Coordinated application-layer DDoS against git.mills.io (self-hosted Gitea), 2026-06-12 ~20:30-21:10 ...
show moreCoordinated application-layer DDoS against git.mills.io (self-hosted Gitea), 2026-06-12 ~20:30-21:10 UTC. Deliberately expensive multi-label Gitea issue-search queries (/issues?type=all&state=closed&sort=...&labels=<multiple IDs>, ~60-113s CPU each) flooded the backend via proxy/hosting networks. ~36,700 source IPs, ~1 request per IP, identical TLS fingerprint (TLS1.3 0x1301) and one spoofed Chrome UA = single automated tool.
show less
Requests denied due to proxy/VPN risk (tenant=82 method=GET path=/customer/account/login/referer/aHR ...
show moreRequests denied due to proxy/VPN risk (tenant=82 method=GET path=/customer/account/login/referer/aHR0cHM6Ly91bW5pdHphLmNvbS9jYXRhbG9nL3Byb2R1Y3Qvdmlldy9pZC83Mjk2LyNyZXZpZXctZm9ybQ~~/ ua='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Trailer/93.3.8652.5')
show less
Triggered Cloudflare WAF (firewallCustom) from JP.
Action taken: MANAGED_CHALLENGE
Protocol: HTTP/1. ...
show moreTriggered Cloudflare WAF (firewallCustom) from JP.
Action taken: MANAGED_CHALLENGE
Protocol: HTTP/1.1 (GET method)
Endpoint: /reports/152.32.247.54
UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.3
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less