๐ฌ๐ง
openstrike.co.uk
2026-06-30 05:14:31
(11 hours ago)
2 attacks on password grabbing URLs:
GET /.vscode/sftp.json HTTP/1.1
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-30 02:47:22
(14 hours ago)
(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapa ...
show more
(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapacity.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 22:47:15.104646 2026] [security2:error] [pid 11752:tid 11774] [client 64.105.88.36:63064] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "darrylrichards.com"] [uri "/sftp-config.json"] [unique_id "akMuM4dyoty2gPM1ZlI-zAAAANQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 01:40:39
(15 hours ago)
(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapa ...
show more
(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapacity.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 21:40:36.424108 2026] [security2:error] [pid 24748:tid 24748] [client 64.105.88.36:10840] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "darlinghernandez.com"] [uri "/sftp-config.json"] [unique_id "akMelErZb5WC8XI0-JWKegAAABk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
mccsoft.io
2026-06-29 15:01:58
(1 day ago)
Web application attack / vulnerability scanning against our public nginx web server (TCP 80/443). So ...
show more
Web application attack / vulnerability scanning against our public nginx web server (TCP 80/443). Source matched a blocked-path security rule (jail nginx-444); server returned HTTP 444 (connection closed without response). TCP three-way handshake completed (full HTTP request received).
show less
Bad Web Bot
Web App Attack
๐ฉ๐ช
4server
2026-06-29 10:47:44
(1 day ago)
[MonJun2912:47:37.9668102026][security2:error][pid2864568:tid2864698][client64.105.88.36:0]ModSecuri ...
show more
[MonJun2912:47:37.9668102026][security2:error][pid2864568:tid2864698][client64.105.88.36:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\\\\\\\\.vscode/\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"1189\"][id\"350593\"][rev\"1\"][msg\"Atomicorp.comWAFRules:AttackBlocked-Dataleakage-attempttoaccessstoredvscodepasswords\"][severity\"CRITICAL\"][hostname\"danielasilvia.ch\"][uri\"/.vscode/sftp.json\"][unique_id\"akJNSb5NWxClIj9FLFZ7kQAAAQ4\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 09:56:28
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapa ...
show more
(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapacity.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 05:56:24.114765 2026] [security2:error] [pid 14746:tid 14746] [client 64.105.88.36:44492] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "danialias.com"] [uri "/sftp-config.json"] [unique_id "akJBSIBl_9cTKT3Dz2xdLwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 07:34:04
(1 day ago)
(mod_security) mod_security (id:949110) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapa ...
show more
(mod_security) mod_security (id:949110) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapacity.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 03:34:00.171712 2026] [security2:error] [pid 11408:tid 11408] [client 64.105.88.36:29178] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "danchujkoassoc.com"] [uri "/sftp-config.json"] [unique_id "akIf6PsUfu_oOiEibF65NwAAADw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-28 22:03:39
(1 day ago)
(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapa ...
show more
(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapacity.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 18:03:31.324820 2026] [security2:error] [pid 29892:tid 29892] [client 64.105.88.36:15116] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "daisydoesoap.com"] [uri "/sftp-config.json"] [unique_id "akGaMwfcP_BvfbZeeHyY-gAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-06-28 17:41:23
(1 day ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124
Exploited Host
Web App Attack
๐ฎ๐ฉ
Burayot
2026-06-28 11:54:05
(2 days ago)
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 64.105.88.36 (NZ/New Zealand/h-64-10 ...
show more
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 64.105.88.36 (NZ/New Zealand/h-64-105-88-36.snva.ca.globalcapacity.com): 1 in the last 3600 secs
show less
Web App Attack
๐จ๐ญ
4server
2026-06-27 22:31:03
(2 days ago)
[SunJun2800:30:56.8513782026][security2:error][pid3067140:tid3067142][client64.105.88.36:0]ModSecuri ...
show more
[SunJun2800:30:56.8513782026][security2:error][pid3067140:tid3067142][client64.105.88.36:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"cybertelgroup.com\"][uri\"/sftp-config.json\"][unique_id\"akBPIFn4Csl6f6EEXXR2PAAAAAA\"]
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 12:15:32
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapa ...
show more
(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapacity.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 08:15:26.879801 2026] [security2:error] [pid 22471:tid 22471] [client 64.105.88.36:30230] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "custominktees.us"] [uri "/sftp-config.json"] [unique_id "aj--3ivn3TMzaPGEP4NDlgAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 02:51:21
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapa ...
show more
(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapacity.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 22:51:13.332716 2026] [security2:error] [pid 13981:tid 13981] [client 64.105.88.36:8402] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.cubbylure.com"] [uri "/sftp-config.json"] [unique_id "aj86oVZZgvxeA9vhLV7iSAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 01:47:02
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapa ...
show more
(mod_security) mod_security (id:210492) triggered by 64.105.88.36 (h-64-105-88-36.snva.ca.globalcapacity.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 21:46:56.183030 2026] [security2:error] [pid 31161:tid 31161] [client 64.105.88.36:44326] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.ctrussell.us"] [uri "/ctrussell.html/sftp-config.json"] [unique_id "aj8rkNXKDv1x-UwoR6aTUwAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
CrystalMaker
2026-06-26 20:15:08
(3 days ago)
Vulnerability scan - GET /sftp-config.json
Hacking