πΊπΈ
itsnixk
2026-07-07 12:00:39
(1 day ago)
(mod_security) mod_security (id:920350) triggered by 35.240.65.109 (BE/Belgium/109.65.240.35.bc.goog ...
show more
(mod_security) mod_security (id:920350) triggered by 35.240.65.109 (BE/Belgium/109.65.240.35.bc.googleusercontent.com): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Tue Jul 07 08:00:36.113804 2026] [security2:error] [pid 1445258:tid 1445353] [client 35.240.65.109:40918] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+|\\\\[[\\\\da-f:]+\\\\]|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "773"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.26.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/"] [unique_id "akzqZIv4hwZvsmgEEIknBgAAAAw"]
show less
Port Scan
πΊπΈ
zwebvigil
2026-07-07 10:53:03
(1 day ago)
35.240.65.109 [07/Jul/2026:03:52:59 -0700] "GET / HTTP/1.1" 401 381 "-" port=49960 "Mozilla/5.0 (co ...
show more
35.240.65.109 [07/Jul/2026:03:52:59 -0700] "GET / HTTP/1.1" 401 381 "-" port=49960 "Mozilla/5.0 (compatible)" "-" "-" "<ipaddr>" 695
35.240.65.109 [07/Jul/2026:03:52:59 -0700] "GET / HTTP/1.1" 401 381 "-" port=49974 "Mozilla/5.0 (compatible; nmap-http-info)" "-" "-" "<ipaddr>" 452
35.240.65.109 [07/Jul/2026:03:53:01 -0700] "OPTIONS / HTTP/1.1" 401 381 "-" port=60174 "Mozilla/5.0 (compatible)" "-" "-" "<ipaddr>" 421
35.240.65.109 [07/Jul/2026:03:53:02 -0700] "GKLB / HTTP/1.1" 401 381 "-" port=60190 "Mozilla/5.0 (compatible)" "-" "-" "<ipaddr>" 442
35.240.65.109 [07/Jul/2026:03:53:02 -0700] "GET / HTTP/1.1" 401 381 "-" port=60196 "Mozilla/5.0 (compatible)" "-" "-" "<ipaddr>" 263
35.240.65.109 [07/Jul/2026:03:53:03 -0700] "POST / HTTP/1.1" 401 381 "-" port=60218 "Mozilla/5.0 (compatible)" "-" "-
show less
Web App Attack
πΉπ·
SeczarSecureOps
2026-07-07 10:48:50
(1 day ago)
Auto-blocked by Seczar SecureOps β IPS Web Attack Signature (1 events in 5min) at 2026-07-07 10:48
Web App Attack
Bad Web Bot
πΊπΈ
HamSammich
2026-07-07 10:45:20
(1 day ago)
Automated sensor: 1 HTTP connection/probe attempts on port(s) 80 over the last 24h (latest 2026-07-0 ...
show more
Automated sensor: 1 HTTP connection/probe attempts on port(s) 80 over the last 24h (latest 2026-07-07T10:45Z).
show less
Brute-Force
Web App Attack
Anonymous
2026-07-07 10:14:02
(1 day ago)
35.240.65.109 - - [07/Jul/2026:10:13:56 +0000] "\x16\x03\x01\x05\xC4\x01\x00\x05\xC0\x03\x03\xA4XC5l ...
show more
35.240.65.109 - - [07/Jul/2026:10:13:56 +0000] "\x16\x03\x01\x05\xC4\x01\x00\x05\xC0\x03\x03\xA4XC5lj\xDC\xB1\xE0\xA5\x87\x93\xC9}\x94 im\xC7\xF0\xF5,\xF8\xF1\x05\xEC\xA9\x94\xCD\xC9n# )\xD2M\xCDK6\xC4\xF83n\x81\xF2\xFD\xA3\xCF\x89]\xA8M\x19\xDB[\x7F\xD6g\xB0" 400 150 "-" "-" "-"
35.240.65.109 - - [07/Jul/2026:10:14:02 +0000] ";\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\xD4\x07\x00\x00\x00\x00\x00\x00admin.$cmd\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFF\x14\x00\x00\x00\x01hello\x00\x00\x00\x00\x00\x00\x00\xF0?\x00" 400 150 "-" "-" "-"
...
show less
Port Scan
Brute-Force
π¦πΊ
FEWA
2026-07-07 10:04:58
(1 day ago)
Fail2Ban Ban Triggered
Hacking
Bad Web Bot
Web App Attack
π³π±
WinnieHoneypots
2026-07-07 09:43:04
(1 day ago)
Spraying garbage or empty requests on HTTP/S - [\x16\x03\x00\x00i\x01\x00\x00e\x03\x03U\x1C\xA7\xE4r ...
show more
Spraying garbage or empty requests on HTTP/S - [\x16\x03\x00\x00i\x01\x00\x00e\x03\x03U\x1C\xA7\xE4random1random2random3random4\x00\x00\x0C\x00/\x00], obvious automated scanner or botnet minion
show less
Port Scan
Web App Attack
π©πͺ
Admins@FBN
2026-07-07 09:31:22
(1 day ago)
FW-PortScan: Traffic Blocked srcport=16180 dstport=80
Port Scan
π©πͺ
patrisei
2026-07-07 09:26:52
(1 day ago)
You are now banned for 10 years by Schiffdorf-West Patrol. Trigger: crowdsecurity/http-probing
Port Scan
Web App Attack
πΈπ¬
serverutama
2026-07-07 09:19:09
(1 day ago)
fail2ban[nginx-bad-request]: malformed/bad HTTP requests.
Web App Attack
πΊπΈ
johnkarlhill
2026-07-07 08:30:03
(1 day ago)
WebKnight blocked malicious web request on johnkarlhill.com
Brute-Force
SSH
ππΊ
HoneyPotEu
2026-07-07 08:27:17
(1 day ago)
35.240.65.109 - - _ [07/Jul/2026:10:27:01 +0200] "\x16\x03\x00\x00i\x01\x00\x00e\x03\x03U\x1C\xA7\xE ...
show more
35.240.65.109 - - _ [07/Jul/2026:10:27:01 +0200] "\x16\x03\x00\x00i\x01\x00\x00e\x03\x03U\x1C\xA7\xE4random1random2random3random4\x00\x00\x0C\x00/\x00" 400 150 "-" "-" 0.101 - -
...
show less
Bad Web Bot
Web App Attack
π³π±
donarev419
2026-07-07 08:21:15
(1 day ago)
Connection to port 80 with data transfer.
Data preview: GET / HTTP/1.1
Host: 109.110.170.76:80
Use ...
show more
Connection to port 80 with data transfer.
Data preview: GET / HTTP/1.1
Host: 109.110.170.76:80
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Apple
show less
Port Scan
Hacking
Anonymous
2026-07-07 08:16:28
(1 day ago)
Probing for known exploit paths (.env, .git, wp-admin, shell files, etc.). Single-strike ban policy ...
show more
Probing for known exploit paths (.env, .git, wp-admin, shell files, etc.). Single-strike ban policy β zero tolerance for exploit scanning. Banned Jul 7, 08:16 UTC. Origin: Belgium, Brussels.
show less
Hacking
Bad Web Bot
Web App Attack
π©πͺ
MaxMeier
2026-07-07 08:00:25
(1 day ago)
35.240.65.109 - - [07/Jul/2026:09:58:11 +0200] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 1 ...
show more
35.240.65.109 - - [07/Jul/2026:09:58:11 +0200] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
35.240.65.109 - - [07/Jul/2026:09:58:11 +0200] "\x16\x03\x01\x05\xC4\x01\x00\x05\xC0\x03\x03\xBB\xD2 L\xB9c\xD3T\x1E\x94\xFD\x87]\xBA\xC4w\xCE\xB5\x05E\x1D\xEB\x8ER=\x22\xC5\x12\xED\x9A\x0B4 \x87\xC6\xFA\x8Dm\x9C4M\xD2\xF5h\x01\xE2\x09\xD6\xA6#?\x9B\x07\x8B[\x85\xB28\xE7u~<M\xCD\xD0\x002\xC0+\xC0/\xC0,\xC00\xCC\xA9\xCC\xA8\xC0\x09\xC0\x13\xC0" 400 150 "-" "-"
35.240.65.109 - - [07/Jul/2026:09:58:11 +0200] "GET / HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36"
35.240.65.109 - - [07/Jul/2026:09:58:16 +0200] ";\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\xD4\x07\x00\x00\x00\x00\x00\x00admin.$cmd\x00\x00\x00\x00\x00\xFF\xFF\xFF\xFF\x14\x00\x00\x00\x01hello\x00\x00\x00\x00\x00\x00\x00\xF0?\x00" 400 150 "-" "-"
35.240.65.1
...
show less
Bad Web Bot
Web App Attack