๐บ๐ธ
TPI-Abuse
2026-07-17 09:33:43
(10 hours ago)
(mod_security) mod_security (id:210492) triggered by 3.99.162.239 (ec2-3-99-162-239.ca-central-1.com ...
show more
(mod_security) mod_security (id:210492) triggered by 3.99.162.239 (ec2-3-99-162-239.ca-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 05:33:37.841614 2026] [security2:error] [pid 30563:tid 30563] [client 3.99.162.239:52234] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.cottrellfamily.com.cottrel.com"] [uri "/.git/config"] [unique_id "aln28RfmrcaZxrDjUZgx5wAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-17 07:51:08
(11 hours ago)
3.99.162.239 - - [17/Jul/2026:09:51:08 +0200] "POST / HTTP/1.1" 403 183 "-" "Mozilla/5.0 (Windows NT ...
show more
3.99.162.239 - - [17/Jul/2026:09:51:08 +0200] "POST / HTTP/1.1" 403 183 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
3.99.162.239 - - [17/Jul/2026:09:51:08 +0200] "POST / HTTP/1.1" 403 183 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
3.99.162.239 - - [17/Jul/2026:09:51:08 +0200] "POST / HTTP/1.1" 403 183 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
3.99.162.239 - - [17/Jul/2026:09:51:08 +0200] "GET /.git/config HTTP/1.1" 403 183 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
3.99.162.239 - - [17/Jul/2026:09:51:08 +0200] "GET /.env HTTP/1.1" 403 183 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"
3.99.162.239 - - [17/Jul/2026:09:51:0
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 07:08:00
(12 hours ago)
(mod_security) mod_security (id:210492) triggered by 3.99.162.239 (ec2-3-99-162-239.ca-central-1.com ...
show more
(mod_security) mod_security (id:210492) triggered by 3.99.162.239 (ec2-3-99-162-239.ca-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 03:07:54.819305 2026] [security2:error] [pid 14293:tid 14293] [client 3.99.162.239:35554] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.costaricaencasa.galvez.cc"] [uri "/.git/config"] [unique_id "alnUyovkVY6uZN93VNt2eQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 05:20:18
(14 hours ago)
(mod_security) mod_security (id:210492) triggered by 3.99.162.239 (ec2-3-99-162-239.ca-central-1.com ...
show more
(mod_security) mod_security (id:210492) triggered by 3.99.162.239 (ec2-3-99-162-239.ca-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 01:20:13.912690 2026] [security2:error] [pid 306440:tid 306448] [client 3.99.162.239:57070] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.cosmetichouston.com.aafm.us"] [uri "/.git/config"] [unique_id "alm7jWjPk8ZVNP7fShUnSQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-17 04:06:06
(15 hours ago)
Excessive 404/403 errors
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-17 04:04:42
(15 hours ago)
(mod_security) mod_security (id:210492) triggered by 3.99.162.239 (ec2-3-99-162-239.ca-central-1.com ...
show more
(mod_security) mod_security (id:210492) triggered by 3.99.162.239 (ec2-3-99-162-239.ca-central-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 00:04:35.344198 2026] [security2:error] [pid 229573:tid 229573] [client 3.99.162.239:43292] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.cortona.ws.montepulciano.org"] [uri "/.git/config"] [unique_id "almp01hCuaH_4i4hIV3RIAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
VHosting
2026-07-17 03:30:04
(16 hours ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐ณ๐ฑ
homeshowdomain.nl
2026-07-16 22:03:13
(21 hours ago)
Auto-ban: >3000 req/min op 2026-07-16
Web App Attack
SSH
Hacking
๐จ๐ญ
4server
2026-07-16 18:27:38
(1 day ago)
[ThuJul1620:27:30.4123932026][security2:error][pid830137:tid830366][client3.99.162.239:0]ModSecurity ...
show more
[ThuJul1620:27:30.4123932026][security2:error][pid830137:tid830366][client3.99.162.239:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof\"rx\(\(\?:submit\(\?:\\\\\\\\ \|\)\?\(request\)\?\(\?:\\\\\\\\ \|\)\?\> \|\<\<\(\?:\\\\\\\\ \|\)remove\|\(\?:sign\?in\|log\?\(\?:in\|out\)\|next\|modifier\|envoyer\|add\|continue\|weiter\|account\|results\|select\)\(\?:\\\\\\\\ \|\)\?\> \)\$\|\^\<\?\\\\\\\\\?\?\(\?:\|\\\\\\\\ \)\?xml\|\^\<samlp\|\^\>\>\?\$\)\"against\"ARGS:0\"required.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"1025\"][id\"350147\"][rev\"168\"][msg\"Atomicorp.comWAFRules:PotentiallyUntrustedWebContentDetected\"][severity\"CRITICAL\"][hostname\"www.hosting-ticino-svizzera-com.ticino-hosting.ch\"][uri\"/\"][unique_id\"alkikltKsurGRbnXYNLQiQAAAYo\"]
show less
Hacking
Web App Attack
๐ซ๐ท
masterguru
2026-07-16 14:29:25
(1 day ago)
Restricted File Access Attempt. Matched phrase ".git/" at REQUEST_FILENAME. (930130-196)
Hacking
Web App Attack