PHP/ASP/JSP Source Backup File Grab for 2026-03-23

Last Updated: 08:17 UTC

Probing for backup copies of web application source files (.php.bak, .php.old, .php.txt, .php.orig, .php.swp). These files are frequently created by editors or deployment scripts and left accessible, exposing database credentials and application logic.

MITRE ATT&CK

Tactic: Credential Access (TA0006)
Technique: T1552.001 — Credentials in Files

Observed URIs

  • /admin/config.php.bak
  • /backup/config.php.bak
  • /config.php.bak
  • /config/config.php.bak
  • /core/config.php.bak

Attackers by Country

United Kingdom of Great Britain and Northern Ireland: 2
United Kingdom of Great Britain and Northern Ireland2100.0%

IP Address : ASN : City/Provider

Share on: