πΊπΈ
nyt
2026-06-17 03:02:05
(12 hours ago)
Deploy Config Probe
Web App Attack
π¨π
4server
2026-06-16 21:28:27
(17 hours ago)
[TueJun1623:28:25.4092332026][security2:error][pid1888579:tid1888764][client67.203.33.42:0]ModSecuri ...
show more
[TueJun1623:28:25.4092332026][security2:error][pid1888579:tid1888764][client67.203.33.42:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\\\\\\\\.vscode/\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"1189\"][id\"350593\"][rev\"1\"][msg\"Atomicorp.comWAFRules:AttackBlocked-Dataleakage-attempttoaccessstoredvscodepasswords\"][severity\"CRITICAL\"][hostname\"ticinosystem.ch\"][uri\"/.vscode/sftp.json\"][unique_id\"ajG_-S18bUI0kyyDpXEvhAAAAIU\"]
show less
Hacking
Web App Attack
π¬π§
CrystalMaker
2026-06-15 09:46:46
(2 days ago)
Vulnerability scan - GET /sftp-config.json
Hacking
π²π½
octageeks.com
2026-06-15 04:20:56
(2 days ago)
Wordpress malicious attack:[octablocked]
Web App Attack
π³πΏ
Tripwire
2026-06-14 12:17:03
(3 days ago)
Scanning for exploits - /.vscode/sftp.json
Web App Attack
π¦πΊ
afleventoffice.com.au
2026-06-13 22:26:03
(3 days ago)
GET /sftp-config.json HTTP/1.1
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-13 18:52:26
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 67.203.33.42 (42-33-203-67.rdns.colocationameri ...
show more
(mod_security) mod_security (id:210492) triggered by 67.203.33.42 (42-33-203-67.rdns.colocationamerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 14:52:20.656069 2026] [security2:error] [pid 10719:tid 10719] [client 67.203.33.42:43866] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crcponcha.com"] [uri "/sftp-config.json"] [unique_id "ai2m5HrmMWbYPpAEofEWjgAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-13 17:54:23
(3 days ago)
(mod_security) mod_security (id:949110) triggered by 67.203.33.42 (42-33-203-67.rdns.colocationameri ...
show more
(mod_security) mod_security (id:949110) triggered by 67.203.33.42 (42-33-203-67.rdns.colocationamerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 13:54:20.111103 2026] [security2:error] [pid 30082:tid 30082] [client 67.203.33.42:12200] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "crazycontrols.com"] [uri "/sftp-config.json"] [unique_id "ai2ZTM-XWlKmwjjo5JOZ4gAAABw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¨π
4server
2026-06-13 10:11:50
(4 days ago)
[SatJun1312:11:43.1981782026][security2:error][pid660701:tid661193][client67.203.33.42:0]ModSecurity ...
show more
[SatJun1312:11:43.1981782026][security2:error][pid660701:tid661193][client67.203.33.42:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"cpu-services.ch\"][uri\"/sftp-config.json\"][unique_id\"ai0s344p0orq8qnHlNJRWgAAAQA\"]
show less
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-13 06:08:43
(4 days ago)
(mod_security) mod_security (id:210580) triggered by 67.203.33.42 (42-33-203-67.rdns.colocationameri ...
show more
(mod_security) mod_security (id:210580) triggered by 67.203.33.42 (42-33-203-67.rdns.colocationamerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 02:08:36.177210 2026] [security2:error] [pid 27302:tid 27302] [client 67.203.33.42:62814] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "sftp-config.json" at REQUEST_COOKIES:handl_landing_page. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||coyotebytes.com|F|2"] [data "Matched Data: sftp-config.json found within REQUEST_COOKIES:handl_landing_page: http:/conceptionsflorida.com/sftp-config.json"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "coyotebytes.com"] [uri "/.vscode/sftp.json"] [unique_id "aizz5NsnjEXAOyVtn_DnNgAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¬π§
consul.to
2026-06-13 02:28:51
(4 days ago)
Web attack/malicious scanning detected
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-13 00:11:27
(4 days ago)
(mod_security) mod_security (id:210492) triggered by 67.203.33.42 (42-33-203-67.rdns.colocationameri ...
show more
(mod_security) mod_security (id:210492) triggered by 67.203.33.42 (42-33-203-67.rdns.colocationamerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 20:11:22.372326 2026] [security2:error] [pid 30458:tid 30458] [client 67.203.33.42:57994] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "countrysideinnkingston.com"] [uri "/sftp-config.json"] [unique_id "aiygKtj3u_LArpGsYRIW3AAAABs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-12 09:19:58
(5 days ago)
(mod_security) mod_security (id:210492) triggered by 67.203.33.42 (42-33-203-67.rdns.colocationameri ...
show more
(mod_security) mod_security (id:210492) triggered by 67.203.33.42 (42-33-203-67.rdns.colocationamerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 05:19:54.504060 2026] [security2:error] [pid 14561:tid 14561] [client 67.203.33.42:18130] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "corangues.com"] [uri "/sftp-config.json"] [unique_id "aivPOjNrVYGyV-uGIxVwVgAAABY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
Carsten
2026-06-12 07:23:08
(5 days ago)
GET [.vscode/sftp.json]
Port Scan
πΊπΈ
TPI-Abuse
2026-06-12 05:01:44
(5 days ago)
(mod_security) mod_security (id:210580) triggered by 67.203.33.42 (42-33-203-67.rdns.colocationameri ...
show more
(mod_security) mod_security (id:210580) triggered by 67.203.33.42 (42-33-203-67.rdns.colocationamerica.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 01:01:40.636982 2026] [security2:error] [pid 9828:tid 9828] [client 67.203.33.42:45624] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "sftp-config.json" at REQUEST_COOKIES:handl_landing_page. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||coolerboxes.com|F|2"] [data "Matched Data: sftp-config.json found within REQUEST_COOKIES:handl_landing_page: http:/conceptionsflorida.com/sftp-config.json"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "coolerboxes.com"] [uri "/.vscode/sftp.json"] [unique_id "aiuStGMXXX0KBElmeRfrkgAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack