2020-08-15 20:32:24 |
| 173.252.95.21 | attackspam | [Sat Aug 15 19:25:57.336250 2020] [:error] [pid 1165:tid 140592558245632] [client 173.252.95.21:64936] [client 173.252.95.21] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/TableFilter/system-v116.css"] [unique_id "XzfUVeniW-eKEEIJLUNKMwABxAA"] ... |
2020-08-15 20:31:58 |
| 173.252.95.117 | attackbots | [Thu Aug 13 04:03:06.401428 2020] [:error] [pid 3529:tid 140197992204032] [client 173.252.95.117:50316] [client 173.252.95.117] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/OneSignalSDKWorker-v3.js"] [unique_id "XzRZCoqBmYA0JFMXc6nlYgACSgM"], referer: https://karangploso.jatim.bmkg.go.id/OneSignalSDKWorker-v3.js ... |
2020-08-13 06:03:44 |
| 173.252.95.36 | attackbots | [Wed Jul 15 01:28:22.702077 2020] [:error] [pid 13074:tid 140254315534080] [client 173.252.95.36:64308] [client 173.252.95.36] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/script-v49.js"] [unique_id "Xw35Rp6BljNWiMsO2yWGSwABwwM"] ... |
2020-07-15 02:54:47 |
| 173.252.95.11 | attackbotsspam | [Tue May 12 10:50:34.541334 2020] [:error] [pid 5113:tid 140143871072000] [client 173.252.95.11:35676] [client 173.252.95.11] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/TableFilter/system-v116.css"] [unique_id "XrodCpwLuor3aXL5YyIHIAACHAA"] ... |
2020-05-12 16:18:21 |
| 173.252.95.17 | attackbots | [Tue May 12 10:50:34.938882 2020] [:error] [pid 4767:tid 140143879464704] [client 173.252.95.17:33180] [client 173.252.95.17] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/timeout-worker-v1.js"] [unique_id "XrodCu0L6urHhe@iJKLGrQAB8QE"] ... |
2020-05-12 16:16:46 |
| 173.252.95.23 | attackbots | [Tue May 12 10:50:36.509570 2020] [:error] [pid 4667:tid 140143871072000] [client 173.252.95.23:60624] [client 173.252.95.23] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/disquss-v2.js"] [unique_id "XrodDHfX6Pwr632XfqBBPgAAtgA"] ... |
2020-05-12 16:15:02 |
| 173.252.95.16 | attackspambots | (mod_security) mod_security (id:20000006) triggered by 173.252.95.16 (US/United States/fwdproxy-atn-016.fbsv.net): 5 in the last 300 secs |
2020-05-09 13:37:25 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 173.252.95.10
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63183
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;173.252.95.10. IN A
;; AUTHORITY SECTION:
. 519 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020031600 1800 900 604800 86400
;; Query time: 96 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Mar 16 19:46:51 CST 2020
;; MSG SIZE rcvd: 11710.95.252.173.in-addr.arpa domain name pointer fwdproxy-atn-010.fbsv.net.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
10.95.252.173.in-addr.arpa name = fwdproxy-atn-010.fbsv.net.
Authoritative answers can be found from:| IP | 类型 | 评论内容 | 时间 |
|---|---|---|---|
| 106.13.165.13 | attackbotsspam | Sep 11 05:15:03 vps200512 sshd\[25561\]: Invalid user 12345 from 106.13.165.13 Sep 11 05:15:03 vps200512 sshd\[25561\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.165.13 Sep 11 05:15:05 vps200512 sshd\[25561\]: Failed password for invalid user 12345 from 106.13.165.13 port 56478 ssh2 Sep 11 05:17:11 vps200512 sshd\[25596\]: Invalid user nodejs from 106.13.165.13 Sep 11 05:17:11 vps200512 sshd\[25596\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.165.13 |
2019-09-11 17:29:37 |
| 23.129.64.165 | attackspam | Sep 11 09:55:57 host sshd\[12678\]: Failed password for root from 23.129.64.165 port 39222 ssh2 Sep 11 09:56:00 host sshd\[12678\]: Failed password for root from 23.129.64.165 port 39222 ssh2 ... |
2019-09-11 18:18:31 |
| 185.136.204.3 | attack | miraniessen.de 185.136.204.3 \[11/Sep/2019:09:57:12 +0200\] "POST /wp-login.php HTTP/1.1" 200 5972 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" miraniessen.de 185.136.204.3 \[11/Sep/2019:09:57:13 +0200\] "POST /wp-login.php HTTP/1.1" 200 5976 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" |
2019-09-11 17:25:35 |
| 115.77.102.151 | attack | 23/tcp [2019-09-11]1pkt |
2019-09-11 17:42:58 |
| 211.253.10.96 | attack | 2019-09-11T12:43:00.861255 sshd[20026]: Invalid user admin from 211.253.10.96 port 59248 2019-09-11T12:43:00.876056 sshd[20026]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.253.10.96 2019-09-11T12:43:00.861255 sshd[20026]: Invalid user admin from 211.253.10.96 port 59248 2019-09-11T12:43:02.780914 sshd[20026]: Failed password for invalid user admin from 211.253.10.96 port 59248 ssh2 2019-09-11T12:50:20.578507 sshd[20117]: Invalid user support from 211.253.10.96 port 37796 ... |
2019-09-11 18:57:55 |
| 45.80.65.76 | attack | Sep 11 06:14:03 plusreed sshd[9498]: Invalid user al3x from 45.80.65.76 ... |
2019-09-11 18:16:37 |
| 106.248.19.115 | attack | Sep 11 12:16:51 mail sshd\[8611\]: Invalid user 12345 from 106.248.19.115 port 57556 Sep 11 12:16:51 mail sshd\[8611\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.248.19.115 Sep 11 12:16:53 mail sshd\[8611\]: Failed password for invalid user 12345 from 106.248.19.115 port 57556 ssh2 Sep 11 12:24:16 mail sshd\[9899\]: Invalid user server from 106.248.19.115 port 36226 Sep 11 12:24:16 mail sshd\[9899\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.248.19.115 |
2019-09-11 18:27:17 |
| 113.134.62.4 | attackspam | 2019-09-11T15:02:12.793103enmeeting.mahidol.ac.th sshd\[28543\]: User root from 113.134.62.4 not allowed because not listed in AllowUsers 2019-09-11T15:02:12.914139enmeeting.mahidol.ac.th sshd\[28543\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.134.62.4 user=root 2019-09-11T15:02:14.981220enmeeting.mahidol.ac.th sshd\[28543\]: Failed password for invalid user root from 113.134.62.4 port 47247 ssh2 ... |
2019-09-11 18:24:26 |
| 107.172.46.82 | attackbotsspam | Sep 10 22:56:45 sachi sshd\[28206\]: Invalid user support from 107.172.46.82 Sep 10 22:56:45 sachi sshd\[28206\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.46.82 Sep 10 22:56:48 sachi sshd\[28206\]: Failed password for invalid user support from 107.172.46.82 port 41824 ssh2 Sep 10 23:04:23 sachi sshd\[28827\]: Invalid user ubuntu from 107.172.46.82 Sep 10 23:04:23 sachi sshd\[28827\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.172.46.82 |
2019-09-11 17:24:28 |
| 59.10.5.156 | attack | $f2bV_matches |
2019-09-11 17:41:19 |
| 182.147.243.50 | attack | recursive dns scanner |
2019-09-11 18:52:20 |
| 129.213.164.163 | attackspam | DATE:2019-09-11 09:57:09, IP:129.213.164.163, PORT:telnet - Telnet brute force auth on a honeypot server (epe-dc) |
2019-09-11 17:29:15 |
| 165.227.212.99 | attackbotsspam | Sep 11 06:00:29 ny01 sshd[19759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.212.99 Sep 11 06:00:30 ny01 sshd[19759]: Failed password for invalid user rstudio@123 from 165.227.212.99 port 44094 ssh2 Sep 11 06:05:58 ny01 sshd[20596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.212.99 |
2019-09-11 18:07:54 |
| 146.88.240.4 | attack | recursive dns scanner |
2019-09-11 18:54:18 |
| 106.75.75.112 | attack | Sep 11 11:02:17 dedicated sshd[12480]: Invalid user testpass from 106.75.75.112 port 34912 |
2019-09-11 17:20:02 |