๐บ๐ธ
TPI-Abuse
2026-07-05 06:42:17
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 02:42:12.799932 2026] [security2:error] [pid 3626:tid 3626] [client 158.140.208.16:29056] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ohioprocleaners.com"] [uri "/sftp-config.json"] [unique_id "akn8xDhy5ooT_XHREjhfNwAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 20:46:19
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 04 16:46:14.270072 2026] [security2:error] [pid 28372:tid 28380] [client 158.140.208.16:35900] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "officialseniorworldgolfranking.com"] [uri "/sftp-config.json"] [unique_id "aklxFjZ7p9pZUjPM5laTtQAAAMQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-04 03:20:38
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 23:20:31.020640 2026] [security2:error] [pid 21825:tid 21825] [client 158.140.208.16:4060] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ocmtx.org"] [uri "/sftp-config.json"] [unique_id "akh7_1fqxRy5l-l1hPwD_wAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-03 21:13:04
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 03 17:12:59.667316 2026] [security2:error] [pid 16975:tid 16975] [client 158.140.208.16:19906] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "investmentprotectionservices.com"] [uri "/sftp-config.json"] [unique_id "akgl24wIdqNLFxXPV1h9zwAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-06-12 15:23:17
(3 weeks ago)
Try to access /.vscode/sftp.json
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-12 03:34:06
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 23:33:59.147920 2026] [security2:error] [pid 31347:tid 31347] [client 158.140.208.16:49778] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "debbiegarner.com"] [uri "/sftp-config.json"] [unique_id "ait-JwmY7N6Cn8cpWKUhbQAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-12 03:11:09
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 23:11:03.589626 2026] [security2:error] [pid 13960:tid 13970] [client 158.140.208.16:48522] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deathconfusion.com"] [uri "/sftp-config.json"] [unique_id "ait4xzeqFmolqo9B66lwZQAAAUg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-12 01:37:24
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 21:37:19.210265 2026] [security2:error] [pid 27660:tid 27660] [client 158.140.208.16:51240] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rondeal.com"] [uri "/sftp-config.json"] [unique_id "aitiz37_GBBW1Bh63YbJgQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
as211431.net
2026-06-11 23:58:42
(3 weeks ago)
Triggered Cloudflare WAF (firewallCustom) from NL.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET metho ...
show more
Triggered Cloudflare WAF (firewallCustom) from NL.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: /.vscode/sftp.json
UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-11 20:33:10
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 16:33:06.088634 2026] [security2:error] [pid 8354:tid 8375] [client 158.140.208.16:35946] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dba.center"] [uri "/sftp-config.json"] [unique_id "aisbgigF3gQiRe36FhxBegAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-11 19:51:45
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 15:51:39.353029 2026] [security2:error] [pid 19735:tid 19735] [client 158.140.208.16:5754] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "daytonabluemetallic.com"] [uri "/sftp-config.json"] [unique_id "aisRy204uMjeMecC3aGKzQAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-11 18:06:12
(3 weeks ago)
(mod_security) mod_security (id:210580) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210580) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 14:06:08.193726 2026] [security2:error] [pid 21190:tid 21190] [client 158.140.208.16:42900] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "sftp-config.json" at REQUEST_COOKIES:handl_landing_page. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||davisllp.com|F|2"] [data "Matched Data: sftp-config.json found within REQUEST_COOKIES:handl_landing_page: http:/daveharsh.com/sftp-config.json"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "davisllp.com"] [uri "/.vscode/sftp.json"] [unique_id "air5EMkugohwYrbrDkPALwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฏ๐ต
Valhalla
2026-06-11 16:45:14
(3 weeks ago)
/.vscode/sftp.json
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-11 15:57:05
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 11:57:01.048850 2026] [security2:error] [pid 9960:tid 9960] [client 158.140.208.16:2754] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "davesullivan.net"] [uri "/sftp-config.json"] [unique_id "airazffvjwOktTkebuRN9wAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-11 08:25:07
(3 weeks ago)
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 158.140.208.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 04:24:59.536825 2026] [security2:error] [pid 7110:tid 7110] [client 158.140.208.16:7736] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "darkmysteries.biz"] [uri "/sftp-config.json"] [unique_id "aipw29jxifJ1aiv3Zyno6AAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack