π³π±
tmiland
2026-07-11 13:47:37
(1 day ago)
(nginx_404) Dot directory Honeypot Trap 216.22.5.86 (US/United States/marzcore.us): 2 in the last 36 ...
show more
(nginx_404) Dot directory Honeypot Trap 216.22.5.86 (US/United States/marzcore.us): 2 in the last 3600 secs; IP: 216.22.5.86; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 216.22.5.86 - - [11/Jul/2026:15:47:28 +0200] "GET /.env HTTP/1.1" 404 2992 "http://*.*.*.*/.env" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/121.0.0.0 Safari/537.36" 216.22.5.86 - - [11/Jul/2026:15:47:36 +0200] "GET /.env.production HTTP/1.1" 404 2992 "http://*.*.*.*/.env.production" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/121.0.0.0 Safari/537.36"
show less
Brute-Force
πΊπΈ
gamabe
2026-07-10 22:47:42
(1 day ago)
Detected crowdsecurity/http-sensitive-files attack pattern. Reported by CrowdSec IDS.
Hacking
πΊπΈ
Floofie
2026-07-10 19:40:22
(1 day ago)
216.22.5.86 - - [10/Jul/2026:15:40:11 -0400] "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Macintosh; ...
show more
216.22.5.86 - - [10/Jul/2026:15:40:11 -0400] "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 Chrome/121.0.0.0 Safari/537.36"
216.22.5.86 - - [10/Jul/2026:15:40:14 -0400] "GET /.env.local HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0"
216.22.5.86 - - [10/Jul/2026:15:40:21 -0400] "GET /.env.production HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/121.0.0.0 Safari/537.36"
...
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
Matthew Ping
2026-07-10 15:30:17
(1 day ago)
ModSecurity rule 949110 triggered on wp3. Web application attack blocked by CSF/LFD.
Web App Attack
Hacking
π¬π§
blik2108
2026-07-10 05:49:23
(2 days ago)
beta.sleepylizard.com:80 216.22.5.86 - - [10/Jul/2026:06:49:14 +0100] "GET /config/app.php HTTP/1.1" ...
show more
beta.sleepylizard.com:80 216.22.5.86 - - [10/Jul/2026:06:49:14 +0100] "GET /config/app.php HTTP/1.1" 301 651 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/121.0.0.0 Safari/537.36"
beta.sleepylizard.com:80 216.22.5.86 - - [10/Jul/2026:06:49:18 +0100] "GET /config/database.php HTTP/1.1" 301 660 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/121.0.0.0 Safari/537.36"
beta.sleepylizard.com:80 216.22.5.86 - - [10/Jul/2026:06:49:19 +0100] "GET /config/mail.php HTTP/1.1" 301 652 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0"
beta.sleepylizard.com:80 216.22.5.86 - - [10/Jul/2026:06:49:22 +0100] "GET /config/services.php HTTP/1.1" 301 660 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:121.0) Gecko/20100101 Firefox/121.0"
beta.sleepylizard.com:80 216.22.5.86 - - [10/Jul/2026:06:49:23 +0100] "GET /config/queue.php HTTP/1.1" 301 654 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/121.0.0.0 Safari/53
...
show less
Brute-Force
π¬π§
Apache
2026-07-09 21:02:15
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 216.22.5.86 (US/United States/marzcore.us): 5 i ...
show more
(mod_security) mod_security (id:210492) triggered by 216.22.5.86 (US/United States/marzcore.us): 5 in the last 300 secs
show less
Brute-Force
Web App Attack
π¬π§
thetomtaylor.co.uk
2026-07-09 12:06:01
(3 days ago)
Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [ice01,wa01,wa02]
Hacking
Brute-Force
Bad Web Bot
Web App Attack
π¬π§
thetomtaylor.co.uk
2026-07-09 10:08:01
(3 days ago)
Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [ice02]
Hacking
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
LotPhantom
2026-07-09 01:32:26
(3 days ago)
216.22.5.86 - - [09/Jul/2026:01:31:58 +0000] "GET /config/app.php HTTP/1.1" 404 548 "-" "Mozilla/5.0 ...
show more
216.22.5.86 - - [09/Jul/2026:01:31:58 +0000] "GET /config/app.php HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/121.0.0.0 Safari/537.36" "0"
...
show less
Web App Attack
πΊπΈ
RogueAutomata
2026-07-08 20:35:41
(3 days ago)
Detected malicious request: GET /.env
Detections triggered: Environment/config probe
Access via IP ...
show more
Detected malicious request: GET /.env
Detections triggered: Environment/config probe
Access via IP addr (v4)
show less
Web App Attack
π³π±
bazter.pro
2026-07-08 19:49:28
(3 days ago)
216.22.5.86 - - [08/Jul/2026:19:49:28 +0000] "GET /.env.production HTTP/1.1" 404 306 "http://68.183. ...
show more
216.22.5.86 - - [08/Jul/2026:19:49:28 +0000] "GET /.env.production HTTP/1.1" 404 306 "http://68.183.5.157/.env.production" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 Chrome/121.0.0.0 Safari/537.36"
...
show less
Port Scan
Brute-Force
Bad Web Bot
Web App Attack
SSH
πΊπΈ
Power Ca
2026-07-08 17:29:09
(3 days ago)
216.22.5.86 - - [08/Jul/2026:17:29:08 +0000] "GET /.env HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows ...
show more
216.22.5.86 - - [08/Jul/2026:17:29:08 +0000] "GET /.env HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/121.0.0.0 Safari/537.36"
...
show less
Web App Attack
Hacking
π¬π§
Don Felip
2026-07-08 15:29:30
(3 days ago)
Web Exploiter - Banned by Fail2Ban
Hacking
Web App Attack
πΊπΈ
ThreatHunter7
2026-07-08 15:00:02
(3 days ago)
Malicious scanning/attack activity detected. 12 suspicious requests from this IP.
Web App Attack
πΈπ¬
anotherwatcher
2026-07-08 09:45:06
(4 days ago)
bad bot
Bad Web Bot