๐บ๐ธ
TPI-Abuse
2026-07-14 08:56:33
(21 hours ago)
(mod_security) mod_security (id:210730) triggered by 172.70.50.135 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 172.70.50.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 04:56:28.646306 2026] [security2:error] [pid 20895:tid 20895] [client 172.70.50.135:12421] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||autodiscover.toys-alliance.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.toys-alliance.com"] [uri "/autodiscover/autodiscover.json/v1.0/[email protected] "] [unique_id "alX5vMEPIYf8Qbc-ZIvhqwAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-07-09 03:11:39
(6 days ago)
172.70.50.135 - - [09/Jul/2026:06:11:37 +0300] "GET /wp-content/themes/ HTTP/1.1" 404 3343 "-" "Mozi ...
show more
172.70.50.135 - - [09/Jul/2026:06:11:37 +0300] "GET /wp-content/themes/ HTTP/1.1" 404 3343 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
172.70.50.135 - - [09/Jul/2026:06:11:38 +0300] "GET /wp-admin/maint/ HTTP/1.1" 404 783 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 14:50:39
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 172.70.50.135 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 172.70.50.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 10:50:31.554730 2026] [security2:error] [pid 22908:tid 22908] [client 172.70.50.135:9957] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||autodiscover.nightowlprinting.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.nightowlprinting.com"] [uri "/autodiscover/autodiscover.json/v1.0/[email protected] "] [unique_id "akZ6tzXobKZsA7ERzG7dsQAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-06-22 00:52:59
(3 weeks ago)
172.70.50.135 - - [22/Jun/2026:03:52:55 +0300] "GET /wp-content/uploads/index.php HTTP/1.1" 404 783 ...
show more
172.70.50.135 - - [22/Jun/2026:03:52:55 +0300] "GET /wp-content/uploads/index.php HTTP/1.1" 404 783 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
172.70.50.135 - - [22/Jun/2026:03:52:58 +0300] "GET /wp-admin/user.php HTTP/1.1" 404 783 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
...
show less
Web App Attack
Anonymous
2026-06-16 05:49:59
(4 weeks ago)
Aggressive web scan
Web App Attack
๐ฉ๐ช
acadeova
2026-06-14 07:49:51
(1 month ago)
๐จ Recon detected (nft drop)
SRC=172.70.50.135
Observed=TCP dpt=80 in=enp0s6 ttl=56
Time=recent(journ ...
show more
๐จ Recon detected (nft drop)
SRC=172.70.50.135
Observed=TCP dpt=80 in=enp0s6 ttl=56
Time=recent(journalctl: 10 minutes ago)
Assessment=Generic scanning / reconnaissance (PORT_SCAN)
show less
Port Scan
๐บ๐ธ
TPI-Abuse
2026-05-19 10:20:43
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 172.70.50.135 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210730) triggered by 172.70.50.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 19 06:20:40.743649 2026] [security2:error] [pid 5780:tid 5794] [client 172.70.50.135:11378] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||autodiscover.nationsrecovery.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.nationsrecovery.com"] [uri "/autodiscover/autodiscover.json/v1.0/[email protected] "] [unique_id "agw5eN11fKDkGzV67SlTTAAAAMw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-05-16 04:29:55
(1 month ago)
172.70.50.135 - - [16/May/2026:07:29:54 +0300] "GET /wp-content/plugins/pwnd/1.php HTTP/1.1" 404 334 ...
show more
172.70.50.135 - - [16/May/2026:07:29:54 +0300] "GET /wp-content/plugins/pwnd/1.php HTTP/1.1" 404 3342 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
172.70.50.135 - - [16/May/2026:07:29:55 +0300] "GET /wp-admin/images/about.php HTTP/1.1" 404 783 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐บ๐ธ
oncord
2026-05-11 18:49:01
(2 months ago)
Form spam
Web Spam
๐บ๐ธ
mawan
2026-05-05 20:59:17
(2 months ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
๐ซ๐ท
Campus France
2026-04-18 20:57:57
(2 months ago)
[Sat Apr 18 04:20:10.724590 2026] [php:error] [pid 2840655] [client 172.70.50.135:12208] script '/va ...
show more
[Sat Apr 18 04:20:10.724590 2026] [php:error] [pid 2840655] [client 172.70.50.135:12208] script '/var/www/html/info.php' not found or unable to stat
[Sat Apr 18 22:57:56.408980 2026] [php:error] [pid 3451727] [client 172.70.50.135:9593] script '/var/www/html/rip.php' not found or unable to stat
[Sat Apr 18 22:57:56.562418 2026] [php:error] [pid 3451727] [client 172.70.50.135:9593] script '/var/www/html/wpxl.php' not found or unable to stat
[Sat Apr 18 22:57:56.693692 2026] [php:error] [pid 3451727] [client 172.70.50.135:9593] script '/var/www/html/f19.php' not found or unable to stat
[Sat Apr 18 22:57:56.816350 2026] [php:error] [pid 3451727] [client 172.70.50.135:9593] script '/var/www/html/C1.php' not found or unable to stat
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-08 11:52:12
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.50.135 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.50.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 07:52:06.348915 2026] [security2:error] [pid 2598916:tid 2598916] [client 172.70.50.135:13368] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.bywaterpress.com"] [uri "/.git/refs/heads/main"] [unique_id "adZBZgKYZsnlaQKLdg75GQAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-07 03:28:26
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.50.135 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.50.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 06 23:28:18.889474 2026] [security2:error] [pid 616410:tid 616410] [client 172.70.50.135:13620] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.odinathletes.com"] [uri "/.env.development"] [unique_id "adR50gIJb1WLhUYxstNBSQAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-07 00:27:30
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.50.135 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.50.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 06 20:27:26.036795 2026] [security2:error] [pid 529594:tid 529594] [client 172.70.50.135:13505] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.weathercarib.net"] [uri "/core/.env"] [unique_id "adRPbnxToDuZa0ia7QRODAAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-06 18:05:26
(3 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.50.135 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210492) triggered by 172.70.50.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 06 14:05:17.858877 2026] [security2:error] [pid 479664:tid 479664] [client 172.70.50.135:12969] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.bolivarbulletintimes.com"] [uri "/.env.local"] [unique_id "adP13e2qZU_toykY96j9SwAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack