πΊπΈ
LSPCCU
2026-07-16 21:01:48
(3 hours ago)
TSEC Honeypot Network report. Threat score: 72/100. Categories: Port Scan, Hacking, Brute-Force, Web ...
show more
TSEC Honeypot Network report. Threat score: 72/100. Categories: Port Scan, Hacking, Brute-Force, Web App Attack, SSH. Honeypot: ssh-telnet, cowrie. Context: Attacker IP 172.
show less
Port Scan
Hacking
Brute-Force
Web App Attack
SSH
π«π·
ecode hosting
2026-07-16 19:38:04
(5 hours ago)
Domain : gnsskirala.com
Rule : config
2026-07-16 19:35:15 10.100.1.20 GET /.vscode/ftp-config.json - ...
show more
Domain : gnsskirala.com
Rule : config
2026-07-16 19:35:15 10.100.1.20 GET /.vscode/ftp-config.json - 80 - 172.104.161.18 HTTP/1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 - gnsskirala.com 301 0 0 359 228 242 - -
show less
Hacking
SQL Injection
πΊπΈ
TPI-Abuse
2026-07-16 17:48:03
(6 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.104.161.18 (172-104-161-18.ip.linodeusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 172.104.161.18 (172-104-161-18.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 13:47:58.070238 2026] [security2:error] [pid 20146:tid 20146] [client 172.104.161.18:64971] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "garthp.com"] [uri "/sftp-config.json"] [unique_id "alkZTijmOPKJW18IlxPrfwAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-16 13:31:31
(11 hours ago)
PSCSERV WPSCAN 172.104.161.18
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-16 11:56:14
(12 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.104.161.18 (172-104-161-18.ip.linodeusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 172.104.161.18 (172-104-161-18.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 07:56:07.534569 2026] [security2:error] [pid 1919:tid 1919] [client 172.104.161.18:51756] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gemco-mfg.com"] [uri "/sftp-config.json"] [unique_id "aljG1wqatGXToeCnzoaj7QAAACk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¬π§
consul.to
2026-07-16 09:11:19
(15 hours ago)
Web attack/malicious scanning detected
Web App Attack
π±π»
garmtech.com
2026-07-16 08:58:35
(15 hours ago)
Attempted access to sensitive endpoint (/.vscode/sftp.json) detected. Automated scan or unauthorized ...
show more
Attempted access to sensitive endpoint (/.vscode/sftp.json) detected. Automated scan or unauthorized probing.
show less
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-16 07:52:04
(16 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.104.161.18 (172-104-161-18.ip.linodeusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 172.104.161.18 (172-104-161-18.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 03:51:58.586030 2026] [security2:error] [pid 3087:tid 3087] [client 172.104.161.18:52317] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.gilgoinn.com"] [uri "/sftp-config.json"] [unique_id "aliNnj4oKmvX4sJCXoZsjQAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-16 05:27:27
(19 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.104.161.18 (172-104-161-18.ip.linodeusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 172.104.161.18 (172-104-161-18.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 01:27:20.111292 2026] [security2:error] [pid 4509:tid 4509] [client 172.104.161.18:65377] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "frontlinefirestop.com"] [uri "/sftp-config.json"] [unique_id "alhruDCSgBTpyGqRN_pFRAAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¬π§
Axel
2026-07-16 05:09:59
(19 hours ago)
Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /sftp-config. ...
show more
Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /sftp-config.json Server: UK-01
show less
Web App Attack
Hacking
SQL Injection
π¦πΊ
2000cn.com.au
2026-07-16 04:30:17
(20 hours ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
Web App Attack
Hacking
πΊπΈ
TPI-Abuse
2026-07-16 04:25:04
(20 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.104.161.18 (172-104-161-18.ip.linodeusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 172.104.161.18 (172-104-161-18.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 00:24:58.855481 2026] [security2:error] [pid 20434:tid 20434] [client 172.104.161.18:58424] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gardnercastle.com"] [uri "/sftp-config.json"] [unique_id "alhdGvh4IXXvUHk6VjzQewAAAB8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¬π§
gigatech
2026-07-16 00:35:02
(1 day ago)
Webserver Probing
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-15 23:31:55
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 172.104.161.18 (172-104-161-18.ip.linodeusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 172.104.161.18 (172-104-161-18.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 15 19:31:47.927039 2026] [security2:error] [pid 1384023:tid 1384023] [client 172.104.161.18:56521] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "frequencyrecordsllc.com"] [uri "/sftp-config.json"] [unique_id "algYY9PiHI04XIpEUxp0_wAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
Viveronese
2026-07-15 22:46:06
(1 day ago)
HTTP vulnerability scanning
Web App Attack