Anonymous
2026-07-09 23:20:03
(23 hours ago)
IP banned by Fail2Ban in jail nginx-abusive-ips
Web App Attack
Brute-Force
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-09 22:43:16
(23 hours ago)
(mod_security) mod_security (id:210492) triggered by 162.243.201.43 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 162.243.201.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 18:43:13.191317 2026] [security2:error] [pid 1767621:tid 1767621] [client 162.243.201.43:64457] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "summit1000.group"] [uri "/.git/config"] [unique_id "alAkAYOw0rXGcwfghaXQQgAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ต๐ฑ
sefinek.net
2026-07-09 22:34:23
(23 hours ago)
Triggered Cloudflare WAF (firewallCustom) from US.
Action: BLOCK | Protocol: HTTP/1.1 (GET) | Endpoi ...
show more
Triggered Cloudflare WAF (firewallCustom) from US.
Action: BLOCK | Protocol: HTTP/1.1 (GET) | Endpoint: /.git/config | UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 โข Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐ฉ๐ช
HERA - Operations
2026-07-09 21:26:57
(1 day ago)
herrmann - searching for vulnerable scripts: config 2026/07/09 23:26:57
Web App Attack
๐ฉ๐ช
webko.si
2026-07-09 21:22:49
(1 day ago)
BARUTANA.si: Bruteforce web app access, URI detail: '/.git/config'.
Web App Attack
๐ฌ๐ง
OptimusGO
2026-07-09 20:58:47
(1 day ago)
Malicious activity detected: web_attack
Server: commstackbc (185.127.18.66)
Attack: web_attack
Time ...
show more
Malicious activity detected: web_attack
Server: commstackbc (185.127.18.66)
Attack: web_attack
Timestamp: 2026-07-09 21:58:47 UTC
Log evidence:
07/09/2026-21:58:46.567264 [wDrop] [**] [1:7000910:1] FINSERV CRITICAL: Git Repository Access [**] [Classification: Web Application Attack] [Priority: 1] {TCP} 162.243.201.43:51992 -> 185.127.18.66:80
07/09/2026-21:58:46.567264 [**] [1:1000112:1] SECURITY CRITICAL: Git Config File Access Attempt [**] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 162.243.201.43:51992 -> 185.127.18.66:80
show less
Port Scan
Brute-Force
๐จ๐ญ
๐จ๐ญ Hosting
2026-07-09 20:50:03
(1 day ago)
Automated security scanning detected: Git Repository Config Exposure. Systematic reconnaissance usin ...
show more
Automated security scanning detected: Git Repository Config Exposure. Systematic reconnaissance using automated tools.
show less
Web App Attack
๐ณ๐ฑ
enpepet
2026-07-09 20:36:08
(1 day ago)
GENERAL: parametres: [url:git=] UA:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like G ...
show more
GENERAL: parametres: [url:git=] UA:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 URL:/.git/config
show less
Port Scan
Hacking
Brute-Force
Bad Web Bot
๐ฎ๐น
Inartis
2026-07-09 20:31:35
(1 day ago)
162.243.201.43 - - [09/Jul/2026:19:49:27 +0200] "GET /.git/config HTTP/1.1" 404 45457 "-" "Mozilla/5 ...
show more
162.243.201.43 - - [09/Jul/2026:19:49:27 +0200] "GET /.git/config HTTP/1.1" 404 45457 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
162.243.201.43 - - [09/Jul/2026:22:31:34 +0200] "GET /.git/config HTTP/1.1" 302 515 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
162.243.201.43 - - [09/Jul/2026:22:31:34 +0200] "GET /.git/config HTTP/1.1" 403 5570 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
...
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 19:41:05
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 162.243.201.43 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 162.243.201.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 15:41:00.562642 2026] [security2:error] [pid 6160:tid 6160] [client 162.243.201.43:62987] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "zztp.ws"] [uri "/.git/config"] [unique_id "ak_5TBq6Lok-fWo3C7pbngAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-09 19:28:18
(1 day ago)
162.243.201.43 - - [10/Jul/2026:03:28:18 +0800] "GET /.git/config HTTP/1.1" 200 19012 "-" "Mozilla/5 ...
show more
162.243.201.43 - - [10/Jul/2026:03:28:18 +0800] "GET /.git/config HTTP/1.1" 200 19012 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
...
show less
Bad Web Bot
Web App Attack
๐ซ๐ท
Little Iguana
2026-07-09 18:18:28
(1 day ago)
Attempt to hack Wordpress Login, XMLRPC or other login
Hacking
๐จ๐ญ
4server
2026-07-09 18:08:13
(1 day ago)
[ThuJul0920:08:08.1528062026][security2:error][pid1672427:tid1672682][client162.243.201.43:0]ModSecu ...
show more
[ThuJul0920:08:08.1528062026][security2:error][pid1672427:tid1672682][client162.243.201.43:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".git\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"creazione-siti-ticino.ch\"][uri\"/.git/config\"][unique_id\"ak_jiKbYHNZaIE9lpejT4QAAAYQ\"]
show less
Hacking
Web App Attack
Anonymous
2026-07-09 18:04:25
(1 day ago)
162.243.201.43 - - [09/Jul/2026:20:04:24 +0200] "GET /.git/config HTTP/1.1" 301 169 "-" "Mozilla/5.0 ...
show more
162.243.201.43 - - [09/Jul/2026:20:04:24 +0200] "GET /.git/config HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
show less
Web App Attack
๐ฌ๐ง
consul.to
2026-07-09 17:00:56
(1 day ago)
Web attack/malicious scanning detected
Web App Attack