๐บ๐ธ
TPI-Abuse
2026-05-11 05:15:57
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.70.143.226 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.143.226 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 01:15:50.761073 2026] [security2:error] [pid 15458:tid 15458] [client 172.70.143.226:13531] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.amazedbyu.com.dcmillerjr.com"] [uri "/.env.dev"] [unique_id "agFmBsbk5dkufl3eoscQPwAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
acadeova
2026-04-10 12:41:14
(2 months ago)
๐จ Recon detected (nft drop)
SRC=172.70.143.226
Observed=TCP dpt=80 in=enp0s6 ttl=54
Time=recent(jour ...
show more
๐จ Recon detected (nft drop)
SRC=172.70.143.226
Observed=TCP dpt=80 in=enp0s6 ttl=54
Time=recent(journalctl: 10 minutes ago)
Assessment=Generic scanning / reconnaissance (PORT_SCAN)
show less
Port Scan
๐ฎ๐ฉ
Burayot
2026-04-07 16:30:10
(2 months ago)
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 172.70.143.226 (SG/Singapore/-): 1 i ...
show more
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 172.70.143.226 (SG/Singapore/-): 1 in the last 3600 secs
show less
Web App Attack
๐บ๐ธ
mnsf
2026-03-26 02:06:09
(3 months ago)
Scanning/Probing (11)
Brute-Force
Web App Attack
๐บ๐ธ
mawan
2026-03-21 02:38:36
(3 months ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
๐ง๐ท
chronos
2026-03-21 00:29:41
(3 months ago)
2026-03-20 20:49:19 UTC-3||Unauthorized connection attempt detected for port scanning
Port Scan
๐บ๐ธ
iwle
2026-01-12 07:47:55
(5 months ago)
172.70.143.226 - - [12/Jan/2026:02:47:52 -0500] "GET //wp-includes/wlwmanifest.xml HTTP/2.0" 404 196 ...
show more
172.70.143.226 - - [12/Jan/2026:02:47:52 -0500] "GET //wp-includes/wlwmanifest.xml HTTP/2.0" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36"
...
show less
Brute-Force
๐ซ๐ท
Campus France
2025-12-09 12:00:24
(6 months ago)
[Tue Dec 09 13:00:22.958507 2025] [php:error] [pid 2853184] [client 172.70.143.226:14267] script '/v ...
show more
[Tue Dec 09 13:00:22.958507 2025] [php:error] [pid 2853184] [client 172.70.143.226:14267] script '/var/www/html/api.php' not found or unable to stat, referer: https://duckduckgo.com/
[Tue Dec 09 13:00:23.432252 2025] [php:error] [pid 2853184] [client 172.70.143.226:14267] script '/var/www/html/edit.php' not found or unable to stat, referer: https://www.google.de/
[Tue Dec 09 13:00:23.592736 2025] [php:error] [pid 2853184] [client 172.70.143.226:14267] script '/var/www/html/NewFile.php' not found or unable to stat, referer: https://www.bing.com/
[Tue Dec 09 13:00:23.752097 2025] [php:error] [pid 2853184] [client 172.70.143.226:14267] script '/var/www/html/gel4y.php' not found or unable to stat, referer: https://www.bing.com/
[Tue Dec 09 13:00:23.911977 2025] [php:error] [pid 2853184] [client 172.70.143.226:14267] script '/var/www/html/info.php' not found or unable to stat, referer: https://www.bing.com/
...
show less
Brute-Force
Web App Attack
๐ฎ๐ฉ
hermawan
2025-11-04 07:30:57
(7 months ago)
[Tue Nov 04 14:30:26.963749 2025] [security2:error] [pid 514724:tid 140263363708608] [client 172.70. ...
show more
[Tue Nov 04 14:30:26.963749 2025] [security2:error] [pid 514724:tid 140263363708608] [client 172.70.143.226:32626] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "CF-Connecting-IP" at REQUEST_HEADERS_NAMES:Cf-Connecting-Ip. [file "/etc/modsecurity/coreruleset-4.19.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "378"] [id "440005"] [msg "BAD REQUEST_HEADERS_NAMES - Detected and Blocked"] [data "Matched Data: CF-Connecting-IP found within REQUEST_HEADERS_NAMES:Cf-Connecting-Ip: Cf-Connecting-Ip request_line = GET /images/Klimatologi/Analisis/03-Analisis_Bulanan/Analisis_Tingkat_Ketersediaan_Air_Bagi_Tanaman/Provinsi_Jawa_Timur/2024/10_Oktober_2024/Analisis-Bulanan_Tingkat_Ketersediaan_Air_Bagi_Tanaman_di_Jawa_Timur_Bulan_Oktober_2024.jpg HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/images/Klimatologi/Analisis/03-Analisis_Bulanan/Analisis_Tingkat_Ketersediaan_Air_Bagi_Tanaman/Provinsi_Jawa_Timur/2024/10_Oktober_2024/Analisis-Bulana
...
show less
Hacking
Web App Attack
๐ฎ๐ฉ
hermawan
2025-10-18 08:49:22
(8 months ago)
[Sat Oct 18 15:48:47.581861 2025] [security2:error] [pid 3987706:tid 140210558891712] [client 172.70 ...
show more
[Sat Oct 18 15:48:47.581861 2025] [security2:error] [pid 3987706:tid 140210558891712] [client 172.70.143.226:45161] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "CF-Connecting-IP" at REQUEST_HEADERS_NAMES:Cf-Connecting-Ip. [file "/etc/modsecurity/coreruleset-4.16.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "375"] [id "440005"] [msg "BAD REQUEST_HEADERS_NAMES - Detected and Blocked"] [data "Matched Data: CF-Connecting-IP found within REQUEST_HEADERS_NAMES:Cf-Connecting-Ip: Cf-Connecting-Ip request_line = GET /images/Klimatologi/Analisis/03-Analisis_Bulanan/Analisis_Bulanan_Hari_Hujan/2024/05_Mei_2024/Analisis_Bulanan_Hari_Hujan_Bulan_Mei_Tahun_2024_di_Provinsi_Jawa_Timur.webp HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/images/Klimatologi/Analisis/03-Analisis_Bulanan/Analisis_Bulanan_Hari_Hujan/2024/05_Mei_2024/Analisis_Bulanan_Hari_Hujan_Bulan_Mei_Tahun_2024_di_Provinsi_Jawa_Timur.webp"] [unique_id "aPNUb0edaZv2AnYmp8ldrwAC
...
show less
Hacking
Web App Attack
๐ฎ๐ฉ
hermawan
2025-10-09 11:25:05
(8 months ago)
[Thu Oct 09 15:51:04.295708 2025] [security2:error] [pid 623511:tid 140638359021248] [client 172.70. ...
show more
[Thu Oct 09 15:51:04.295708 2025] [security2:error] [pid 623511:tid 140638359021248] [client 172.70.143.226:44358] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "CF-Connecting-IP" at REQUEST_HEADERS_NAMES:Cf-Connecting-Ip. [file "/etc/modsecurity/coreruleset-4.16.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "375"] [id "440005"] [msg "BAD REQUEST_HEADERS_NAMES - Detected and Blocked"] [data "Matched Data: CF-Connecting-IP found within REQUEST_HEADERS_NAMES:Cf-Connecting-Ip: Cf-Connecting-Ip request_line = GET /images/Klimatologi/Prakiraan/03-Prakiraan-Bulanan/Prakiraan_Daerah_Potensi_Banjir_Bulanan/Prakiraan_Daerah_Potensi_Banjir_Bulan_Provinsi_Jawa_Timur/2025/01_JANUARI_2025/02_Prakiraan_Bulanan_Daerah_Potensi_Banjir_di_Provinsi_Jawa_Timur_MARET_Tahun_2025_update_10_Januari_2025.webp HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/images/Klimatologi/Prakiraan/03-Prakiraan-Bulanan/Prakiraan_Daerah_Potensi_Banjir_Bulanan/Prakiraan
...
show less
Hacking
Web App Attack
๐ฎ๐ฉ
hermawan
2025-08-10 10:42:34
(10 months ago)
[Sun Aug 10 17:42:01.348748 2025] [security2:error] [pid 1563276:tid 140279622309568] [client 172.70 ...
show more
[Sun Aug 10 17:42:01.348748 2025] [security2:error] [pid 1563276:tid 140279622309568] [client 172.70.143.226:16408] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "CF-Connecting-IP" at REQUEST_HEADERS_NAMES:Cf-Connecting-Ip. [file "/etc/modsecurity/coreruleset-4.16.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "375"] [id "440005"] [msg "BAD REQUEST_HEADERS_NAMES - Detected and Blocked"] [data "Matched Data: CF-Connecting-IP found within REQUEST_HEADERS_NAMES:Cf-Connecting-Ip: Cf-Connecting-Ip request_line = GET /images/Klimatologi/Analisis/02-Analisis_Dasarian/Analisis_Monitoring_Hari_Tanpa_Hujan_Berturut-Turut_Dasarian/Analisis_Monitoring_Hari_Tanpa_Hujan_Berturut-Turut_Dasarian_Provinsi_Jawa_Timur/2025/07_Juli_2025/Das-II/Peta_Analisis-Dasarian_Monitoring_Hari_Tanpa_Hujan_Berturut-Turut_di_Provinsi_Jawa_Timur_Update_20_Juli_2025.jpg HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/images/Klimatologi/Analisis/02-Analisis_Dasarian/
...
show less
Hacking
Web App Attack
Anonymous
2025-08-09 12:08:02
(10 months ago)
wp admin page access attempt
...
Hacking
Web App Attack
Anonymous
2025-07-14 09:21:18
(11 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
Anonymous
2025-07-05 14:10:54
(11 months ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH