城市(city): unknown
省份(region): unknown
国家(country): United States of America
运营商(isp): Facebook Inc.
主机名(hostname): unknown
机构(organization): unknown
使用类型(Usage Type): Search Engine Spider
| 类型 | 评论内容 | 时间 |
|---|---|---|
| attackbotsspam | [Sat Aug 15 19:25:56.354856 2020] [:error] [pid 1165:tid 140592558245632] [client 173.252.95.112:49236] [client 173.252.95.112] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/image-loader-worker-v3.js"] [unique_id "XzfUVOniW-eKEEIJLUNKMQABwwA"] ... |
2020-08-15 20:32:24 |
| IP | 类型 | 评论内容 | 时间 |
|---|---|---|---|
| 173.252.95.36 | attack | [Sun Sep 06 23:53:43.920622 2020] [:error] [pid 31433:tid 140397593237248] [client 173.252.95.36:54642] [client 173.252.95.36] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/TableFilter/total-v62.js"] [unique_id "X1UUF3Jrmc0na8dwfwZeEAAAZgo"] ... |
2020-09-07 21:40:00 |
| 173.252.95.35 | attack | Port Scan: TCP/80 |
2020-09-07 21:32:14 |
| 173.252.95.36 | attackbots | [Sun Sep 06 23:53:43.920622 2020] [:error] [pid 31433:tid 140397593237248] [client 173.252.95.36:54642] [client 173.252.95.36] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/TableFilter/total-v62.js"] [unique_id "X1UUF3Jrmc0na8dwfwZeEAAAZgo"] ... |
2020-09-07 13:25:14 |
| 173.252.95.35 | attack | Port Scan: TCP/80 |
2020-09-07 13:17:20 |
| 173.252.95.36 | attack | [Sun Sep 06 23:53:43.920622 2020] [:error] [pid 31433:tid 140397593237248] [client 173.252.95.36:54642] [client 173.252.95.36] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/TableFilter/total-v62.js"] [unique_id "X1UUF3Jrmc0na8dwfwZeEAAAZgo"] ... |
2020-09-07 05:59:58 |
| 173.252.95.35 | attack | [Sun Sep 06 23:53:54.625273 2020] [:error] [pid 31435:tid 140397542881024] [client 173.252.95.35:42156] [client 173.252.95.35] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/depan/service-worker-v4.js"] [unique_id "X1UUIqKFltyTD6lc4lcewAAAOwQ"], referer: https://karangploso.jatim.bmkg.go.id/depan/service-worker-v4.js ... |
2020-09-07 05:53:17 |
| 173.252.95.35 | attackspambots | [Sat Aug 15 19:25:50.690691 2020] [:error] [pid 3316:tid 140592583423744] [client 173.252.95.35:45702] [client 173.252.95.35] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/prakiraan-iklim/prakiraan-bulanan/prakiraan-daerah-potensi-banjir-di-provinsi-jawa-timur/555558208-prakiraan-bulanan-daerah-potensi-banjir-di-provinsi-jawa-timur-untuk-bulan-september-tahun-2020-update-10-agustus-2020"] [unique_id "XzfUTua0Xgxjnrgkau-8LgACeAM"] ... |
2020-08-15 20:38:36 |
| 173.252.95.21 | attackspam | [Sat Aug 15 19:25:57.336250 2020] [:error] [pid 1165:tid 140592558245632] [client 173.252.95.21:64936] [client 173.252.95.21] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/TableFilter/system-v116.css"] [unique_id "XzfUVeniW-eKEEIJLUNKMwABxAA"] ... |
2020-08-15 20:31:58 |
| 173.252.95.117 | attackbots | [Thu Aug 13 04:03:06.401428 2020] [:error] [pid 3529:tid 140197992204032] [client 173.252.95.117:50316] [client 173.252.95.117] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/OneSignalSDKWorker-v3.js"] [unique_id "XzRZCoqBmYA0JFMXc6nlYgACSgM"], referer: https://karangploso.jatim.bmkg.go.id/OneSignalSDKWorker-v3.js ... |
2020-08-13 06:03:44 |
| 173.252.95.36 | attackbots | [Wed Jul 15 01:28:22.702077 2020] [:error] [pid 13074:tid 140254315534080] [client 173.252.95.36:64308] [client 173.252.95.36] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/script-v49.js"] [unique_id "Xw35Rp6BljNWiMsO2yWGSwABwwM"] ... |
2020-07-15 02:54:47 |
| 173.252.95.11 | attackbotsspam | [Tue May 12 10:50:34.541334 2020] [:error] [pid 5113:tid 140143871072000] [client 173.252.95.11:35676] [client 173.252.95.11] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/TableFilter/system-v116.css"] [unique_id "XrodCpwLuor3aXL5YyIHIAACHAA"] ... |
2020-05-12 16:18:21 |
| 173.252.95.17 | attackbots | [Tue May 12 10:50:34.938882 2020] [:error] [pid 4767:tid 140143879464704] [client 173.252.95.17:33180] [client 173.252.95.17] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/timeout-worker-v1.js"] [unique_id "XrodCu0L6urHhe@iJKLGrQAB8QE"] ... |
2020-05-12 16:16:46 |
| 173.252.95.23 | attackbots | [Tue May 12 10:50:36.509570 2020] [:error] [pid 4667:tid 140143871072000] [client 173.252.95.23:60624] [client 173.252.95.23] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/disquss-v2.js"] [unique_id "XrodDHfX6Pwr632XfqBBPgAAtgA"] ... |
2020-05-12 16:15:02 |
| 173.252.95.16 | attackspambots | (mod_security) mod_security (id:20000006) triggered by 173.252.95.16 (US/United States/fwdproxy-atn-016.fbsv.net): 5 in the last 300 secs |
2020-05-09 13:37:25 |
| 173.252.95.21 | attackspambots | [Sat Apr 11 10:49:00.890668 2020] [:error] [pid 12080:tid 140248694216448] [client 173.252.95.21:43262] [client 173.252.95.21] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/prakiraan-iklim/prakiraan-dasarian/prakiraan-dasarian-daerah-potensi-banjir/555557973-prakiraan-dasarian-daerah-potensi-banjir-di-provinsi-jawa-timur-untuk-bulan-april-dasarian-iii-tanggal-21-30-tahun-2020-update-10-april-2020"] [unique_id "XpE@LFq0t-K8B9hNskSEpAAAAAE"] ... |
2020-04-11 17:35:31 |
b
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 173.252.95.112
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30961
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;173.252.95.112. IN A
;; AUTHORITY SECTION:
. 579 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020081500 1800 900 604800 86400
;; Query time: 27 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Aug 15 20:32:15 CST 2020
;; MSG SIZE rcvd: 118
112.95.252.173.in-addr.arpa domain name pointer fwdproxy-atn-112.fbsv.net.
Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
112.95.252.173.in-addr.arpa name = fwdproxy-atn-112.fbsv.net.
Authoritative answers can be found from:
| IP | 类型 | 评论内容 | 时间 |
|---|---|---|---|
| 159.89.1.19 | attack | WordPress login Brute force / Web App Attack on client site. |
2019-11-17 06:53:39 |
| 132.145.153.124 | attackbotsspam | Nov 16 17:24:41 vps647732 sshd[32764]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.145.153.124 Nov 16 17:24:43 vps647732 sshd[32764]: Failed password for invalid user martorana from 132.145.153.124 port 61737 ssh2 ... |
2019-11-17 06:24:12 |
| 45.40.244.197 | attack | Invalid user alexa from 45.40.244.197 port 57456 |
2019-11-17 06:24:38 |
| 203.150.162.126 | attackspam | Nov 16 16:08:19 master sshd[7423]: Failed password for invalid user admin from 203.150.162.126 port 48291 ssh2 |
2019-11-17 06:53:16 |
| 183.131.84.151 | attack | 4x Failed Password |
2019-11-17 06:34:20 |
| 95.86.35.242 | attackspam | Automatic report - Port Scan Attack |
2019-11-17 06:36:19 |
| 121.133.169.254 | attackspam | 2019-11-16T15:37:16.138353struts4.enskede.local sshd\[22621\]: Invalid user nagios from 121.133.169.254 port 42682 2019-11-16T15:37:16.146851struts4.enskede.local sshd\[22621\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.133.169.254 2019-11-16T15:37:20.271604struts4.enskede.local sshd\[22621\]: Failed password for invalid user nagios from 121.133.169.254 port 42682 ssh2 2019-11-16T15:42:29.795189struts4.enskede.local sshd\[22624\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.133.169.254 user=root 2019-11-16T15:42:32.873486struts4.enskede.local sshd\[22624\]: Failed password for root from 121.133.169.254 port 57424 ssh2 ... |
2019-11-17 06:38:29 |
| 106.12.222.252 | attack | Invalid user cees from 106.12.222.252 port 39122 |
2019-11-17 06:57:06 |
| 115.216.212.229 | attack | IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/115.216.212.229/ CN - 1H : (651) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : CN NAME ASN : ASN4134 IP : 115.216.212.229 CIDR : 115.216.0.0/14 PREFIX COUNT : 5430 UNIQUE IP COUNT : 106919680 ATTACKS DETECTED ASN4134 : 1H - 11 3H - 24 6H - 61 12H - 139 24H - 283 DateTime : 2019-11-16 15:43:15 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery |
2019-11-17 06:45:40 |
| 114.34.233.116 | attackbots | 1573915381 - 11/16/2019 15:43:01 Host: 114.34.233.116/114.34.233.116 Port: 12345 TCP Blocked |
2019-11-17 06:53:51 |
| 222.66.69.103 | attack | Invalid user arma3server from 222.66.69.103 port 12434 |
2019-11-17 06:23:39 |
| 112.230.76.167 | attack | Nov 16 15:44:01 ks10 sshd[4897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.230.76.167 ... |
2019-11-17 06:27:36 |
| 181.49.117.166 | attackbotsspam | Invalid user web from 181.49.117.166 port 38332 |
2019-11-17 06:47:59 |
| 178.62.127.197 | attackbotsspam | Nov 16 20:09:12 XXX sshd[21558]: Invalid user muhammad from 178.62.127.197 port 50473 |
2019-11-17 06:29:33 |
| 96.78.177.242 | attackspam | Lines containing failures of 96.78.177.242 Nov 16 17:53:04 siirappi sshd[20893]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.177.242 user=r.r Nov 16 17:53:06 siirappi sshd[20893]: Failed password for r.r from 96.78.177.242 port 55966 ssh2 Nov 16 17:53:06 siirappi sshd[20893]: Received disconnect from 96.78.177.242 port 55966:11: Bye Bye [preauth] Nov 16 17:53:06 siirappi sshd[20893]: Disconnected from 96.78.177.242 port 55966 [preauth] Nov 16 18:08:52 siirappi sshd[21064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=96.78.177.242 user=daemon Nov 16 18:08:54 siirappi sshd[21064]: Failed password for daemon from 96.78.177.242 port 39330 ssh2 Nov 16 18:08:54 siirappi sshd[21064]: Received disconnect from 96.78.177.242 port 39330:11: Bye Bye [preauth] Nov 16 18:08:54 siirappi sshd[21064]: Disconnected from 96.78.177.242 port 39330 [preauth] Nov 16 18:11:53 siirappi sshd[21071]: In........ ------------------------------ |
2019-11-17 07:01:23 |