๐บ๐ธ
TPI-Abuse
2026-07-02 17:04:59
(2 days ago)
(mod_security) mod_security (id:210492) triggered by 172.70.240.165 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.240.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 13:04:54.615002 2026] [security2:error] [pid 24650:tid 24650] [client 172.70.240.165:10240] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "yellowbrickfoundation.com"] [uri "/.git/config"] [unique_id "akaaNjNl04sHRj0XptuZHwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ท
maviei
2026-06-18 09:13:53
(2 weeks ago)
2026-06-18T06:13:49.002291-03:00 srv1251771 kernel: [1540857.728770] [UFW BLOCK] IN=eth0 OUT= MAC=40 ...
show more
2026-06-18T06:13:49.002291-03:00 srv1251771 kernel: [1540857.728770] [UFW BLOCK] IN=eth0 OUT= MAC=40:e8:d4:b8:29:bb:44:38:39:ff:ff:41:08:00 SRC=172.70.240.165 DST=72.61.36.27 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=26616 DF PROTO=TCP SPT=9855 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
2026-06-18T06:13:50.012725-03:00 srv1251771 kernel: [1540858.739682] [UFW BLOCK] IN=eth0 OUT= MAC=40:e8:d4:b8:29:bb:44:38:39:ff:ff:41:08:00 SRC=172.70.240.165 DST=72.61.36.27 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=26617 DF PROTO=TCP SPT=9855 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
2026-06-18T06:13:51.037372-03:00 srv1251771 kernel: [1540859.763688] [UFW BLOCK] IN=eth0 OUT= MAC=40:e8:d4:b8:29:bb:44:38:39:ff:ff:41:08:00 SRC=172.70.240.165 DST=72.61.36.27 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=26618 DF PROTO=TCP SPT=9855 DPT=8443 WINDOW=65535 RES=0x00 SYN URGP=0
...
show less
Port Scan
Anonymous
2026-06-15 08:29:34
(2 weeks ago)
Web App Attack
Brute-Force
Exploited Host
Web App Attack
๐ซ๐ฎ
SamJUK
2026-06-14 02:58:49
(2 weeks ago)
Multiple WAF Violations
...
Bad Web Bot
Web App Attack
๐ท๐บ
DZBOT
2026-06-13 04:39:21
(3 weeks ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐ฉ๐ช
Blexyel
2026-06-06 23:12:27
(3 weeks ago)
172.70.240.165 - - [07/Jun/2026:01:12:26 +0200] "GET /.git/config HTTP/1.1" 200 2116 "-" "curl/8.4.0 ...
show more
172.70.240.165 - - [07/Jun/2026:01:12:26 +0200] "GET /.git/config HTTP/1.1" 200 2116 "-" "curl/8.4.0"
...
show less
Brute-Force
Web App Attack
Anonymous
2026-06-04 04:02:59
(1 month ago)
Web App Attack
Brute-Force
Exploited Host
Web App Attack
๐บ๐ธ
mnsf
2026-06-02 10:05:30
(1 month ago)
Abuse Detected (1)
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-02 04:50:56
(1 month ago)
(mod_security) mod_security (id:210492) triggered by 172.70.240.165 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.240.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 00:50:51.659222 2026] [security2:error] [pid 10508:tid 10508] [client 172.70.240.165:11890] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "vc1.com"] [uri "/.git/config"] [unique_id "ah5hK5wjKQCMY_b4R_3EkwAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
acadeova
2026-05-31 18:02:06
(1 month ago)
๐จ Recon detected (nft drop)
SRC=172.70.240.165
Observed=TCP dpt=80 in=enp0s6 ttl=59
Time=recent(jour ...
show more
๐จ Recon detected (nft drop)
SRC=172.70.240.165
Observed=TCP dpt=80 in=enp0s6 ttl=59
Time=recent(journalctl: 10 minutes ago)
Assessment=Generic scanning / reconnaissance (PORT_SCAN)
show less
Port Scan
๐ฎ๐น
IRT@Unisi
2026-05-30 22:47:52
(1 month ago)
anomaly:tcp_dst_session,1001>threshold1000,repeats11timessincelastlog
DDoS Attack
๐ฉ๐ช
lightaffaire
2026-05-28 13:47:57
(1 month ago)
May 28 15:47:56 www-dev.content-honcho.com 172.70.240.165 - - [28/May/2026:15:47:56 +0200] "GET /.gi ...
show more
May 28 15:47:56 www-dev.content-honcho.com 172.70.240.165 - - [28/May/2026:15:47:56 +0200] "GET /.git/config HTTP/2.0" 404 0 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_0 like Mac OS X) AppleWebKit/605.1.15 Version/17.0 Mobile Safari/604.1"
...
show less
Bad Web Bot
Web App Attack
Anonymous
2026-05-27 10:09:38
(1 month ago)
Blocked by siteaihub.com: auto: matched prefix:/wp-admin/install.php
Web App Attack
Hacking
๐บ๐ธ
TPI-Abuse
2026-05-25 05:47:00
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 172.70.240.165 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210730) triggered by 172.70.240.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 01:46:52.193319 2026] [security2:error] [pid 15332:tid 15335] [client 172.70.240.165:12179] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||rush2.piazza9.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "rush2.piazza9.com"] [uri "/backup.sql"] [unique_id "ahPiTD4M4F0WmMtLsH44pgAAAcE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฆ๐บ
trentwiles.com
2026-05-20 01:47:24
(1 month ago)
Unauthorized connection attempt detected from IP address 172.70.240.165 to port 80 [SYD]
Port Scan