Unncessary traffic to the website

What is the name of the domain?

starconnects.in

What is the issue you’re encountering

There are a lot of unnecessary hits to the website

What is the current SSL/TLS setting?

Flexible

104.234.115.246 - - [02/Feb/2025:00:36:57 +0000] “GET /manage/account/login HTTP/1.1” 404 82423 “-” “‘Mozilla/5.0 (compatible; GenomeCrawlerd/1.0; About Genome crawling | Nokia.com)’”
104.234.115.246 - - [02/Feb/2025:00:37:13 +0000] “GET /admin/index.html HTTP/1.1” 404 88163 “-” “‘Mozilla/5.0 (compatible; GenomeCrawlerd/1.0; About Genome crawling | Nokia.com)’”
104.234.115.246 - - [02/Feb/2025:00:37:28 +0000] “GET /index.html HTTP/1.1” 404 88163 “-” “‘Mozilla/5.0 (compatible; GenomeCrawlerd/1.0; About Genome crawling | Nokia.com)’”
104.234.115.246 - - [02/Feb/2025:00:37:44 +0000] “GET /+CSCOE+/logon.html HTTP/1.1” 404 88163 “-” “‘Mozilla/5.0 (compatible; GenomeCrawlerd/1.0; About Genome crawling | Nokia.com)’”
3.104.246.99 - - [02/Feb/2025:00:37:59 +0000] “POST /wp-cron.php?doing_wp_cron=1738456679.3681230545043945312500 HTTP/1.1” 301 566 “http://www.volunteer.earth/wp-cron.php?doing_wp_cron=1738456679.3681230545043945312500” “WordPress/6.1.1; https://www.volunteer.earth
104.234.115.246 - - [02/Feb/2025:00:37:59 +0000] “GET /cgi-bin/login.cgi HTTP/1.1” 404 88163 “-” “‘Mozilla/5.0 (compatible; GenomeCrawlerd/1.0; About Genome crawling | Nokia.com)’”
104.234.115.246 - - [02/Feb/2025:00:38:14 +0000] “GET /login.htm HTTP/1.1” 404 88163 “-” “‘Mozilla/5.0 (compatible; GenomeCrawlerd/1.0; About Genome crawling | Nokia.com)’”
104.234.115.246 - - [02/Feb/2025:00:38:28 +0000] “GET /login.jsp HTTP/1.1” 404 88163 “-” “‘Mozilla/5.0 (compatible; GenomeCrawlerd/1.0; About Genome crawling | Nokia.com)’”
104.234.115.246 - - [02/Feb/2025:00:38:43 +0000] “GET /doc/index.html HTTP/1.1” 404 88163 “-” “‘Mozilla/5.0 (compatible; GenomeCrawlerd/1.0; About Genome crawling | Nokia.com)’”
104.234.115.246 - - [02/Feb/2025:00:38:59 +0000] “GET /remote/login HTTP/1.1” 404 88163 “-” “‘Mozilla/5.0 (compatible; GenomeCrawlerd/1.0; About Genome crawling | Nokia.com)’”

47.245.124.200 - - [02/Feb/2025:13:38:25 +0000] “GET /lib/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1” 301 588 “-” “Custom-AsyncHttpClient”
47.245.124.200 - - [02/Feb/2025:13:38:25 +0000] “GET /laravel/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1” 301 592 “-” “Custom-AsyncHttpClient”
47.245.124.200 - - [02/Feb/2025:13:38:26 +0000] “GET /www/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1” 301 588 “-” “Custom-AsyncHttpClient”
47.245.124.200 - - [02/Feb/2025:13:38:26 +0000] “GET /ws/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1” 301 587 “-” “Custom-AsyncHttpClient”
47.245.124.200 - - [02/Feb/2025:13:38:26 +0000] “GET /yii/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1” 301 588 “-” “Custom-AsyncHttpClient”
47.245.124.200 - - [02/Feb/2025:13:38:27 +0000] “GET /zend/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1” 301 589 “-” “Custom-AsyncHttpClient”
47.245.124.200 - - [02/Feb/2025:13:38:27 +0000] “GET /ws/ec/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1” 301 590 “-” “Custom-AsyncHttpClient”
47.245.124.200 - - [02/Feb/2025:13:38:27 +0000] “GET /V2/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1” 301 587 “-” “Custom-AsyncHttpClient”

213.136.86.62 - - [02/Feb/2025:19:43:21 +0000] “GET /january.zip HTTP/1.1” 500 2951 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36”
213.136.86.62 - - [02/Feb/2025:19:43:21 +0000] “GET /environment.zip HTTP/1.1” 500 2951 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36”
213.136.86.62 - - [02/Feb/2025:19:43:21 +0000] “GET /reports.zip HTTP/1.1” 500 2951 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36”
213.136.86.62 - - [02/Feb/2025:19:43:21 +0000] “GET /project_docs.zip HTTP/1.1” 500 2951 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36”
213.136.86.62 - - [02/Feb/2025:19:43:21 +0000] “GET /mysql_backup.zip HTTP/1.1” 500 2951 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36”
213.136.86.62 - - [02/Feb/2025:19:43:21 +0000] “GET /august.zip HTTP/1.1” 500 2951 “-” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36”

148.153.45.238 - - [03/Feb/2025:09:40:54 +0000] “GET /aHJi HTTP/1.1” 301 3860 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0”
148.153.45.238 - - [03/Feb/2025:09:40:57 +0000] “GET /JyRH HTTP/1.1” 301 3860 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0”
148.153.45.238 - - [03/Feb/2025:09:40:56 +0000] “GET /aHJi HTTP/1.1” 404 171780 “https://13.201.245.142:443/aHJi” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0”
148.153.45.238 - - [03/Feb/2025:09:41:03 +0000] “GET /aab8 HTTP/1.1” 301 3860 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0”
148.153.45.238 - - [03/Feb/2025:09:41:04 +0000] “GET /aab8 HTTP/1.1” 404 171780 “https://13.201.245.142:443/aab8” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0”
148.153.45.238 - - [03/Feb/2025:09:41:06 +0000] “GET /jquery-3.3.1.slim.min.js HTTP/1.1” 301 3880 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0”
148.153.45.238 - - [03/Feb/2025:09:41:08 +0000] “GET /aab9 HTTP/1.1” 301 3860 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0”
148.153.45.238 - - [03/Feb/2025:09:41:09 +0000] “GET /aab9 HTTP/1.1” 404 171780 “https://13.201.245.142:443/aab9” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0”
148.153.45.238 - - [03/Feb/2025:09:41:07 +0000] “GET /jquery-3.3.1.slim.min.js HTTP/1.1” 404 171980 “https://13.201.245.142:443/jquery-3.3.1.slim.min.js” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0”
148.153.45.238 - - [03/Feb/2025:09:41:11 +0000] “GET /jquery-3.3.2.slim.min.js HTTP/1.1” 301 3880 “-” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0”
148.153.45.238 - - [03/Feb/2025:09:41:00 +0000] “GET /JyRH HTTP/1.1” 404 171248 “https://13.201.245.142:443/JyRH” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0”
148.153.45.238 - - [03/Feb/2025:09:41:12 +0000] “GET /jquery-3.3.2.slim.min.js HTTP/1.1” 404 171980 “https://13.201.245.142:443/jquery-3.3.2.slim.min.js” “Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0”

Someone is trying/probing you with strange requests, otherwise have you got SXG feature enabled at Cloudflare? Despite I don’t see the requests coming from e.g. Googlebot crawler/index.

I also see the usage of the IP address directly, and not your domain, meaning you’ve possibly left some part of the hard-codded in your Website to the development stage using the direct IP for linking and fetching the resources instead of using the public hostname e.g. example.com? :thinking:

1 Like

Thanks for your response.

I’m on a free plan so SXG is not enabled. I’m not sure about the coding part, Please let me know if I can block those requests through rules.

Thank You.

This happens to many of my sites (100+) on Cloudflare free plan. The Traffic, esp. bots and scrappers just ‘slip through’ somehow. I’m not sure if that’s because of ‘Flexible’ SSL, but I’ve seen this happen with sites on ‘FULL’ SSL too.

I ban those bad IPs on my server and also block it in cloudflare global API through a script

Thanks. Can you help me with the script and how it can block the bad IPs?