๐ณ๐ฑ
Linuxmalwarehuntingnl
2025-05-29 09:59:53
(1 year ago)
Suspicious web activity: Multiple 404 status codes detected. Example request: "GET /.git/config HTTP ...
show more
Suspicious web activity: Multiple 404 status codes detected. Example request: "GET /.git/config HTTP/1.1"
show less
Brute-Force
Web App Attack
๐ณ๐ฑ
Linuxmalwarehuntingnl
2025-05-17 11:39:59
(1 year ago)
Suspicious web activity: Multiple 404 status codes detected. Example request: "GET /.git/config HTTP ...
show more
Suspicious web activity: Multiple 404 status codes detected. Example request: "GET /.git/config HTTP/1.1"
show less
Brute-Force
Web App Attack
๐ช๐ธ
Gem
2025-05-09 22:28:01
(1 year ago)
Unauthorized web scan.
Web App Attack
๐บ๐ธ
mnsf
2025-05-09 16:05:31
(1 year ago)
Too many Status 50X (12)
Brute-Force
Web App Attack
Anonymous
2025-05-09 10:37:57
(1 year ago)
[08/May/2025:01:00:14 -0400] "GET /.git/config HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKi ...
show more
[08/May/2025:01:00:14 -0400] "GET /.git/config HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
[08/May/2025:01:00:15 -0400] "GET /.git/config HTTP/1.1" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
show less
Hacking
๐ท๐บ
cybertailor
2025-05-09 06:30:24
(1 year ago)
170.64.172.2 - - [09/May/2025:01:15:22 +0500] "GET /.git/config HTTP/1.1" 404 178 "-" "Mozilla/5.0 ( ...
show more
170.64.172.2 - - [09/May/2025:01:15:22 +0500] "GET /.git/config HTTP/1.1" 404 178 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
170.64.172.2 - - [09/May/2025:01:15:23 +0500] "GET /.git/config HTTP/1.1" 404 178 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
170.64.172.2 - - [09/May/2025:09:53:55 +0500] "GET /.git/config HTTP/1.1" 404 178 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
170.64.172.2 - - [09/May/2025:09:53:57 +0500] "GET /.git/config HTTP/1.1" 404 178 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
170.64.172.2 - - [09/May/2025:11:30:22 +0500] "GET /.git/config HTTP/1.1" 404 178 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
...
show less
Port Scan
Anonymous
2025-05-09 06:11:14
(1 year ago)
2025-05-08T21:43:47.167916+02:00 myserver haproxy[1268411]: 170.64.172.2:54474 [08/May/2025:21:43:47 ...
show more
2025-05-08T21:43:47.167916+02:00 myserver haproxy[1268411]: 170.64.172.2:54474 [08/May/2025:21:43:47.167] http-in main/n-mon01 0/0/0/0/0 404 340 - - ---- 2/2/0/0/0 0/0 {myip} "GET /.git/config HTTP/1.1"
2025-05-08T21:43:48.054090+02:00 myserver haproxy[1268411]: 170.64.172.2:34934 [08/May/2025:21:43:48.054] http-in~ main/n-mon01 0/0/0/0/0 404 340 - - ---- 2/2/0/0/0 0/0 {myip} "GET /.git/config HTTP/1.1"
2025-05-08T23:00:55.763858+02:00 myserver haproxy[1268411]: 170.64.172.2:58004 [08/May/2025:23:00:55.762] http-in main/n-mon01 0/0/0/0/0 404 340 - - ---- 2/2/0/0/0 0/0 {myip} "GET /.git/config HTTP/1.1"
2025-05-08T23:00:56.639255+02:00 myserver haproxy[1268411]: 170.64.172.2:57982 [08/May/2025:23:00:56.637] http-in~ main/n-mon01 0/0/0/1/1 404 340 - - ---- 2/2/0/0/0 0/0 {myip} "GET /.git/config HTTP/1.1"
2025-05-09T02:57:08.804305+02:00 myserver haproxy[1268411]: 170.64.172.2:46230 [09/May/2025:02:57:08.803] http-in main/n-mon01 0/0/0/0
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-05-09 05:22:12
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 170.64.172.2 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 170.64.172.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 09 01:22:06.349253 2025] [security2:error] [pid 3281036:tid 3281036] [client 170.64.172.2:36386] [client 170.64.172.2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.185"] [uri "/.git/config"] [unique_id "aB2Q_jFWK3NWc6h9j1L4JwAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2025-05-09 03:03:40
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 170.64.172.2 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 170.64.172.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 08 23:03:32.014348 2025] [security2:error] [pid 3846419:tid 3846419] [client 170.64.172.2:57216] [client 170.64.172.2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.156"] [uri "/.git/config"] [unique_id "aB1whGHssenkCKqWjaj5QAAAACM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ธ๐ช
SkyDancer
2025-05-09 00:40:22
(1 year ago)
Multiple web intrusion attempts or RDP/SSH hacking using wrong credentials. Attack automatically blo ...
show more
Multiple web intrusion attempts or RDP/SSH hacking using wrong credentials. Attack automatically blocked by SkyDancer Ai. EXT-SYS-Ai-D
show less
Hacking
Brute-Force
SSH
๐ธ๐ช
mr_whitehat
2025-05-08 23:38:35
(1 year ago)
Probed for vulnerable web application: request line: /.git/config (Possible exploit:Scan for open gi ...
show more
Probed for vulnerable web application: request line: /.git/config (Possible exploit:Scan for open git repositories)
show less
Web App Attack
๐ท๐บ
apitree
2025-05-08 23:22:37
(1 year ago)
suspicious behavior judging by the logs from the server
Phishing
Port Scan
Hacking
Spoofing
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2025-05-08 23:00:06
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 170.64.172.2 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 170.64.172.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 08 18:59:59.507862 2025] [security2:error] [pid 762976:tid 762976] [client 170.64.172.2:40754] [client 170.64.172.2] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.247"] [uri "/.git/config"] [unique_id "aB03b46AEJvo8RnkVuC2qwAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
oh.mg
2025-05-08 22:51:07
(1 year ago)
[Fri May 09 00:51:06.743391 2025] [security2:error] [pid 2765011:tid 2765026] [client 170.64.172.2:5 ...
show more
[Fri May 09 00:51:06.743391 2025] [security2:error] [pid 2765011:tid 2765026] [client 170.64.172.2:59734] [client 170.64.172.2] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [ver "OWASP_CRS/4.10.0-dev"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "95.216.72.247"] [uri "/.git/config"] [unique_id "aB01Wu9lht0vjym7ux9hvAAAAUw"]
...
show less
Bad Web Bot
Web App Attack
Anonymous
2025-05-08 22:39:07
(1 year ago)
Infostealer / login credentials theft attempt: /.git/config
Hacking