๐ช๐ธ
el-brujo
2025-07-17 19:09:42
(11 months ago)
17/Jul/2025:21:09:42.389172 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ...
show more
17/Jul/2025:21:09:42.389172 +0200Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 162.158.238.36] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\\\\\{|\\\\\\\\||\\\\\\\\|\\\\\\\\||&|&&|\\\\\\\\n|\\\\\\\\r|`)\\\\\\\\s*[\\\\\\\\(,@\\\\\\\\'\\\\"\\\\\\\\s]*(?:[\\\\\\\\w'\\\\"\\\\\\\\./]+/|[\\\\\\\\\\\\\\\\'\\\\"\\\\\\\\^]*\\\\\\\\w[\\\\\\\\\\\\\\\\'\\\\"\\\\\\\\^]*:.*\\\\\\\\\\\\\\\\|[\\\\\\\\^\\\\\\\\.\\\\\\\\w '\\\\"/\\\\\\\\\\\\\\\\]*\\\\\\\\\\\\\\\\)?[\\\\"\\\\\\\\^]*(?:s[\\\\"\\\\\\\\^]*(?:y[\\\\"\\\\\\\\^]*s[\\\\"\\\\\\\\^]*(?:t[\\\\"\\\\\\\\^]*e[\\\\"\\\\\\\\^]*m[\\\\"\\\\\\\\^]*(?:p[\\\\"\\\\\\\\^]*r[\\\\"\\\\\\\\^]*o[\\\\"\\\\\\\\^]*p[\\\\"\\\\\\\\^]*e ..." at ARGS:usuario. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "295"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: ;SELECT found within ARGS:usuario: PxWa';SELECT/**/DBMS_PIPE.RECEIVE_MESSAGE(CHR(75)||CHR(89
...
show less
Hacking
Web App Attack
Anonymous
2025-05-25 08:31:34
(1 year ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2025-05-16 05:54:38
(1 year ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2025-04-26 06:15:07
(1 year ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2025-04-20 05:21:31
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 162.158.238.36 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 162.158.238.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 20 01:21:26.818126 2025] [security2:error] [pid 14504:tid 14504] [client 162.158.238.36:44350] [client 162.158.238.36] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thectegroup.net"] [uri "/.env"] [unique_id "aASEVtZ7XYvMWU6x-wv7yAAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
canine.tools
2025-02-25 13:34:50
(1 year ago)
[fail2ban Auto Report] 162.158.238.36 - - [25/Feb/2025:08:34:50 -0500] "GET /wordpress/wp-admin/setu ...
show more
[fail2ban Auto Report] 162.158.238.36 - - [25/Feb/2025:08:34:50 -0500] "GET /wordpress/wp-admin/setup-config.php HTTP/2.0" 404 1414 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36"
...
show less
Brute-Force
Web App Attack
Anonymous
2025-02-11 21:53:58
(1 year ago)
Detected Hacking, SQL Injection or general Web App Attack
Web App Attack
Anonymous
2025-01-01 02:22:58
(1 year ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2024-12-15 10:08:22
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 162.158.238.36 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 162.158.238.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 15 05:07:36.332848 2024] [security2:error] [pid 30570:tid 30570] [client 162.158.238.36:29112] [client 162.158.238.36] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "efko.group"] [uri "/build/.git/config"] [unique_id "Z16qaH1Jy6CSiFwh8UBL6QAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-04-19 01:39:30
(2 years ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
๐ซ๐ท
Yepngo
2024-01-27 00:29:49
(2 years ago)
162.158.238.36 - - [27/Jan/2024:00:58:32 +0100] "POST /wp-login.php HTTP/2.0" 200 10656 "-" "Mozilla ...
show more
162.158.238.36 - - [27/Jan/2024:00:58:32 +0100] "POST /wp-login.php HTTP/2.0" 200 10656 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36 MVisionPlayer/1.0.0.0"
162.158.238.36 - - [27/Jan/2024:01:29:48 +0100] "POST /wp-login.php HTTP/2.0" 200 10656 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36"
...
show less
Brute-Force
Web App Attack
๐ฆ๐บ
oncord
2024-01-19 21:59:05
(2 years ago)
Form spam
Web Spam
๐บ๐ธ
TPI-Abuse
2024-01-16 02:35:13
(2 years ago)
(mod_security) mod_security (id:210492) triggered by 162.158.238.36 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 162.158.238.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 15 21:35:09.307490 2024] [security2:error] [pid 5460] [client 162.158.238.36:24186] [client 162.158.238.36] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aaaansweringservice.com"] [uri "/.git/config"] [unique_id "ZaXrXQCUdylXceXF650RMwAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
oncord
2024-01-01 00:42:36
(2 years ago)
Form spam
Web Spam
๐ฆ๐บ
oncord
2023-12-28 03:25:47
(2 years ago)
Form spam
Web Spam