πΊπΈ
TPI-Abuse
2026-06-07 17:34:31
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 176.121.109.23 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 176.121.109.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 13:33:49.161057 2026] [security2:error] [pid 23011:tid 23019] [client 176.121.109.23:63204] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aapmglobal.com"] [uri "/sftp-config.json"] [unique_id "aiWrfZhuWghijXuLV_WayAAAAcQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π§π·
Halux
2026-06-07 14:24:23
(5 days ago)
176.121.109.23 Web Application Firewall multiple violations
Hacking
Web App Attack
2026-06-03 03:45:58
(1 week ago)
GET sftp-config.json | UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML ...
show more
GET sftp-config.json | UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 | Time: 2026-06-03 03:45:58 UTC
show less
Web App Attack
π©πͺ
FeG Deutschland
2026-06-02 08:26:45
(1 week ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-31 16:30:02
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 176.121.109.23 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 176.121.109.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 12:29:55.931571 2026] [security2:error] [pid 22531:tid 22619] [client 176.121.109.23:18232] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "totheendsoftheearth.com"] [uri "/sftp-config.json"] [unique_id "ahxiA02930fQGabHBg-2KwAAAJY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π§πͺ
cmbplf
2026-05-31 09:28:34
(1 week ago)
138 requests with url.path *sftp.json
129 requests with url.path *config.json
Brute-Force
Bad Web Bot
2026-05-30 16:40:59
(1 week ago)
scanning for potential vulnerable apps (wordpress etc.) and database accesses (ISR). Requested URI: ...
show more
scanning for potential vulnerable apps (wordpress etc.) and database accesses (ISR). Requested URI: /sftp-config.json
show less
Web App Attack
π²π½
octageeks.com
2026-05-28 04:10:39
(2 weeks ago)
Wordpress malicious attack:[octablocked]
Web App Attack
π©πͺ
Vegascosmetics
2026-05-27 21:55:13
(2 weeks ago)
Kingcopy(AI-IDS): IP is wandering around the site and acting suspiciously.
Bad Web Bot
π©πͺ
conseilgouz
2026-05-26 23:43:03
(2 weeks ago)
ave-17 : Block hidden directories=>/.vscode/sftp.json(/)
Hacking
πΊπΈ
TPI-Abuse
2026-05-26 16:35:13
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 176.121.109.23 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 176.121.109.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 12:34:58.276019 2026] [security2:error] [pid 6105:tid 6105] [client 176.121.109.23:11832] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "10bestcountryclubs.com"] [uri "/sftp-config.json"] [unique_id "ahXLsmo1z1WsQwZ8BTkLAAAAACI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-26 13:44:11
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 176.121.109.23 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 176.121.109.23 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 09:44:04.305192 2026] [security2:error] [pid 9919:tid 9919] [client 176.121.109.23:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "luisguacache.com"] [uri "/sftp-config.json"] [unique_id "ahWjpA4NyXz-9y1qamW1SwAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π§πͺ
cmbplf
2026-05-25 00:50:00
(2 weeks ago)
108 requests with url.path *config.json
Brute-Force
Bad Web Bot
πΊπΈ
mnsf
2026-05-24 01:05:19
(2 weeks ago)
Too many Status 40X (12)
Brute-Force
Web App Attack
πΊπΈ
VSM Networks
2023-11-01 16:49:26
(2 years ago)
Credential Stuffing
Brute-Force