๐บ๐ธ
TPI-Abuse
2026-06-30 10:52:03
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 06:51:58.318201 2026] [security2:error] [pid 11653:tid 11653] [client 109.207.132.27:27958] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gurneysbottleshop.com"] [uri "/sftp-config.json"] [unique_id "akOfzmLWUvjjNzpHlq9AbwAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 09:35:26
(3 days ago)
(mod_security) mod_security (id:949110) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:949110) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 05:35:18.140444 2026] [security2:error] [pid 18591:tid 18591] [client 109.207.132.27:4164] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "gupta.net"] [uri "/sftp-config.json"] [unique_id "akON1s6AGNJ-6XnNF-O9qQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 03:13:36
(3 days ago)
(mod_security) mod_security (id:210580) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210580) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 23:13:28.882014 2026] [security2:error] [pid 14870:tid 14870] [client 109.207.132.27:31190] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "sftp-config.json" at REQUEST_COOKIES:handl_landing_page. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||gulftelecom.com|F|2"] [data "Matched Data: sftp-config.json found within REQUEST_COOKIES:handl_landing_page: https:/greenmediasummit.com/sftp-config.json"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "gulftelecom.com"] [uri "/.vscode/sftp.json"] [unique_id "akM0WNbBHacHQaSMZnEipQAAABo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ญ
4server
2026-06-29 00:40:39
(4 days ago)
[MonJun2902:40:33.9913662026][security2:error][pid4182641:tid4182649][client109.207.132.27:0]ModSecu ...
show more
[MonJun2902:40:33.9913662026][security2:error][pid4182641:tid4182649][client109.207.132.27:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\\\\\\\\.vscode/\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"1189\"][id\"350593\"][rev\"1\"][msg\"Atomicorp.comWAFRules:AttackBlocked-Dataleakage-attempttoaccessstoredvscodepasswords\"][severity\"CRITICAL\"][hostname\"gsdsagl.ch\"][uri\"/.vscode/sftp.json\"][unique_id\"akG_AayfAMZWBUGSXM7O0wAAAQY\"]
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 18:34:04
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 14:33:58.415441 2026] [security2:error] [pid 8588:tid 8588] [client 109.207.132.27:14736] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "grupo-visalud.com"] [uri "/sftp-config.json"] [unique_id "akFpFgC-cOIgaTiogyAPPQAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 21:22:15
(6 days ago)
(mod_security) mod_security (id:210580) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210580) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 17:22:09.164220 2026] [security2:error] [pid 29714:tid 29714] [client 109.207.132.27:26986] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "sftp-config.json" at REQUEST_COOKIES:handl_landing_page. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||gregquinn.com|F|2"] [data "Matched Data: sftp-config.json found within REQUEST_COOKIES:handl_landing_page: https:/greenmediasummit.com/sftp-config.json"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "gregquinn.com"] [uri "/.vscode/sftp.json"] [unique_id "akA_ASDb0MHCUdmjHOexdQAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 16:51:28
(6 days ago)
(mod_security) mod_security (id:210580) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210580) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 12:51:24.074769 2026] [security2:error] [pid 13016:tid 13016] [client 109.207.132.27:35076] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "sftp-config.json" at REQUEST_COOKIES:handl_landing_page. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||greenmountainfeeds.com|F|2"] [data "Matched Data: sftp-config.json found within REQUEST_COOKIES:handl_landing_page: https:/greenmediasummit.com/sftp-config.json"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "greenmountainfeeds.com"] [uri "/.vscode/sftp.json"] [unique_id "aj__jLjcqXiFVgF-CoK2CQAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 10:28:42
(6 days ago)
(mod_security) mod_security (id:210492) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 06:28:36.725271 2026] [security2:error] [pid 15478:tid 15478] [client 109.207.132.27:38174] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "greatnorthernstrategies.com"] [uri "/sftp-config.json"] [unique_id "aj-l1OOHUMBSwlHxcD9pjwAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
openstrike.co.uk
2026-06-27 05:16:01
(6 days ago)
2 attacks on password grabbing URLs:
GET /.vscode/sftp.json HTTP/1.1
Hacking
๐ฉ๐ช
big-cloud.nl
2026-06-26 22:41:39
(1 week ago)
Try to access /.vscode/sftp.json
Web App Attack
๐ซ๐ท
Baking333
2026-06-25 11:21:40
(1 week ago)
[redacted] 109.207.132.27 - - [25/Jun/2026:12:21:38 +0100] "GET /[redacted] HTTP/1.1" 302 1623 0/267 ...
show more
[redacted] 109.207.132.27 - - [25/Jun/2026:12:21:38 +0100] "GET /[redacted] HTTP/1.1" 302 1623 0/267287 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" [redacted] 109.207.132.27 - - [25/Jun/2026:12:21:38 +0100] "GET /[redacted] HTTP/1.1" 302 1537 0/89989 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 11:20:57
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 07:20:51.968175 2026] [security2:error] [pid 30257:tid 30257] [client 109.207.132.27:35308] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "trendwolf.org"] [uri "/sftp-config.json"] [unique_id "aj0PE1I9TrofrBux5QRx6QAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
4server
2026-06-25 03:02:01
(1 week ago)
[ThuJun2505:01:59.7105732026][security2:error][pid1422450:tid1422455][client109.207.132.27:0]ModSecu ...
show more
[ThuJun2505:01:59.7105732026][security2:error][pid1422450:tid1422455][client109.207.132.27:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\\\\\\\\.vscode/\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"1189\"][id\"350593\"][rev\"1\"][msg\"Atomicorp.comWAFRules:AttackBlocked-Dataleakage-attempttoaccessstoredvscodepasswords\"][severity\"CRITICAL\"][hostname\"traslochisubito.ch\"][uri\"/.vscode/sftp.json\"][unique_id\"ajyaJ2pNtMIIxfkiDzA2xwAAAII\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-24 21:03:47
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 17:03:41.960940 2026] [security2:error] [pid 31931:tid 31931] [client 109.207.132.27:7026] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "trailer.services"] [uri "/sftp-config.json"] [unique_id "ajxGLV8Oqt87SIFn9ihblwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-24 16:55:10
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 109.207.132.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 12:55:05.492588 2026] [security2:error] [pid 28779:tid 28789] [client 109.207.132.27:10226] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "traceyschaper.com"] [uri "/sftp-config.json"] [unique_id "ajwL6bmd1D84z3Q6w373YQAAAEg"]
show less
Brute-Force
Bad Web Bot
Web App Attack