Anonymous
2026-06-28 12:17:12
(17 hours ago)
Fuzzing/Looking for credentials files.
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 10:25:07
(19 hours ago)
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com) ...
show more
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 06:25:01.572768 2026] [security2:error] [pid 24120:tid 24214] [client 23.95.0.162:39516] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.ethicmark.org"] [uri "/sftp-config.json"] [unique_id "akD2fffvEPLBOb2qcxGUwwAAAJI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ธ๐ช
SkyDancer
2026-06-28 09:57:28
(19 hours ago)
Multiple unauthorized attempts to access using wrong credentials. Attack automatically blocked by Sk ...
show more
Multiple unauthorized attempts to access using wrong credentials. Attack automatically blocked by SkyDancer Ai. EXT-SYS-Vx
show less
Hacking
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-06-28 03:42:39
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com) ...
show more
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 23:42:35.565725 2026] [security2:error] [pid 10305:tid 10305] [client 23.95.0.162:43776] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dgroupsa.com"] [uri "/sftp-config.json"] [unique_id "akCYK5x4g5a-Tgj0Z4p6gwAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 02:44:39
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com) ...
show more
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 22:44:35.782348 2026] [security2:error] [pid 18085:tid 18085] [client 23.95.0.162:25444] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dginstruments.com"] [uri "/sftp-config.json"] [unique_id "akCKk1J2wSScGa8F-DUs8gAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 04:14:30
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com) ...
show more
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 00:14:27.137270 2026] [security2:error] [pid 9552:tid 9552] [client 23.95.0.162:54002] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "desarrollosdecolima.com"] [uri "/sftp-config.json"] [unique_id "aj9OI3VTSnWLkUlUp84abgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-26 18:53:24
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com) ...
show more
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 14:53:17.514195 2026] [security2:error] [pid 3897:tid 3897] [client 23.95.0.162:16466] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "demondomain.com"] [uri "/sftp-config.json"] [unique_id "aj7KnTxTBWRzVkirsjzJyAAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-26 16:53:59
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com) ...
show more
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 12:53:55.585350 2026] [security2:error] [pid 20992:tid 20992] [client 23.95.0.162:39532] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deltasouls.com"] [uri "/sftp-config.json"] [unique_id "aj6uo6zxEtkRlrUnuuuM_QAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ฎ
as211431.net
2026-06-26 00:05:32
(3 days ago)
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET metho ...
show more
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: /sftp-config.json
UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐จ๐ญ
4server
2026-06-25 21:28:34
(3 days ago)
[ThuJun2523:28:30.0675242026][security2:error][pid1352528:tid1352535][client23.95.0.162:0]ModSecurit ...
show more
[ThuJun2523:28:30.0675242026][security2:error][pid1352528:tid1352535][client23.95.0.162:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\\\\\\\\.vscode/\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"1189\"][id\"350593\"][rev\"1\"][msg\"Atomicorp.comWAFRules:AttackBlocked-Dataleakage-attempttoaccessstoredvscodepasswords\"][severity\"CRITICAL\"][hostname\"dc-graphicart.com\"][uri\"/.vscode/sftp.json\"][unique_id\"aj2dfhN9jdphIfsgpvTe9wAAAAU\"]
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 21:01:01
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com) ...
show more
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 17:00:55.078804 2026] [security2:error] [pid 7330:tid 7330] [client 23.95.0.162:26656] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dbq.us"] [uri "/sftp-config.json"] [unique_id "aj2XB8RdPAoihjL0V5PE_AAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 18:42:49
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com) ...
show more
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 14:42:45.007130 2026] [security2:error] [pid 17163:tid 17163] [client 23.95.0.162:45210] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "daydar.net"] [uri "/sftp-config.json"] [unique_id "aj12pcjH3dqZSLoh6gCUYwAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 17:16:13
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com) ...
show more
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 13:16:06.169972 2026] [security2:error] [pid 6311:tid 6329] [client 23.95.0.162:36932] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "daviscountyossr.org"] [uri "/sftp-config.json"] [unique_id "aj1iVoQPezOIhxYHKCzVpgAAAIg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 15:22:02
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com) ...
show more
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 11:21:55.384302 2026] [security2:error] [pid 5412:tid 5427] [client 23.95.0.162:17676] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "draas.info"] [uri "/sftp-config.json"] [unique_id "aj1Hk33aioTIVDRXmbT78wAAAU0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-24 14:13:15
(4 days ago)
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com) ...
show more
(mod_security) mod_security (id:210492) triggered by 23.95.0.162 (23-95-0-162-host.colocrossing.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 10:13:09.071439 2026] [security2:error] [pid 1553:tid 1663] [client 23.95.0.162:18052] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "docdalton.com"] [uri "/sftp-config.json"] [unique_id "ajvl9SgeqWSNLYqbEq75ZwAAAFY"]
show less
Brute-Force
Bad Web Bot
Web App Attack