User Hary74656 , the webmaster of aschi.at, joined AbuseIPDB in February 2025 and has reported 539 IP addresses.
Standing (weight) is Unknown.
ACTIVE USER
WEBMASTER
SUPPORTER
- « Previous
- Next »
| IP | Date | Comment | Categories |
|---|---|---|---|
167.94.138.118
|
Mar 18 00:42:34 odin postfix/submission/smtpd[534615]: warning: hostname scanner-27.ch1.censys-scann ... show moreMar 18 00:42:34 odin postfix/submission/smtpd[534615]: warning: hostname scanner-27.ch1.censys-scanner.com does not resolve to address 167.94.138.118
Mar 18 00:42:39 odin postfix/submission/smtpd[534615]: warning: hostname scanner-27.ch1.censys-scanner.com does not resolve to address 167.94.138.118 Mar 18 00:42:41 odin postfix/submission/smtpd[534615]: warning: hostname scanner-27.ch1.censys-scanner.com does not resolve to address 167.94.138.118 Mar 18 00:42:43 odin postfix/submission/smtpd[534615]: warning: hostname scanner-27.ch1.censys-scanner.com does not resolve to address 167.94.138.118 Mar 18 00:42:46 odin postfix/submission/smtpd[534615]: warning: hostname scanner-27.ch1.censys-scanner.com does not resolve to address 167.94.138.118 ... show less |
Email Spam | |
|
217.154.8.174
|
[Mon Mar 17 23:57:55.002792 2025] [:error] [pid 396237:tid 396462] [client 217.154.8.174:34852] [cli ... show more[Mon Mar 17 23:57:55.002792 2025] [:error] [pid 396237:tid 396462] [client 217.154.8.174:34852] [client 217.154.8.174] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "=" at ARGS_NAMES:\\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "131"] [id "933120"] [msg "PHP Injection Attack: Configuration Directive Found"] [data "Matched Data: = found within ARGS_NAMES:\\x5c\\x5cxadd allow_url_include=1 \\x5c\\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php:/input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "78.46.107.184"] [uri "/hello.world"] [unique_id "Z9io8rWjuXyS-df0usQshgAAA9Q"]
[Mon Mar 17 23:57:55.095345 2025] [:error] [pid 396237:tid 3 ... show less |
Web App Attack | |
|
94.156.227.201
|
[Mon Mar 17 19:41:56.728443 2025] [:error] [pid 396189:tid 396550] [client 94.156.227.201:49400] [cl ... show more[Mon Mar 17 19:41:56.728443 2025] [:error] [pid 396189:tid 396550] [client 94.156.227.201:49400] [client 94.156.227.201] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "26th.eu"] [uri "/.git/config"] [unique_id "Z9hs9FdtLRRih6X6e5co_QAAA1k"]
[Mon Mar 17 19:41:56.867776 2025] [:error] [pid 396052:tid 396435] [client 94.156.227.201:59964] [client 94.156.227.201] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity- ... show less |
Web App Attack | |
|
38.255.36.128
|
[Mon Mar 17 16:40:48.035872 2025] [:error] [pid 395980:tid 396198] [client 38.255.36.128:56035] [cli ... show more[Mon Mar 17 16:40:48.035872 2025] [:error] [pid 395980:tid 396198] [client 38.255.36.128:56035] [client 38.255.36.128] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "26th.eu"] [uri "/.git/"] [unique_id "Z9hCf25C6mW42rx3XKlWSQAAAfA"]
[Mon Mar 17 16:40:48.314958 2025] [:error] [pid 396155:tid 396456] [client 38.255.36.128:56823] [client 38.255.36.128] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUE ... show less |
Web App Attack | |
|
185.212.227.15
|
[Mon Mar 17 05:00:22.932225 2025] [:error] [pid 254838:tid 254926] [client 185.212.227.15:53431] [cl ... show more[Mon Mar 17 05:00:22.932225 2025] [:error] [pid 254838:tid 254926] [client 185.212.227.15:53431] [client 185.212.227.15] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "weavernet.at"] [uri "/.env"] [unique_id "Z9eeVv-AvNLQ0fDzbE11jwAAAwY"]
[Mon Mar 17 05:00:23.275347 2025] [:error] [pid 254805:tid 254875] [client 185.212.227.15:53451] [client 185.212.227.15] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/R ... show less |
Web App Attack | |
|
137.135.97.226
|
Mar 17 01:37:35 odin postfix/submission/smtpd[266947]: warning: unknown[137.135.97.226]: SASL PLAIN ... show moreMar 17 01:37:35 odin postfix/submission/smtpd[266947]: warning: unknown[137.135.97.226]: SASL PLAIN authentication failed: (reason unavailable), [email protected]
Mar 17 01:41:45 odin postfix/submission/smtpd[267809]: warning: unknown[137.135.97.226]: SASL PLAIN authentication failed: (reason unavailable), [email protected] Mar 17 01:45:45 odin postfix/submission/smtpd[268645]: warning: unknown[137.135.97.226]: SASL PLAIN authentication failed: (reason unavailable), [email protected] Mar 17 01:49:23 odin postfix/submission/smtpd[269069]: warning: unknown[137.135.97.226]: SASL PLAIN authentication failed: (reason unavailable), [email protected] Mar 17 01:53:07 odin postfix/submission/smtpd[269889]: warning: unknown[137.135.97.226]: SASL PLAIN authentication failed: (reason unavailable), [email protected] ... show less |
Brute-Force | |
|
80.75.33.23
|
Manually detected Spam
|
Email Spam | |
|
52.101.128.87
|
Manually detected Spam
|
Email Spam | |
|
40.107.215.85
|
Manually detected Spam
|
Email Spam | |
|
18.170.111.160
|
[Sun Mar 16 15:44:29.130433 2025] [:error] [pid 2059:tid 2142] [client 18.170.111.160:57785] [client ... show more[Sun Mar 16 15:44:29.130433 2025] [:error] [pid 2059:tid 2142] [client 18.170.111.160:57785] [client 18.170.111.160] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "base64_decode" at ARGS:google. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "294"] [id "933150"] [msg "PHP Injection Attack: High-Risk PHP Function Name Found"] [data "Matched Data: base64_decode found within ARGS:google: echo 'x7root';fwrite(fopen('../about.php','w+'),base64_decode('pd9wahakicbmdw5jdglvbibnzxqojhvybckgewogicagicaky2ggpsbjdxjsx2luaxqoktskicagicagy3vybf9zzxrvchqojgnolcbdvvjmt1bux0hfqurfuiwgmck7ciagicagign1cmxfc2v0b3b0kcrjacwgq1vste9qvf9srvrvuk5uukfou0zfuiwgmsk7ciagicagign1cmxfc2v0b3b0kcrjacwgq1vste9qvf9vukwsicr1cmwpowogicagicakzgf0ysa9ign1cmxfzxhlyygky2gpowogicagicbjdxjsx2nsb3nlkcrjack7ciagicagihjldhvybiakzgf0ytskicb9ciagjg9rid0gjz8+jzskicbldmfskcikb2si..."] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-ph
... show less |
Web App Attack | |
|
162.142.125.220
|
Mar 16 11:41:06 odin postfix/smtpd[102537]: warning: hostname scanner-25.ch1.censys-scanner.com does ... show moreMar 16 11:41:06 odin postfix/smtpd[102537]: warning: hostname scanner-25.ch1.censys-scanner.com does not resolve to address 162.142.125.220
Mar 16 11:41:07 odin postfix/smtpd[102537]: warning: hostname scanner-25.ch1.censys-scanner.com does not resolve to address 162.142.125.220 Mar 16 11:41:08 odin postfix/smtpd[102537]: warning: hostname scanner-25.ch1.censys-scanner.com does not resolve to address 162.142.125.220 Mar 16 11:41:10 odin postfix/smtpd[102537]: warning: hostname scanner-25.ch1.censys-scanner.com does not resolve to address 162.142.125.220 Mar 16 11:41:11 odin postfix/smtpd[102537]: warning: hostname scanner-25.ch1.censys-scanner.com does not resolve to address 162.142.125.220 ... show less |
Email Spam | |
|
45.148.10.80
|
[Sun Mar 16 04:12:48.574329 2025] [:error] [pid 1551:tid 1718] [client 45.148.10.80:35784] [client 4 ... show more[Sun Mar 16 04:12:48.574329 2025] [:error] [pid 1551:tid 1718] [client 45.148.10.80:35784] [client 45.148.10.80] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "divisio.at"] [uri "/.git/config"] [unique_id "Z9ZBsN0w_ANw2qdaF8zSjAAAANk"]
[Sun Mar 16 04:43:09.213093 2025] [:error] [pid 2281:tid 2429] [client 45.148.10.80:60746] [client 45.148.10.80] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/RE ... show less |
Web App Attack | |
|
31.57.159.26
|
[Sun Mar 16 02:42:34.824108 2025] [:error] [pid 533559:tid 533639] [client 31.57.159.26:41504] [clie ... show more[Sun Mar 16 02:42:34.824108 2025] [:error] [pid 533559:tid 533639] [client 31.57.159.26:41504] [client 31.57.159.26] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "47"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /pms?module=logging&file_name=../../../../../../~/.aws/credentials&number_of_lines=10000"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "piwik.weavernet.at"]
... show less |
Web App Attack | |
|
103.195.140.221
|
[Sat Mar 15 20:51:49.599581 2025] [:error] [pid 302070:tid 302184] [client 103.195.140.221:37871] [c ... show more[Sat Mar 15 20:51:49.599581 2025] [:error] [pid 302070:tid 302184] [client 103.195.140.221:37871] [client 103.195.140.221] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "=" at ARGS_NAMES:\\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "131"] [id "933120"] [msg "PHP Injection Attack: Configuration Directive Found"] [data "Matched Data: = found within ARGS_NAMES:\\x5c\\x5cxadd allow_url_include=1 \\x5c\\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php:/input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "78.46.107.184"] [uri "/hello.world"] [unique_id "Z9XaVbQnfdG_RmRFnHWotQAAA-U"]
[Sat Mar 15 20:51:49.880780 2025] [:error] [pid 302070:t ... show less |
Web App Attack | |
|
80.75.33.23
|
Manually detected Spam
|
Email Spam | |
|
54.37.193.231
|
Manually detected Spam
|
Email Spam | |
|
52.101.225.128
|
Manually detected Spam
|
Email Spam | |
|
52.101.225.100
|
Manually detected Spam
|
Email Spam | |
|
40.107.215.123
|
Manually detected Spam
|
Email Spam | |
|
194.48.128.21
|
Manually detected Spam
|
Email Spam | |
|
194.48.128.20
|
Manually detected Spam
|
Email Spam | |
|
185.92.210.67
|
[Sat Mar 15 18:41:13.069247 2025] [:error] [pid 302070:tid 302182] [client 185.92.210.67:46190] [cli ... show more[Sat Mar 15 18:41:13.069247 2025] [:error] [pid 302070:tid 302182] [client 185.92.210.67:46190] [client 185.92.210.67] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^[\\\\w/.+-]+(?:\\\\s?;\\\\s?(?:action|boundary|charset|type|start(?:-info)?)\\\\s?=\\\\s?['\\"\\\\w.()+,/:=?<>@-]+)*$" against "REQUEST_HEADERS:Content-type" required. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "932"] [id "920470"] [msg "Illegal Content-Type header"] [data "*/*"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153"] [tag "PCI/12.1"] [hostname "78.46.107.184"] [uri "/"] [unique_id "Z9W7ubQnfdG_RmRFnHWoUQAAA-Q"]
[Sat Mar 15 18:41:13.319453 2025] [:error] [pid 302055:tid 302119] [client 185.92.210.67:46204] [client 185.92.210.67] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ... show less |
Web App Attack | |
|
196.251.70.246
|
[Sat Mar 15 18:01:20.742078 2025] [:error] [pid 301576:tid 301633] [client 196.251.70.246:36294] [cl ... show more[Sat Mar 15 18:01:20.742078 2025] [:error] [pid 301576:tid 301633] [client 196.251.70.246:36294] [client 196.251.70.246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)(?:\\\\x5c|(?:%(?:c(?:0%(?:[2aq]f|5c|9v)|1%(?:[19p]c|8s|af))|2(?:5(?:c(?:0%25af|1%259c)|2f|5c)|%46|f)|(?:(?:f(?:8%8)?0%8|e)0%80%a|bg%q)f|%3(?:2(?:%(?:%6|4)6|F)|5%%63)|u(?:221[56]|002f|EFC8|F025)|1u|5c)|0x(?:2f|5c)|\\\\/))(?:%(?:(?:f(?:(?:c%80|8)%8)?0%8 ..." at REQUEST_URI_RAW. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "47"] [id "930100"] [msg "Path Traversal Attack (/../)"] [data "Matched Data: /../ found within REQUEST_URI_RAW: /remote/fgt_lang?lang=/../../../..//////////dev/cmdb/sslvpn_websession"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [hostname "78.46.107.184"] [uri "/remote/fgt_
... show less |
Web App Attack | |
|
157.245.53.96
|
[Sat Mar 15 14:01:58.153662 2025] [:error] [pid 302055:tid 302141] [client 157.245.53.96:36440] [cli ... show more[Sat Mar 15 14:01:58.153662 2025] [:error] [pid 302055:tid 302141] [client 157.245.53.96:36440] [client 157.245.53.96] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "=" at ARGS_NAMES:\\\\xadd allow_url_include=1 \\\\xadd auto_prepend_file=php://input. [file "/usr/share/modsecurity-crs/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "131"] [id "933120"] [msg "PHP Injection Attack: Configuration Directive Found"] [data "Matched Data: = found within ARGS_NAMES:\\x5c\\x5cxadd allow_url_include=1 \\x5c\\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php:/input"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-php"] [tag "platform-multi"] [tag "attack-injection-php"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/242"] [hostname "78.46.107.184"] [uri "/hello.world"] [unique_id "Z9V6RRufPXsEurQONzenjAAAA6Y"]
[Sat Mar 15 14:01:59.487629 2025] [:error] [pid 302055:tid 3 ... show less |
Web App Attack | |
|
144.126.146.166
|
[Sat Mar 15 01:22:17.336279 2025] [:error] [pid 246367:tid 246553] [client 144.126.146.166:50696] [c ... show more[Sat Mar 15 01:22:17.336279 2025] [:error] [pid 246367:tid 246553] [client 144.126.146.166:50696] [client 144.126.146.166] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/tsconfig.json" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "124"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /tsconfig.json found within REQUEST_FILENAME: /tsconfig.json"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "78.46.107.184"] [uri "/tsconfig.json"] [unique_id "Z9TINAFLV5e6WKWIS7zIHAAAAW0"]
[Sat Mar 15 01:22:22.249276 2025] [:error] [pid 246367:tid 246575] [client 144.126.146.166:50712] [client 144.126.146.166] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/sftp-config.json" at REQUES ... show less |
Web App Attack |
- « Previous
- Next »