๐ฉ๐ช
Lino Project
2026-07-09 10:17:32
(2 hours ago)
172.104.41.104 - - [09/Jul/2026:12:17:28 +0200] "GET /sftp-config.json HTTP/1.1" 403 504 "-" "Mozill ...
show more
172.104.41.104 - - [09/Jul/2026:12:17:28 +0200] "GET /sftp-config.json HTTP/1.1" 403 504 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0"
...
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Starburst SysOp Team
2026-07-09 09:24:00
(3 hours ago)
Restricted File Access Attempt. Matched phrase "config.json" at REQUEST_FILENAME. (930130-mnz6-1)
Hacking
Web App Attack
๐ซ๐ท
masterguru
2026-07-09 08:06:37
(4 hours ago)
Restricted File Access Attempt. Matched phrase "config.json" at REQUEST_FILENAME. (930130-195)
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 06:54:13
(5 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.104.41.104 (172-104-41-104.ip.linodeusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 172.104.41.104 (172-104-41-104.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 02:54:06.015250 2026] [security2:error] [pid 10016:tid 10016] [client 172.104.41.104:63856] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "taafe.net"] [uri "/sftp-config.json"] [unique_id "ak9FjmwA30sIKANzfDt29QAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 06:01:52
(6 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.104.41.104 (172-104-41-104.ip.linodeusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 172.104.41.104 (172-104-41-104.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 02:01:43.996448 2026] [security2:error] [pid 16329:tid 16329] [client 172.104.41.104:60379] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tedharris.com"] [uri "/sftp-config.json"] [unique_id "ak85R56SsdUuQkdpm1bUmgAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 05:28:59
(7 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.104.41.104 (172-104-41-104.ip.linodeusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 172.104.41.104 (172-104-41-104.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 01:28:54.458720 2026] [security2:error] [pid 8455:tid 8455] [client 172.104.41.104:53976] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tavo.info"] [uri "/sftp-config.json"] [unique_id "ak8xlm3qc4DEFT7yWrK5vwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฒ๐ฝ
octageeks.com
2026-07-09 04:07:30
(8 hours ago)
Wordpress malicious attack:[octablocked]
Web App Attack
๐จ๐ญ
4server
2026-07-09 03:59:34
(8 hours ago)
[ThuJul0905:59:28.1621922026][security2:error][pid3107481:tid3107749][client172.104.41.104:0]ModSecu ...
show more
[ThuJul0905:59:28.1621922026][security2:error][pid3107481:tid3107749][client172.104.41.104:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"swiss-domain-name.ch\"][uri\"/sftp-config.json\"][unique_id\"ak8coO1TMWDHZHPxW99B6gAAANM\"]
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 03:49:43
(8 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.104.41.104 (172-104-41-104.ip.linodeusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 172.104.41.104 (172-104-41-104.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 23:49:36.656140 2026] [security2:error] [pid 23204:tid 23204] [client 172.104.41.104:57342] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "taacorp.com"] [uri "/sftp-config.json"] [unique_id "ak8aUM4hylARx5D9fqrphAAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 03:15:55
(9 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.104.41.104 (172-104-41-104.ip.linodeusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 172.104.41.104 (172-104-41-104.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 23:15:51.155433 2026] [security2:error] [pid 31520:tid 31520] [client 172.104.41.104:63944] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "suralcopensioendesk.com"] [uri "/sftp-config.json"] [unique_id "ak8SZ-9IWFRnEYLJ2oEKHgAAAB8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
2000cn.com.au
2026-07-09 03:02:08
(9 hours ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
Web App Attack
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-09 01:18:33
(11 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.104.41.104 (172-104-41-104.ip.linodeusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 172.104.41.104 (172-104-41-104.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 21:18:26.309303 2026] [security2:error] [pid 9823:tid 9823] [client 172.104.41.104:59926] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "synergystudios.org"] [uri "/sftp-config.json"] [unique_id "ak724jEZycU9_B9wLgIVPAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 01:03:09
(11 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.104.41.104 (172-104-41-104.ip.linodeusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 172.104.41.104 (172-104-41-104.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 21:03:02.742589 2026] [security2:error] [pid 979:tid 979] [client 172.104.41.104:58048] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "termstech.com"] [uri "/sftp-config.json"] [unique_id "ak7zRt4GVa9qHoSPa8TaDgAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
consul.to
2026-07-08 23:13:30
(13 hours ago)
Web attack/malicious scanning detected
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 22:19:05
(14 hours ago)
(mod_security) mod_security (id:210492) triggered by 172.104.41.104 (172-104-41-104.ip.linodeusercon ...
show more
(mod_security) mod_security (id:210492) triggered by 172.104.41.104 (172-104-41-104.ip.linodeusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 18:19:00.066388 2026] [security2:error] [pid 30599:tid 30647] [client 172.104.41.104:58576] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.ceresfund.com"] [uri "/sftp-config.json"] [unique_id "ak7M1MTJPTLdU459AFM0MAAAAJc"]
show less
Brute-Force
Bad Web Bot
Web App Attack