π§πͺ
cmbplf
2026-06-15 08:40:13
(3 weeks ago)
1.400 requests with url.path */.git/config
Brute-Force
Bad Web Bot
π¨π
4server
2026-06-15 06:58:00
(3 weeks ago)
[MonJun1508:57:56.9752272026][security2:error][pid1943085:tid1943333][client34.116.101.137:0]ModSecu ...
show more
[MonJun1508:57:56.9752272026][security2:error][pid1943085:tid1943333][client34.116.101.137:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".git\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"www.rs-solution.ch.81-17-25-250.cpanel.site\"][uri\"/v2/.git/config\"][unique_id\"ai-idLeRedAatPi02l2pygAAARM\"]
show less
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-15 06:52:48
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 34.116.101.137 (137.101.116.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 34.116.101.137 (137.101.116.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 02:52:41.457767 2026] [security2:error] [pid 18637:tid 18637] [client 34.116.101.137:38062] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "vientodelevante.es"] [uri "/html/.git/config"] [unique_id "ai-hOXxlcNQlbxdsCTDmSwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-15 06:30:02
(3 weeks ago)
suspicious request in access.log
Web App Attack
π¬π§
consul.to
2026-06-15 06:19:20
(3 weeks ago)
Web attack/malicious scanning detected
Web App Attack
π¨π
Ribeye375
2026-06-15 06:08:11
(3 weeks ago)
HIPS web-exfiltration - Block tcp/0:65535
Web App Attack
π³π±
e.fierstra
2026-06-15 04:42:38
(3 weeks ago)
ModSecurity hits exceeded
Bad Web Bot
Web App Attack
π¨π¦
SSH-Admin
2026-06-15 04:00:04
(3 weeks ago)
Probing for Exploits on ns200
Exploited Host
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-15 02:34:42
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 34.116.101.137 (137.101.116.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 34.116.101.137 (137.101.116.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 22:34:36.902138 2026] [security2:error] [pid 6062:tid 6062] [client 34.116.101.137:37388] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "staging.indyrheumatology.com"] [uri "/v3/.git/config"] [unique_id "ai9kvI_Rv5yzAJl6b4wZ1AAAACA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
todix
2026-06-15 01:11:23
(3 weeks ago)
WebAttack or semilar from 34.116.101.137
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-15 00:38:47
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 34.116.101.137 (137.101.116.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 34.116.101.137 (137.101.116.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 20:38:40.103261 2026] [security2:error] [pid 20387:tid 20387] [client 34.116.101.137:49994] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "asermaq.cl"] [uri "/src/.git/config"] [unique_id "ai9JkO4HZaXnyxT4ok4j5gAAAFM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-15 00:09:53
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 34.116.101.137 (137.101.116.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 34.116.101.137 (137.101.116.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 20:09:49.744834 2026] [security2:error] [pid 26740:tid 26740] [client 34.116.101.137:60578] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lisarlee.com"] [uri "/v3/.git/config"] [unique_id "ai9CzbB5CNxgn65BqSorigAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π³πΏ
Antinson
2026-06-14 22:45:10
(3 weeks ago)
Requests to unauthorized or suspicious endpoints (.git, .well-known, .php, etc.)
Bad Web Bot
π©πͺ
Hary74656
2026-06-14 21:23:25
(3 weeks ago)
[Sun Jun 14 23:23:15.372166 2026] [security2:error] [pid 397773:tid 397850] [client 34.116.101.137:4 ...
show more
[Sun Jun 14 23:23:15.372166 2026] [security2:error] [pid 397773:tid 397850] [client 34.116.101.137:47204] [client 34.116.101.137] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /portal/.git/config"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "ip.aschi.at"] [uri "/portal/.git/config"] [unique_id "ai8bvpBIiOI6kJ0untYYkwAABCo"]
[Sun Jun 14 23:23:15.372175 2026] [security2:error] [pid 397635:tid 397741] [client 34.116.101.137:47198] [client 34.116.101.137] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.git/" at REQUEST_FIL
...
show less
Web App Attack
π³π±
wlt-blocker
2026-06-14 21:17:46
(3 weeks ago)
Unauthorized access to webpage admin
Web App Attack