MAGIC
2025-03-14 06:02:01
(3 days ago)
VM5 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
oncord
2025-03-10 17:01:14
(6 days ago)
Form spam
Web Spam
oncord
2025-03-09 11:22:35
(1 week ago)
Form spam
Web Spam
subnetprotocol
2025-03-07 01:58:36
(1 week ago)
07/Mar/2025:02:58:34.525267 +0100Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client ... show more 07/Mar/2025:02:58:34.525267 +0100Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 5.45.104.176] ModSecurity: Warning. Pattern match "(?i)(?:;|\\\\\\\\{|\\\\\\\\||\\\\\\\\|\\\\\\\\||&|&&|\\\\\\\\n|\\\\\\\\r|`)\\\\\\\\s*[\\\\\\\\(,@\\\\\\\\'\\\\"\\\\\\\\s]*(?:[\\\\\\\\w'\\\\"\\\\\\\\./]+/|[\\\\\\\\\\\\\\\\'\\\\"\\\\\\\\^]*\\\\\\\\w[\\\\\\\\\\\\\\\\'\\\\"\\\\\\\\^]*:.*\\\\\\\\\\\\\\\\|[\\\\\\\\^\\\\\\\\.\\\\\\\\w '\\\\"/\\\\\\\\\\\\\\\\]*\\\\\\\\\\\\\\\\)?[\\\\"\\\\\\\\^]*(?:s[\\\\"\\\\\\\\^]*(?:y[\\\\"\\\\\\\\^]*s[\\\\"\\\\\\\\^]*(?:t[\\\\"\\\\\\\\^]*e[\\\\"\\\\\\\\^]*m[\\\\"\\\\\\\\^]*(?:p[\\\\"\\\\\\\\^]*r[\\\\"\\\\\\\\^]*o[\\\\"\\\\\\\\^]*p[\\\\"\\\\\\\\^]*e ..." at ARGS:raison. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "295"] [id "932115"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: ||(SELECT found within ARGS:raison: 9') AND 4592=CAST((CHR(113)||CHR(107)||CHR(11show less
Hacking
Web App Attack
subnetprotocol
2025-03-06 17:18:59
(1 week ago)
06/Mar/2025:18:18:52.748477 +0100Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client ... show more 06/Mar/2025:18:18:52.748477 +0100Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 5.45.104.176] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'sB1c' [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "66"] [id "942100"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: sB1c found within ARGS:user_email: YbRn' ORDER BY 6-- wPhq"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [hostname "www.mignonne.com"] [uri "/login.php"] [unique_id "Z8nY_HH9jXly-QdAE8WHawAAAFU"]show less
Hacking
Web App Attack
oncord
2025-03-06 13:06:21
(1 week ago)
Form spam
Web Spam
TPI-Abuse
2025-03-06 08:28:42
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 5.45.104.176 (NurembergTor54.quetzalcoatl-relay ... show more (mod_security) mod_security (id:210492) triggered by 5.45.104.176 (NurembergTor54.quetzalcoatl-relays.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 06 03:28:35.845937 2025] [security2:error] [pid 7296:tid 7296] [client 5.45.104.176:44214] [client 5.45.104.176] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dancingbearprinting.com"] [uri "/wp-config.phpold"] [unique_id "Z8lcs5a461-3CwlXupc3zQAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
2025-03-05 17:30:27
(1 week ago)
Web Form Spam: [emoji-omitted] You have received a notification # 372133. Read > [url removed] [emoj ... show more Web Form Spam: [emoji-omitted] You have received a notification # 372133. Read > [url removed] [emoji-omitted] show less
Web Spam
TPI-Abuse
2025-03-04 16:41:26
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 5.45.104.176 (NurembergTor54.quetzalcoatl-relay ... show more (mod_security) mod_security (id:210492) triggered by 5.45.104.176 (NurembergTor54.quetzalcoatl-relays.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 04 11:41:21.782062 2025] [security2:error] [pid 30857:tid 30994] [client 5.45.104.176:26800] [client 5.45.104.176] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cjherbalremedies.com"] [uri "/wp-config.php.com"] [unique_id "Z8ctMUoJ4YBlMChzWRJ8dAAAAks"] show less
Brute-Force
Bad Web Bot
Web App Attack
octageeks.com
2025-03-03 05:11:57
(2 weeks ago)
Wordpress malicious attack:[octaxmlrpc]
Web App Attack
oncord
2025-03-02 04:18:28
(2 weeks ago)
Form spam
Web Spam
TPI-Abuse
2025-02-25 17:25:42
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 5.45.104.176 (NurembergTor54.quetzalcoatl-relay ... show more (mod_security) mod_security (id:210492) triggered by 5.45.104.176 (NurembergTor54.quetzalcoatl-relays.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 25 12:25:36.826682 2025] [security2:error] [pid 28097:tid 28097] [client 5.45.104.176:23540] [client 5.45.104.176] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gilgoinn.com"] [uri "/wp-config.php.tpl"] [unique_id "Z739EL1NfTQW1hSArec_uAAAABY"] show less
Brute-Force
Bad Web Bot
Web App Attack
oncord
2025-02-22 14:01:19
(3 weeks ago)
Form spam
Web Spam
rsa
2025-02-21 23:27:00
(3 weeks ago)
GET /j3h691/../
Hacking
SQL Injection
Brute-Force
Web App Attack
LTM
2025-02-17 07:20:01
(3 weeks ago)
WebServer - Attempts to exploit
Hacking
Brute-Force
Web App Attack
Germany