PHP/ASP/JSP Source Backup File Grab for 2026-03-23
Mar 23, 2026
WebExploit
Last Updated: 08:17 UTC
Probing for backup copies of web application source files (.php.bak, .php.old, .php.txt, .php.orig, .php.swp). These files are frequently created by editors or deployment scripts and left accessible, exposing database credentials and application logic.
MITRE ATT&CK
Tactic: Credential Access (TA0006)
Technique: T1552.001 — Credentials in Files
Observed URIs
/admin/config.php.bak/backup/config.php.bak/config.php.bak/config/config.php.bak/core/config.php.bak
Attackers by Country
| United Kingdom of Great Britain and Northern Ireland | 2 | 100.0% |
IP Address : ASN : City/Provider
-
185.177.72.30 : ASNone : Congleton
-
185.177.72.52 : ASNone : Congleton