๐ฏ๐ต
Valhalla
2026-07-18 09:52:34
(21 hours ago)
/.vscode/sftp.json
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-18 03:50:31
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 23:50:25.880108 2026] [security2:error] [pid 110288:tid 110288] [client 178.218.129.17:15756] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jawsite.org"] [uri "/sftp-config.json"] [unique_id "alr4AW_IYSTWLiwRErCJdAAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 14:49:33
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 10:49:29.404867 2026] [security2:error] [pid 5937:tid 5951] [client 178.218.129.17:2338] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "janetkeeton.com"] [uri "/sftp-config.json"] [unique_id "alpA-TJn2rWzKhowmOYmggAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 10:53:03
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 06:52:56.533465 2026] [security2:error] [pid 2702:tid 2702] [client 178.218.129.17:53444] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jamesrobertparish.com"] [uri "/sftp-config.json"] [unique_id "aloJiH0783-D5b90oaqeRQAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-17 08:19:30
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 04:19:25.330360 2026] [security2:error] [pid 16258:tid 16258] [client 178.218.129.17:9526] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jalenbattle.com"] [uri "/sftp-config.json"] [unique_id "alnljYdfseWAn7xcXPRKvwAAACc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
nyt
2026-07-17 01:10:33
(2 days ago)
Deploy Config Probe
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 22:34:04
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 18:33:59.091578 2026] [security2:error] [pid 6396:tid 6396] [client 178.218.129.17:42020] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jabbosjingles.com"] [uri "/sftp-config.json"] [unique_id "allcV7m0eWfrkcdhPaH5pAAAADA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 20:28:55
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 16:28:50.211539 2026] [security2:error] [pid 2453:tid 2453] [client 178.218.129.17:13758] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "j3pr.com"] [uri "/sftp-config.json"] [unique_id "alk_AgHWa93DVnxU1-UMjAAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-16 16:14:28
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 16 12:14:24.263740 2026] [security2:error] [pid 1455:tid 1455] [client 178.218.129.17:61158] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ixd.net"] [uri "/sftp-config.json"] [unique_id "alkDYKz74AczaCjtsBXAAQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 11:00:22
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 07:00:15.182795 2026] [security2:error] [pid 16084:tid 16084] [client 178.218.129.17:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "haywardcarpentry.com"] [uri "/sftp-config.json"] [unique_id "akZEvyyy0qbFecPPjYXyEAAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
Baking333
2026-07-02 06:33:55
(2 weeks ago)
[redacted] 178.218.129.17 - - [02/Jul/2026:07:33:52 +0100] "GET /.vscode/[redacted] HTTP/1.1" 302 68 ...
show more
[redacted] 178.218.129.17 - - [02/Jul/2026:07:33:52 +0100] "GET /.vscode/[redacted] HTTP/1.1" 302 6843 0/66931 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" [redacted] 178.218.129.17 - - [02/Jul/2026:07:33:53 +0100] "GET /.vscode/[redacted] HTTP/1.1" 302 1534 0/54961 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 18:18:39
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 14:18:35.048872 2026] [security2:error] [pid 4479:tid 4479] [client 178.218.129.17:12194] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "doctorhouse.ch"] [uri "/sftp-config.json"] [unique_id "akQIe6yENsJbdNJRM-6t-QAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
OptimusGO
2026-06-29 20:52:28
(2 weeks ago)
Malicious activity detected: web_attack
Server: commstackbc (185.127.18.66)
Attack: web_attack
Time ...
show more
Malicious activity detected: web_attack
Server: commstackbc (185.127.18.66)
Attack: web_attack
Timestamp: 2026-06-29 21:52:28 UTC
Log evidence:
178.218.129.17 - - [29/Jun/2026:21:52:27 +0100] "GET /sftp-config.json HTTP/1.1" 301 162 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36"
06/29/2026-21:52:27.277730 [**] [1:2015940:5] ET SCAN SFTP/FTP Password Exposure via sftp-config.json [**] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 178.218.129.17:63090 -> 185.127.18.66:80
show less
Port Scan
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-06-29 20:18:09
(2 weeks ago)
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 178.218.129.17 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 16:18:06.029113 2026] [security2:error] [pid 2394:tid 2394] [client 178.218.129.17:10718] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "listerman.org"] [uri "/sftp-config.json"] [unique_id "akLS_q8TBpfKHB4jSjMjdQAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-29 11:09:39
(2 weeks ago)
GET sftp-config.json | UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ch ...
show more
GET sftp-config.json | UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36 | Time: 2026-06-29 11:09:39 UTC
show less
Web App Attack