๐บ๐ธ
TPI-Abuse
2026-06-27 20:20:53
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 16:20:48.346603 2026] [security2:error] [pid 6076:tid 6076] [client 2400:8901::2000:adff:fe38:26ce:51887] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "platinumkissband.com"] [uri "/sftp-config.json"] [unique_id "akAwoLo511RVp0r4qgYbjAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
LRob.fr
2026-06-27 20:15:04
(3 days ago)
Repeated 404 errors, blocked by Fail2ban in custom-404 jail
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-27 16:39:48
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 12:39:43.194362 2026] [security2:error] [pid 9084:tid 9084] [client 2400:8901::2000:adff:fe38:26ce:50606] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "platformintelligence.com"] [uri "/sftp-config.json"] [unique_id "aj_8z6_fDWjRYeL1TYk5WQAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 14:47:54
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 10:47:50.831133 2026] [security2:error] [pid 26105:tid 26105] [client 2400:8901::2000:adff:fe38:26ce:55451] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pinetreedistrict.org"] [uri "/sftp-config.json"] [unique_id "aj_ilrLgGlQl4mcCddiQGgAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 05:58:09
(4 days ago)
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 01:58:02.868391 2026] [security2:error] [pid 25298:tid 25298] [client 2400:8901::2000:adff:fe38:26ce:53521] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pianosmith.com"] [uri "/sftp-config.json"] [unique_id "aj9mauncPFv8Exvit1g_KgAAAB4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-26 23:05:03
(4 days ago)
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 19:04:55.215999 2026] [security2:error] [pid 15475:tid 15475] [client 2400:8901::2000:adff:fe38:26ce:58769] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "quincysheetmetal.com"] [uri "/sftp-config.json"] [unique_id "aj8Fl8a8KsH5YnMD4173RAAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
pinguin
2026-06-26 16:50:11
(4 days ago)
Triggered Cloudflare WAF (firewallManaged) from SG.
Action taken: LOG
Protocol: HTTP/1.1 (GET method ...
show more
Triggered Cloudflare WAF (firewallManaged) from SG.
Action taken: LOG
Protocol: HTTP/1.1 (GET method)
Endpoint: /.sftp-config.json
UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-26 14:13:05
(4 days ago)
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 10:12:56.826653 2026] [security2:error] [pid 23725:tid 23725] [client 2400:8901::2000:adff:fe38:26ce:61957] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "providentbusinessllc.com"] [uri "/sftp-config.json"] [unique_id "aj6I6DfqdN9lkrCkqpu2ZwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-26 12:39:21
(4 days ago)
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 08:39:16.643505 2026] [security2:error] [pid 16749:tid 16769] [client 2400:8901::2000:adff:fe38:26ce:62589] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "possibilitywhisperer.com"] [uri "/sftp-config.json"] [unique_id "aj5y9OFlliUPKA8-l4uQyQAAAI4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-26 05:25:50
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 01:25:42.844401 2026] [security2:error] [pid 31913:tid 31913] [client 2400:8901::2000:adff:fe38:26ce:64980] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "providencesilverco.com"] [uri "/sftp-config.json"] [unique_id "aj4NVjBMRtuggY9-n7ao_wAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
openstrike.co.uk
2026-06-26 05:16:25
(5 days ago)
3 attacks on password grabbing URLs:
GET /.vscode/sftp.json HTTP/1.1
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-26 03:05:45
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 23:05:32.517725 2026] [security2:error] [pid 1358:tid 1358] [client 2400:8901::2000:adff:fe38:26ce:56567] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "primacomm.com"] [uri "/sftp-config.json"] [unique_id "aj3sfHWuSLnXeH4kN8g02QAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-26 01:03:04
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 21:02:58.256961 2026] [security2:error] [pid 7200:tid 7200] [client 2400:8901::2000:adff:fe38:26ce:63331] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "proventransmission.com"] [uri "/sftp-config.json"] [unique_id "aj3Pwiu-ZWhFe8Cxn_Pb1gAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-25 23:06:03
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in ...
show more
(mod_security) mod_security (id:210492) triggered by 2400:8901::2000:adff:fe38:26ce (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 19:05:57.295848 2026] [security2:error] [pid 14738:tid 14738] [client 2400:8901::2000:adff:fe38:26ce:64293] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pontiacpalace.com"] [uri "/sftp-config.json"] [unique_id "aj20VZfu6KqdMsE_RgKPOAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
4server
2026-06-25 21:20:06
(5 days ago)
[ThuJun2523:20:02.2088002026][security2:error][pid1542822:tid1542950][client2400:8901::2000:adff:fe3 ...
show more
[ThuJun2523:20:02.2088002026][security2:error][pid1542822:tid1542950][client2400:8901::2000:adff:fe38:26ce:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"ponzellini.ch\"][uri\"/sftp-config.json\"][unique_id\"aj2bglM-mjkOzdSRHPwIoQAAANY\"]
show less
Port Scan
Brute-Force
Web App Attack