๐ช๐ธ
NullBlue
2026-07-14 09:57:21
(5 hours ago)
Web app attack: scanning for secrets/exploits (.env/.git/PHPUnit CVE). Captured by NullBlue67 honeyp ...
show more
Web app attack: scanning for secrets/exploits (.env/.git/PHPUnit CVE). Captured by NullBlue67 honeypot.
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 04:50:25
(10 hours ago)
(mod_security) mod_security (id:949110) triggered by 140.248.75.49 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:949110) triggered by 140.248.75.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 00:50:13.022880 2026] [security2:error] [pid 10824:tid 10824] [client 140.248.75.49:17214] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "mail.21oaksfarm.com"] [uri "/.git/HEAD"] [unique_id "alXABRXT6b1tf7Juxkb_5gAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 01:05:08
(13 hours ago)
(mod_security) mod_security (id:210492) triggered by 140.248.75.49 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 140.248.75.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 21:05:00.102828 2026] [security2:error] [pid 17812:tid 17812] [client 140.248.75.49:13536] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.abramczuk.me"] [uri "/.git/HEAD"] [unique_id "alWLPMDdj2O8uCjy-7fxwgAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 13:11:50
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 140.248.75.49 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 140.248.75.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 09:11:44.835454 2026] [security2:error] [pid 13955:tid 13955] [client 140.248.75.49:18176] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.igpcloud.biz"] [uri "/.git/HEAD"] [unique_id "alTkEKQSUWDhfJ3m40IZpAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ญ๐บ
bcsaba
2026-07-12 05:01:15
(2 days ago)
Probing for .git:
140.248.75.49 - - [12/Jul/2026:07:01:13 +0200] "GET /.git/config HTTP/1.1" 400 230 ...
show more
Probing for .git:
140.248.75.49 - - [12/Jul/2026:07:01:13 +0200] "GET /.git/config HTTP/1.1" 400 230 "-" "git/2.39.2"
show less
Web App Attack
๐ฉ๐ช
iNetWorker
2026-07-11 18:40:44
(2 days ago)
firewall-block, port(s): 443/tcp
Port Scan
๐บ๐ธ
TPI-Abuse
2026-07-11 15:17:52
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 140.248.75.49 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 140.248.75.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 11:17:47.652682 2026] [security2:error] [pid 10166:tid 10166] [client 140.248.75.49:60048] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "customprintedinvitations.com"] [uri "/.git/config"] [unique_id "alJem376jfx9hCVs6SJz7gAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 17:04:15
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 140.248.75.49 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 140.248.75.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 13:04:11.244379 2026] [security2:error] [pid 17045:tid 17045] [client 140.248.75.49:37228] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "createmaine.arsenaultartistmanagement.com"] [uri "/.git/config"] [unique_id "alEmCxiYPe81eBJImihZ3QAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฟ
Antinson
2026-07-09 17:28:07
(4 days ago)
Requests to unauthorized or suspicious endpoints (.git, .well-known, .php, etc.)
Bad Web Bot
๐น๐ผ
tye
2026-07-08 08:44:57
(6 days ago)
Wazuh Alert Evidence: 140.248.75.49 (140.248.75.49) - - [08/Jul/2026:16:44:55 +0800] "GET /.git/HEAD ...
show more
Wazuh Alert Evidence: 140.248.75.49 (140.248.75.49) - - [08/Jul/2026:16:44:55 +0800] "GET /.git/HEAD HTTP/1.1" 404 5194 "-" "git/2.39.2"
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 03:49:26
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 140.248.75.49 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 140.248.75.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 23:49:19.272213 2026] [security2:error] [pid 27935:tid 27943] [client 140.248.75.49:48448] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.gemini.pe"] [uri "/.git/HEAD"] [unique_id "ak3Iv5RDi6jiXi1nRXV14gAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 02:42:36
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 140.248.75.49 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 140.248.75.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 22:42:28.646137 2026] [security2:error] [pid 15290:tid 15431] [client 140.248.75.49:63408] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.smarterproductions.com"] [uri "/.git/config"] [unique_id "ak25FBuKak2PviL4KteJmAAAAow"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 02:33:54
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 140.248.75.49 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 140.248.75.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 22:33:48.657626 2026] [security2:error] [pid 18859:tid 18859] [client 140.248.75.49:44400] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kanata.ws"] [uri "/.git/HEAD"] [unique_id "akxljMUCJe86u43_kByjCgAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Marc
2026-07-06 19:51:48
(1 week ago)
140.248.75.49 - - [06/Jul/2026:21:51:47 +0200] "GET /.git/config HTTP/1.1" 404 3226 "-" "git/2.39.2" ...
show more
140.248.75.49 - - [06/Jul/2026:21:51:47 +0200] "GET /.git/config HTTP/1.1" 404 3226 "-" "git/2.39.2" 140.248.75.49 - - [06/Jul/2026:21:51:47 +0200] "GET /.git/HEAD HTTP/1.1" 404 3226 "-" "git/2.39.2" 140.248.75.49 - - [06/Jul/2026:21:51:47 +0200] "GET /.git/HEAD HTTP/1.1" 404 3227 "-" "git/2.39.2"
show less
Brute-Force
๐ซ๐ฎ
inlink.ltd
2026-07-06 08:06:51
(1 week ago)
dot file probe
Web App Attack