πΊπΈ
TPI-Abuse
2026-07-09 01:31:36
(10 hours ago)
(mod_security) mod_security (id:210492) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210492) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 21:31:33.663458 2026] [security2:error] [pid 2861:tid 2861] [client 74.91.48.40:52612] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.americanlegion935.com"] [uri "/sftp-config.json"] [unique_id "ak759Qwbj2z1KwReKu_g3AAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-09 01:14:22
(10 hours ago)
(mod_security) mod_security (id:210492) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210492) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 21:14:16.127267 2026] [security2:error] [pid 4643:tid 4663] [client 74.91.48.40:43444] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.ceresfund.com"] [uri "/sftp-config.json"] [unique_id "ak716Md8RzV6rPLhbp9D5AAAARI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-08 17:02:35
(19 hours ago)
(mod_security) mod_security (id:210492) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210492) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 13:02:30.718309 2026] [security2:error] [pid 11997:tid 11997] [client 74.91.48.40:61638] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.oualierealty.com"] [uri "/sftp-config.json"] [unique_id "ak6CpkRysUzCW8b51fc8HAAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-08 16:40:23
(19 hours ago)
(mod_security) mod_security (id:210492) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210492) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 12:40:18.507376 2026] [security2:error] [pid 2295:tid 2295] [client 74.91.48.40:18384] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.laboquimia.es"] [uri "/sftp-config.json"] [unique_id "ak59cuq76H2S9fXhGoV9zAAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-08 16:25:08
(19 hours ago)
(mod_security) mod_security (id:210492) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210492) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 12:25:00.630422 2026] [security2:error] [pid 18047:tid 18047] [client 74.91.48.40:36658] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jfexpressfr8.com"] [uri "/sftp-config.json"] [unique_id "ak553ApUt2zULCYZBDg3vQAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-08 16:01:10
(20 hours ago)
(mod_security) mod_security (id:210492) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210492) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 12:01:05.955920 2026] [security2:error] [pid 7321:tid 7321] [client 74.91.48.40:60100] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bethanneblue.net"] [uri "/sftp-config.json"] [unique_id "ak50QavyVa63aroie9ocSgAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-08 15:43:18
(20 hours ago)
(mod_security) mod_security (id:210492) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210492) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 11:43:14.505097 2026] [security2:error] [pid 6934:tid 6934] [client 74.91.48.40:37678] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "brazilianbikinis.com"] [uri "/sftp-config.json"] [unique_id "ak5wEj-NH3_VJI5eBMMRegAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-08 15:23:01
(20 hours ago)
(mod_security) mod_security (id:210492) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210492) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 11:22:56.656552 2026] [security2:error] [pid 24167:tid 24167] [client 74.91.48.40:34350] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mitchellamazing.com"] [uri "/sftp-config.json"] [unique_id "ak5rUOAzFgDyoOrj_P8y4gAAACk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π―π΅
beon
2026-07-07 09:16:37
(2 days ago)
[DateTime=>2026-07-07T09:16:37Z (UTC)] , [HoneyPot_Hit=>once] , [HoneyPot=>/sftp-config.json] , [tot ...
show more
[DateTime=>2026-07-07T09:16:37Z (UTC)] , [HoneyPot_Hit=>once] , [HoneyPot=>/sftp-config.json] , [total_Hit=>once]
show less
Bad Web Bot
Web App Attack
Anonymous
2026-07-06 18:52:12
(2 days ago)
74.91.48.40 - - [06/Jul/2026:20:51:53 +0200] "GET /sftp-config.json HTTP/1.1" 404 184 "-" "Mozilla/5 ...
show more
74.91.48.40 - - [06/Jul/2026:20:51:53 +0200] "GET /sftp-config.json HTTP/1.1" 404 184 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
74.91.48.40 - - [06/Jul/2026:20:51:53 +0200] "GET /sftp-config.json HTTP/1.1" 404 447 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
74.91.48.40 - - [06/Jul/2026:20:51:54 +0200] "GET /sftp-config.json HTTP/1.1" 403 183 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
74.91.48.40 - - [06/Jul/2026:20:51:54 +0200] "GET /sftp-config.json HTTP/1.1" 404 444 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36"
74.91.48.40 - - [06/Jul/2026:20:51:54 +0200] "GET /sftp-config.json HTTP/1.1" 404 246 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome
...
show less
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-07-06 16:38:49
(2 days ago)
(mod_security) mod_security (id:949110) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:949110) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 12:38:41.149928 2026] [security2:error] [pid 1409:tid 1409] [client 74.91.48.40:39870] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "789bid.net"] [uri "/sftp-config.json"] [unique_id "akvaEfiPJQ4oPiuBZB6Y_QAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
FeG Deutschland
2026-07-06 11:03:58
(3 days ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1247
Exploited Host
Web App Attack
π©πͺ
4server
2026-07-06 04:26:16
(3 days ago)
[MonJul0606:26:08.6491732026][security2:error][pid3713303:tid3713376][client74.91.48.40:0]ModSecurit ...
show more
[MonJul0606:26:08.6491732026][security2:error][pid3713303:tid3713376][client74.91.48.40:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\\\\\\\\.vscode/\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"1189\"][id\"350593\"][rev\"1\"][msg\"Atomicorp.comWAFRules:AttackBlocked-Dataleakage-attempttoaccessstoredvscodepasswords\"][severity\"CRITICAL\"][hostname\"admin-services.ch\"][uri\"/.vscode/sftp.json\"][unique_id\"aksuYKhttA30LN-9eJx3lQAAAIs\"]
show less
Port Scan
Brute-Force
Web App Attack
π§πͺ
cmbplf
2026-07-06 03:28:53
(3 days ago)
273 requests with url.path *sftp.json
174 requests with url.path *config.json
Brute-Force
Bad Web Bot
πΊπΈ
TPI-Abuse
2026-07-05 21:17:09
(3 days ago)
(mod_security) mod_security (id:210580) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: ...
show more
(mod_security) mod_security (id:210580) triggered by 74.91.48.40 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 17:17:03.294898 2026] [security2:error] [pid 16839:tid 16839] [client 74.91.48.40:0] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "sftp-config.json" at REQUEST_COOKIES:handl_landing_page. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||gibitdigital.com|F|2"] [data "Matched Data: sftp-config.json found within REQUEST_COOKIES:handl_landing_page: https:/traveldriveclub.com/sftp-config.json"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "gibitdigital.com"] [uri "/sftp-config.json"] [unique_id "akrJz-VAW9bwO29yAKjl_gAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack