๐ฉ๐ช
paissangroup
2026-07-01 06:16:33
(1 hour ago)
Multiple WAF Violations
Web App Attack
๐ฉ๐ช
maxpower
2026-07-01 06:09:54
(1 hour ago)
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 65.109.211.195 (FI/Finland/static.195.21 ...
show more
(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 65.109.211.195 (FI/Finland/static.195.211.109.65.clients.your-server.de): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 65.109.211.195 - - [01/Jul/2026:08:09:42 +0200] "GET /secrets.json HTTP/1.1" 404 355 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)" "-" host=ilfungarolo.it
65.109.211.195 - - [01/Jul/2026:08:09:47 +0200] "GET /config/secrets.yml HTTP/1.1" 404 355 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)" "-" host=ilfungarolo.it
show less
Port Scan
๐บ๐ธ
abenage
2026-07-01 06:05:41
(1 hour ago)
65.109.211.195 - - [01/Jul/2026:00:05:41 -0600] "GET /api/settings HTTP/1.1" 404 564 "-" "Mozilla/5. ...
show more
65.109.211.195 - - [01/Jul/2026:00:05:41 -0600] "GET /api/settings HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
show less
Bad Web Bot
Web App Attack
๐ฉ๐ช
ger-stg-sifi1
2026-07-01 03:55:54
(3 hours ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐ฌ๐ง
Axel
2026-07-01 03:48:02
(3 hours ago)
Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /.env.tmp Ser ...
show more
Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /.env.tmp Server: UK-01
show less
Web App Attack
Hacking
SQL Injection
Anonymous
2026-07-01 03:39:21
(4 hours ago)
65.109.211.195 - - [01/Jul/2026:05:39:19 +0200] "GET /.env HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windo ...
show more
65.109.211.195 - - [01/Jul/2026:05:39:19 +0200] "GET /.env HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
65.109.211.195 - - [01/Jul/2026:05:39:19 +0200] "GET /.env HTTP/1.1" 404 293 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
65.109.211.195 - - [01/Jul/2026:05:39:19 +0200] "GET /.env.local HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
65.109.211.195 - - [01/Jul/2026:05:39:19 +0200] "GET /.env.local HTTP/1.1" 404 293 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
65.109.211.195 - - [01/Jul/2026:05:39:19 +0200] "GET /.env.production HTTP/1.1" 404 454 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.3
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 03:18:31
(4 hours ago)
(mod_security) mod_security (id:210492) triggered by 65.109.211.195 (static.195.211.109.65.clients.y ...
show more
(mod_security) mod_security (id:210492) triggered by 65.109.211.195 (static.195.211.109.65.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 23:18:25.385215 2026] [security2:error] [pid 13666:tid 13676] [client 65.109.211.195:59199] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nimbll.com"] [uri "/.env"] [unique_id "akSHAShKFEk-RLKM0HNLywAAAUc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-01 01:59:43
(5 hours ago)
65.109.211.195 - - [01/Jul/2026:01:59:42 +0000] "GET /.env.old HTTP/1.1" 404 49928 "-" "Mozilla/5.0 ...
show more
65.109.211.195 - - [01/Jul/2026:01:59:42 +0000] "GET /.env.old HTTP/1.1" 404 49928 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 01:29:40
(6 hours ago)
(mod_security) mod_security (id:210492) triggered by 65.109.211.195 (static.195.211.109.65.clients.y ...
show more
(mod_security) mod_security (id:210492) triggered by 65.109.211.195 (static.195.211.109.65.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 21:29:34.125279 2026] [security2:error] [pid 31269:tid 31269] [client 65.109.211.195:61280] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.thedoodlists.danafrostick.com"] [uri "/.env"] [unique_id "akRtfiNrnmhJRzzOLBDOHAAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ท๐บ
DZBOT
2026-07-01 01:14:49
(6 hours ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐บ๐ธ
CounterScrape
2026-07-01 00:02:41
(7 hours ago)
CounterScrape Deception: Bot identified as HONEYTOKEN_HIT (Unauthorized access attempt to leaked hon ...
show more
CounterScrape Deception: Bot identified as HONEYTOKEN_HIT (Unauthorized access attempt to leaked honeytoken infrastructure subdomain). Trapped in honeypot. Concurrency hits: 4. Bandwidth drained: 0.0 MB.
show less
Bad Web Bot
Port Scan
Anonymous
2026-06-30 23:14:03
(8 hours ago)
(mod_security) mod_security triggered on hostname [redacted] 65.109.211.195 (FI/Finland/static.195.2 ...
show more
(mod_security) mod_security triggered on hostname [redacted] 65.109.211.195 (FI/Finland/static.195.211.109.65.clients.your-server.de)
show less
SQL Injection
Anonymous
2026-06-30 22:27:15
(9 hours ago)
(caddyscan) Scanner path probe from 65.109.211.195 (FI/Finland/static.195.211.109.65.clients.your-se ...
show more
(caddyscan) Scanner path probe from 65.109.211.195 (FI/Finland/static.195.211.109.65.clients.your-server.de): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 65.109.211.195 - - [30/Jun/2026:22:27:09 +0000] "GET /.env.vault HTTP/1.1"
[REDACTED] 200 2627 65.109.211.195 - - [30/Jun/2026:22:27:09 +0000] "GET /.aws/credentials HTTP/1.1"
[REDACTED] 200 2627 65.109.211.195 - - [30/Jun/2026:22:27:10 +0000] "GET /.aws/config HTTP/1.1"
[REDACTED] 200 2627 65.109.211.195 - - [30/Jun/2026:22:27:10 +0000] "GET /storage/framework/.env HTTP/1.1"
[REDACTED] 200 2627 65.109.211.195 - - [30/Jun/2026:22:27:11 +0000] "GET /laravel/.env HTTP/1.1"
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-06-30 22:26:23
(9 hours ago)
(mod_security) mod_security (id:210492) triggered by 65.109.211.195 (static.195.211.109.65.clients.y ...
show more
(mod_security) mod_security (id:210492) triggered by 65.109.211.195 (static.195.211.109.65.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 18:26:17.206371 2026] [security2:error] [pid 9617:tid 9617] [client 65.109.211.195:54424] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gh057.io"] [uri "/.env.test"] [unique_id "akRCiQa-qm5Tqa5kD5otbQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-30 21:58:44
(9 hours ago)
Excessive multi-domain requests
Brute-Force