www.elivecd.org
2024-09-23 14:44:12
(2 weeks ago)
2024/09/23 15:44:11 [error] 1385212#1385212: *151612 FastCGI sent in stderr: "; PHP message: BOT WAR ... show more 2024/09/23 15:44:11 [error] 1385212#1385212: *151612 FastCGI sent in stderr: "; PHP message: BOT WARNING: visitor used the honeypot: 124.226.222.66, url was '78.141.243.157' and abuseipdb '89', function: ELP_site_live" while reading response header from upstream, client: 124.226.222.66, server: www.elivecd.org, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/run/php/php8.2-fpm-elivewp.sock:", host: "78.141.243.157"
... show less
Web Spam
Email Spam
MPL
2024-09-22 18:25:09
(3 weeks ago)
tcp/80 (12 or more attempts)
Port Scan
Rizzy
2024-09-22 03:34:07
(3 weeks ago)
Multiple WAF Violations
Brute-Force
Web App Attack
Anonymous
2024-09-21 22:31:16
(3 weeks ago)
Multiple/Conflicting Connection Header Data Found
Hacking
Filipe Dávila
2024-09-19 17:41:30
(3 weeks ago)
[Thu Sep 19 13:41:28.144367 2024] [:error] [pid 11503:tid 139865257662208] [client 124.226.222.66:60 ... show more [Thu Sep 19 13:41:28.144367 2024] [:error] [pid 11503:tid 139865257662208] [client 124.226.222.66:60219] [client 124.226.222.66] [redacted]: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "[redacted]REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [ver "[redacted]/4.6.0-[redacted]"] [tag "anomaly-evaluation"] [tag "[redacted]"] [hostname "[redacted]"] [uri "/"] [unique_id "ZuxiSEn69QYFE7-1SmDfMgAAAMU"] show less
Web App Attack
MAGIC
2024-09-19 07:05:57
(3 weeks ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
Evag Touf
2024-09-17 02:06:20
(3 weeks ago)
(mod_security) mod_security triggered on hostname [redacted] 124.226.222.66 (CN/China/-): (CF_ENABL ... show more (mod_security) mod_security triggered on hostname [redacted] 124.226.222.66 (CN/China/-): (CF_ENABLE) show less
SQL Injection
flaus
2024-09-14 17:13:30
(4 weeks ago)
$f2bV_matches
Hacking
Bad Web Bot
Web App Attack
TPI-Abuse
2024-09-14 11:52:39
(4 weeks ago)
(mod_security) mod_security (id:210350) triggered by 124.226.222.66 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 124.226.222.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 14 07:52:28.426057 2024] [security2:error] [pid 5648:tid 5648] [client 124.226.222.66:59199] [client 124.226.222.66] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||www.register-yacht-seychelles.com|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.register-yacht-seychelles.com"] [uri "/"] [unique_id "ZuV4_Nq13PLJGIpSKD3FDwAAABM"] show less
Brute-Force
Bad Web Bot
Web App Attack
Rizzy
2024-09-12 18:06:07
(1 month ago)
Multiple WAF Violations
Brute-Force
Web App Attack
TPI-Abuse
2024-09-11 21:50:47
(1 month ago)
(mod_security) mod_security (id:210350) triggered by 124.226.222.66 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210350) triggered by 124.226.222.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Sep 11 17:50:34.434442 2024] [security2:error] [pid 1098:tid 1098] [client 124.226.222.66:51724] [client 124.226.222.66] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||centralbaptistalcoa.org|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "centralbaptistalcoa.org"] [uri "/"] [unique_id "ZuIQqmIOxGBZrqef6UtsJgAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
chronos
2024-09-11 09:47:39
(1 month ago)
[AUTORAVALT][[11/09/2024 - 06:47:37 -03:00 UTC]
Attack from [Chinanet Hostmaster]
[124.2 ... show more [AUTORAVALT][[11/09/2024 - 06:47:37 -03:00 UTC]
Attack from [Chinanet Hostmaster]
[124.226.222.66]-[RANGE:124.226.0.0 - 124.227.255.255]
[;; communications error to 127.0.0.53#53: timed out
66.222.226.124.in-addr.arpa has no PTR record]
Action: BLocKed
DDoS Attack -> Participating in distributed denial-of-service.
Phishing -> Phishing websites and/or email.
W]
... show less
DDoS Attack
Phishing
Web Spam
Blog Spam
Web App Attack
oh.mg
2024-09-11 08:31:00
(1 month ago)
(mod_security) mod_security (id:949110) triggered by 124.226.222.66 (CN/China/-): 1 in the last 3600 ... show more (mod_security) mod_security (id:949110) triggered by 124.226.222.66 (CN/China/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Wed Sep 11 08:30:52.778366 2024] [:error] [pid 3403900:tid 140622295971584] [client 124.226.222.66:32915] [client 124.226.222.66] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "184"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 6)"] [ver "OWASP_CRS/4.0.0-rc1"] [tag "anomaly-evaluation"] [hostname "82.66.98.178"] [uri "/"] [unique_id "ZuFVPBccHSUxVV8VMwwjlQAAABI"] show less
Port Scan
Anonymous
2024-09-10 22:14:35
(1 month ago)
fail2ban apache-modsecurity [msg "Multiple/Conflicting Connection Header Data Found."] [uri "/"]
Web App Attack
Security_Whaller
2024-09-09 18:24:54
(1 month ago)
Malicious activity detected on Honeypot.
Hacking
Brute-Force
Web App Attack