๐ณ๐ด
Abuse Buster
2026-07-14 08:48:11
(2 days ago)
154.111.3.82 - [14/Jul/2026:10:48:08 +0200] "GET /configuration.php~ HTTP/2.0" 404 1843 "-" "Mozilla ...
show more
154.111.3.82 - [14/Jul/2026:10:48:08 +0200] "GET /configuration.php~ HTTP/2.0" 404 1843 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
154.111.3.82 - [14/Jul/2026:10:48:08 +0200] "GET /configuration.php.old HTTP/2.0" 404 1843 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
154.111.3.82 - [14/Jul/2026:10:48:09 +0200] "GET /configuration.php.save HTTP/2.0" 404 1843 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 05:17:52
(2 days ago)
(mod_security) mod_security (id:210730) triggered by 154.111.3.82 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 154.111.3.82 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 01:17:45.360032 2026] [security2:error] [pid 5817:tid 5817] [client 154.111.3.82:64692] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||acmax.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "acmax.com"] [uri "/configuration.php.bak"] [unique_id "alXGeQZhbq-vhumQ45-1nQAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
cmbplf
2026-07-14 04:43:55
(2 days ago)
112 requests with url.path *.php.bak
Brute-Force
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-14 03:10:34
(2 days ago)
(mod_security) mod_security (id:210730) triggered by 154.111.3.82 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 154.111.3.82 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 23:10:29.526475 2026] [security2:error] [pid 5169:tid 5169] [client 154.111.3.82:50719] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||bamedica.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bamedica.com"] [uri "/configuration.php.bak"] [unique_id "alWopYH4WaLZju1DKHFIfAAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-14 02:32:28
(2 days ago)
[ns65.kdns.gr] httpd-config-scan: sites=www.plaero.gr; logs=/var/log/httpd/domains/plaero.gr.log; sa ...
show more
[ns65.kdns.gr] httpd-config-scan: sites=www.plaero.gr; logs=/var/log/httpd/domains/plaero.gr.log; samples=/configuration.php.bak | /configuration.php~ | /configuration.php.old
show less
Hacking
Web App Attack
๐ฎ๐ฉ
Burayot
2026-07-14 01:47:19
(2 days ago)
LF_APACHE_403: 154.111.3.82 (TN/Tunisia/-), more than 30 Apache 403 hits in the last 3600 secs
Web App Attack
๐ซ๐ท
Baking333
2026-07-14 01:36:18
(2 days ago)
[redacted] 154.111.3.82 - - [14/Jul/2026:02:36:16 +0100] "GET /.aws/credentials HTTP/1.1" 302 6773 0 ...
show more
[redacted] 154.111.3.82 - - [14/Jul/2026:02:36:16 +0100] "GET /.aws/credentials HTTP/1.1" 302 6773 0/52767 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" [redacted] 154.111.3.82 - - [14/Jul/2026:02:36:17 +0100] "GET /.c9/metadata/environment/.env HTTP/1.1" 302 1554 0/107930 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
show less
Bad Web Bot
Web App Attack
๐ฉ๐ช
MusicLibrary
2026-07-14 01:25:54
(2 days ago)
Probing foreign-stack admin panels / known exploit paths (Joomla, phpMyAdmin, phpunit, OWA, etc.)
Bad Web Bot
Web App Attack
๐ณ๐ฟ
Antinson
2026-07-14 00:58:07
(2 days ago)
Scraping with a high error ratio and request rate
Bad Web Bot
๐ฒ๐พ
Rizzy
2026-07-14 00:33:31
(2 days ago)
Multiple WAF Violations
Brute-Force
Web App Attack
๐ฎ๐ฉ
Burayot
2026-07-13 23:43:43
(2 days ago)
LF_APACHE_403: 154.111.3.82 (TN/Tunisia/-), more than 20 Apache 403 hits in the last 3600 secs
Web App Attack
๐จ๐ฆ
polycoda
2026-07-13 23:19:50
(2 days ago)
AutoBlock: โ๏ธ Configuration File Access (Non Decay-Based)
Hacking
Web App Attack
๐ซ๐ท
Baking333
2026-07-13 23:01:23
(2 days ago)
[redacted] 154.111.3.82 - - [13/Jul/2026:23:30:10 +0100] "GET /.env.bak1 HTTP/1.1" 302 1534 0/151463 ...
show more
[redacted] 154.111.3.82 - - [13/Jul/2026:23:30:10 +0100] "GET /.env.bak1 HTTP/1.1" 302 1534 0/151463 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" [redacted] 154.111.3.82 - - [13/Jul/2026:23:30:10 +0100] "GET /.[redacted] HTTP/1.1" 302 1534 0/118347 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
show less
Bad Web Bot
Web App Attack
๐ซ๐ท
Baking333
2026-07-13 22:30:06
(2 days ago)
[redacted] 154.111.3.82 - - [13/Jul/2026:23:30:03 +0100] "GET /.aws/credentials HTTP/1.1" 302 6753 0 ...
show more
[redacted] 154.111.3.82 - - [13/Jul/2026:23:30:03 +0100] "GET /.aws/credentials HTTP/1.1" 302 6753 0/225928 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" [redacted] 154.111.3.82 - - [13/Jul/2026:23:30:03 +0100] "GET /.c9/metadata/environment/.env HTTP/1.1" 302 6753 0/116402 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"
show less
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-13 21:31:42
(3 days ago)
Multiple WAF Violations
Web App Attack