๐บ๐ธ
TPI-Abuse
2026-07-15 11:17:50
(37 minutes ago)
(mod_security) mod_security (id:210492) triggered by 139.162.49.148 (139-162-49-148.ip.linodeusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 139.162.49.148 (139-162-49-148.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 07:17:45.863093 2026] [security2:error] [pid 29621:tid 29621] [client 139.162.49.148:62611] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "powdercoatovens.net"] [uri "/sftp-config.json"] [unique_id "aldsWbxvUCSgZOXCWMGvKgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-15 10:09:12
(1 hour ago)
139.162.49.148 - - [15/Jul/2026:12:08:58 +0200] "GET /sftp-config.json HTTP/1.1" 404 48097 "-" "Mozi ...
show more
139.162.49.148 - - [15/Jul/2026:12:08:58 +0200] "GET /sftp-config.json HTTP/1.1" 404 48097 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
139.162.49.148 - - [15/Jul/2026:12:08:59 +0200] "GET /sftp-config.json HTTP/1.1" 404 10971 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
139.162.49.148 - - [15/Jul/2026:12:09:00 +0200] "GET /.vscode/sftp.json HTTP/1.1" 404 48097 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
139.162.49.148 - - [15/Jul/2026:12:09:01 +0200] "GET /.vscode/sftp.json HTTP/1.1" 404 10971 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
139.162.49.148 - - [15/Jul/2026:12:09:02 +0200] "GET /.vscode/ftp-config.json HTTP/1.1" 404 48097 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
139.162.49.148 - - [15/Jul/2026:12:09:02 +0200] "GET /.vscode/ftp-config.json HTTP/1.1" 404
...
show less
Bad Web Bot
Web App Attack
๐ซ๐ฎ
diego021
2026-07-15 07:28:56
(4 hours ago)
139.162.49.148 pythonpirate.tech - [15/Jul/2026:02:28:52 -0500] "GET /sftp-config.json HTTP/1.1" 404 ...
show more
139.162.49.148 pythonpirate.tech - [15/Jul/2026:02:28:52 -0500] "GET /sftp-config.json HTTP/1.1" 404 158 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
139.162.49.148 pythonpirate.tech - [15/Jul/2026:02:28:53 -0500] "GET /.vscode/sftp.json HTTP/1.1" 404 158 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
139.162.49.148 pythonpirate.tech - [15/Jul/2026:02:28:55 -0500] "GET /.vscode/ftp-config.json HTTP/1.1" 404 158 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
139.162.49.148 pythonpirate.tech - [15/Jul/2026:02:28:56 -0500] "GET /.vscode/ftp-sync.json HTTP/1.1" 404 158 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
...
show less
Web App Attack
๐ฎ๐น
CoreTech srl
2026-07-15 05:03:57
(6 hours ago)
cloudlinux2 fail2ban: 2026-07-15 06:59:26,699 fail2ban.filter [1812]: INFO [plesk-wordpre ...
show more
cloudlinux2 fail2ban: 2026-07-15 06:59:26,699 fail2ban.filter [1812]: INFO [plesk-wordpress] Found 142.111.152.1 - 2026-07-15 06:59:26cloudlinux2 fail2ban: 2026-07-15 06:59:36,590 fail2ban.filter [1812]: INFO [plesk-wordpress] Found 45.8.19.151 - 2026-07-15 06:59:35cloudlinux2 fail2ban: 2026-07-15 06:59:36,192 fail2ban.filter [1812]: INFO [plesk-wordpress] Found 45.8.19.194 - 2026-07-15 06:59:35cloudlinux2 fail2ban: 2026-07-15 07:00:15,828 fail2ban.filter [1812]: INFO [plesk-modsecurity] Found 139.162.49.148 - 2026-07-15 07:00:15cloudlinux2 fail2ban: 2026-07-15 07:00:18,877 fail2ban.filter [1812]: INFO [plesk-modsecurity] Found 43.241.145.92 - 2026-07-15 07:00:18cloudlinux2 fail2ban: 2026-07-15 07:01:21,597 fail2ban.filter [1812]: INFO [plesk-modsecurity] Found 180.153.236.174 - 2026-07-15 07:01:21cloudlinux2 fail2ban: 2026-07-15 07:02:07,297 fail2ban.filter [1812]: INFO [plesk-modsecurity] Found 39.154.172.138 - 2026-07-15 07:02:07c
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 04:55:24
(6 hours ago)
(mod_security) mod_security (id:210492) triggered by 139.162.49.148 (139-162-49-148.ip.linodeusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 139.162.49.148 (139-162-49-148.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 00:55:16.722844 2026] [security2:error] [pid 23489:tid 23489] [client 139.162.49.148:49204] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "q-mice.com"] [uri "/sftp-config.json"] [unique_id "alcStOVcYkbqoFd6_s2MFQAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
mnsf
2026-07-14 22:05:23
(13 hours ago)
Too many Status 40X (18)
Brute-Force
Web App Attack
๐ฆ๐บ
2000cn.com.au
2026-07-14 21:41:39
(14 hours ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
Web App Attack
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-14 21:10:19
(14 hours ago)
(mod_security) mod_security (id:210492) triggered by 139.162.49.148 (139-162-49-148.ip.linodeusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 139.162.49.148 (139-162-49-148.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 17:10:14.597324 2026] [security2:error] [pid 31805:tid 31805] [client 139.162.49.148:55591] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "proboundary.com"] [uri "/sftp-config.json"] [unique_id "alaltiq87KWgNKddIzTyhQAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
consul.to
2026-07-14 21:00:35
(14 hours ago)
Web attack/malicious scanning detected
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 20:32:44
(15 hours ago)
(mod_security) mod_security (id:210492) triggered by 139.162.49.148 (139-162-49-148.ip.linodeusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 139.162.49.148 (139-162-49-148.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 16:32:37.193263 2026] [security2:error] [pid 567:tid 567] [client 139.162.49.148:52421] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "princessnapkins.com"] [uri "/sftp-config.json"] [unique_id "alac5S0DG9c3ClQpufzYnAAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ฆ
SSH-Admin
2026-07-14 19:00:05
(16 hours ago)
Probing for Exploits on ns200
Exploited Host
Web App Attack
๐จ๐ญ
4server
2026-07-14 17:45:18
(18 hours ago)
[TueJul1419:45:13.5029782026][security2:error][pid3910888:tid3911230][client139.162.49.148:0]ModSecu ...
show more
[TueJul1419:45:13.5029782026][security2:error][pid3910888:tid3911230][client139.162.49.148:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"probuild.ch\"][uri\"/sftp-config.json\"][unique_id\"alZ1qSBN23RyLumc0XIz-wAAAQA\"]
show less
Hacking
Web App Attack
๐จ๐ฆ
SSH-Admin
2026-07-14 15:46:02
(20 hours ago)
Probing for Exploits on ns230
Exploited Host
Web App Attack
๐ซ๐ท
masterguru
2026-07-14 13:54:11
(22 hours ago)
Restricted File Access Attempt. Matched phrase "config.json" at REQUEST_FILENAME. (930130-193)
Hacking
Web App Attack
๐ซ๐ท
masterguru
2026-07-14 13:25:09
(22 hours ago)
Restricted File Access Attempt. Matched phrase "config.json" at REQUEST_FILENAME. (930130-196)
Hacking
Web App Attack