๐บ๐ธ
TPI-Abuse
2026-07-08 16:48:50
(7 hours ago)
(mod_security) mod_security (id:210492) triggered by 158.115.254.30 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 158.115.254.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 12:48:41.811400 2026] [security2:error] [pid 5053:tid 5053] [client 158.115.254.30:15482] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "urie.to"] [uri "/sftp-config.json"] [unique_id "ak5_afy_CVKIhvCZHaplkwAAACk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 16:31:39
(8 hours ago)
(mod_security) mod_security (id:210492) triggered by 158.115.254.30 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 158.115.254.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 12:31:32.448353 2026] [security2:error] [pid 24253:tid 24253] [client 158.115.254.30:25522] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "prostar.industries"] [uri "/sftp-config.json"] [unique_id "ak57ZIRdImyRyAJtNUz90AAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 16:09:02
(8 hours ago)
(mod_security) mod_security (id:210492) triggered by 158.115.254.30 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 158.115.254.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 12:08:56.786953 2026] [security2:error] [pid 19526:tid 19526] [client 158.115.254.30:26078] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "michaelpmcgrath.com"] [uri "/sftp-config.json"] [unique_id "ak52GERrSLBusMCTrtttDwAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 15:42:51
(8 hours ago)
(mod_security) mod_security (id:210492) triggered by 158.115.254.30 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 158.115.254.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 11:42:44.305184 2026] [security2:error] [pid 20326:tid 20326] [client 158.115.254.30:51234] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.enriquelaw.com"] [uri "/sftp-config.json"] [unique_id "ak5v9BelLCxqLbbUzVl91wAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 15:24:39
(9 hours ago)
(mod_security) mod_security (id:210492) triggered by 158.115.254.30 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 158.115.254.30 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 11:24:34.217244 2026] [security2:error] [pid 10325:tid 10325] [client 158.115.254.30:8658] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dynamic-therapy-mn.com"] [uri "/sftp-config.json"] [unique_id "ak5rsnleI2_0eu25I7ln4AAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
ambor
2026-07-08 11:05:40
(13 hours ago)
Honeypot triggered on tcpdata.com - Attempted to access /.vscode/sftp.json (hidden_file_probe). User ...
show more
Honeypot triggered on tcpdata.com - Attempted to access /.vscode/sftp.json (hidden_file_probe). User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
show less
Web App Attack
๐ง๐ท
Halux
2026-07-07 14:40:55
(1 day ago)
158.115.254.30 Web Application Firewall multiple violations
Hacking
Web App Attack
๐ฏ๐ต
beon
2026-07-07 09:16:38
(1 day ago)
[DateTime=>2026-07-07T09:16:38Z (UTC)] , [HoneyPot_Hit=>once] , [HoneyPot=>/.vscode/sftp.json] , [to ...
show more
[DateTime=>2026-07-07T09:16:38Z (UTC)] , [HoneyPot_Hit=>once] , [HoneyPot=>/.vscode/sftp.json] , [total_Hit=>once]
show less
Bad Web Bot
Web App Attack
Anonymous
2026-07-06 18:52:10
(2 days ago)
158.115.254.30 - - [06/Jul/2026:20:51:53 +0200] "GET /.vscode/sftp.json HTTP/1.1" 403 12583 "-" "Moz ...
show more
158.115.254.30 - - [06/Jul/2026:20:51:53 +0200] "GET /.vscode/sftp.json HTTP/1.1" 403 12583 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"
158.115.254.30 - - [06/Jul/2026:20:51:53 +0200] "GET /.vscode/sftp.json HTTP/1.1" 403 183 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
158.115.254.30 - - [06/Jul/2026:20:51:53 +0200] "GET /.vscode/sftp.json HTTP/1.1" 404 246 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
158.115.254.30 - - [06/Jul/2026:20:51:53 +0200] "GET /.vscode/sftp.json HTTP/1.1" 404 440 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
158.115.254.30 - - [06/Jul/2026:20:51:54 +0200] "GET /.vscode/sftp.json HTTP/1.1" 403 183 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537
...
show less
Bad Web Bot
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-07-06 11:03:52
(2 days ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1247
Exploited Host
Web App Attack
๐ฉ๐ช
4server
2026-07-06 04:26:14
(2 days ago)
[MonJul0606:26:07.8470242026][security2:error][pid3713308:tid3713424][client158.115.254.30:0]ModSecu ...
show more
[MonJul0606:26:07.8470242026][security2:error][pid3713308:tid3713424][client158.115.254.30:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"acquaallaspina.ch\"][uri\"/sftp-config.json\"][unique_id\"aksuX4-yRhgNq5oOQbtnzAAAAQc\"]
show less
Port Scan
Brute-Force
Web App Attack
๐ง๐ช
cmbplf
2026-07-06 03:29:03
(2 days ago)
260 requests with url.path *config.json
164 requests with url.path *sftp.json
Brute-Force
Bad Web Bot
๐ฌ๐ง
consul.to
2026-07-05 20:13:21
(3 days ago)
Web attack/malicious scanning detected
Web App Attack
Anonymous
2026-07-05 14:34:17
(3 days ago)
Web App Attack
๐บ๐ธ
ambor
2026-07-05 13:41:44
(3 days ago)
Honeypot triggered on tcpdata.com - Attempted to access /.vscode/sftp.json (hidden_file_probe). User ...
show more
Honeypot triggered on tcpdata.com - Attempted to access /.vscode/sftp.json (hidden_file_probe). User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
show less
Web App Attack