π§πͺ
cmbplf
2026-06-09 22:07:41
(2 hours ago)
2.160 requests from abuseipdb.com blacklisted IP (6mos1w6d)
Brute-Force
Bad Web Bot
πΊπΈ
bigscoots.com
2026-06-09 20:37:44
(4 hours ago)
(PERMBLOCK) 34.53.166.154 (BE/Belgium/154.166.53.34.bc.googleusercontent.com) has had more than 4 te ...
show more
(PERMBLOCK) 34.53.166.154 (BE/Belgium/154.166.53.34.bc.googleusercontent.com) has had more than 4 temp blocks in the last 86400 secs; Ports: *; Direction: 1; Trigger: LF_PERMBLOCK_COUNT; Logs:
show less
Brute-Force
SSH
πΊπΈ
TPI-Abuse
2026-06-09 20:37:08
(4 hours ago)
(mod_security) mod_security (id:210730) triggered by 34.53.166.154 (154.166.53.34.bc.googleuserconte ...
show more
(mod_security) mod_security (id:210730) triggered by 34.53.166.154 (154.166.53.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 16:37:05.690369 2026] [security2:error] [pid 5017:tid 5017] [client 34.53.166.154:43526] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.northwestarbor-culture.com.nwtree.com|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.northwestarbor-culture.com.nwtree.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "aih5cXoFnss41a60SAlK8gAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-09 19:10:23
(5 hours ago)
(mod_security) mod_security (id:210730) triggered by 34.53.166.154 (154.166.53.34.bc.googleuserconte ...
show more
(mod_security) mod_security (id:210730) triggered by 34.53.166.154 (154.166.53.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 15:10:19.425236 2026] [security2:error] [pid 5701:tid 5701] [client 34.53.166.154:38654] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||lamineparke.com|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lamineparke.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "aihlG6630wMVNtnw8frqVQAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-09 18:24:09
(6 hours ago)
(mod_security) mod_security (id:210730) triggered by 34.53.166.154 (154.166.53.34.bc.googleuserconte ...
show more
(mod_security) mod_security (id:210730) triggered by 34.53.166.154 (154.166.53.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 14:24:04.850422 2026] [security2:error] [pid 23950:tid 23987] [client 34.53.166.154:38548] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||mail.colinkyffinmusic.com|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.colinkyffinmusic.com"] [uri "/.config/gcloud/credentials.db"] [unique_id "aihaRIKUcWsIdWwzKu_5xgAAAcg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π§πͺ
voormedia
2026-06-09 17:58:35
(6 hours ago)
Accessed trap at '/actuator/env'
Web App Attack
2026-06-09 17:54:14
(6 hours ago)
(caddyscan) Scanner path probe from 34.53.166.154 (BE/Belgium/154.166.53.34.bc.googleusercontent.com ...
show more
(caddyscan) Scanner path probe from 34.53.166.154 (BE/Belgium/154.166.53.34.bc.googleusercontent.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 34.53.166.154 - - [09/Jun/2026:17:54:09 +0000] "GET /api/actuator/logfile HTTP/1.1"
[REDACTED] 200 2627 34.53.166.154 - - [09/Jun/2026:17:54:09 +0000] "GET /v1/actuator/env HTTP/1.1"
[REDACTED] 200 2627 34.53.166.154 - - [09/Jun/2026:17:54:09 +0000] "GET /v1/actuator/heapdump HTTP/1.1"
[REDACTED] 200 2627 34.53.166.154 - - [09/Jun/2026:17:54:09 +0000] "GET /app/actuator/logfile HTTP/1.1"
[REDACTED] 200 2627 34.53.166.154 - - [09/Jun/2026:17:54:09 +0000] "GET /v2/actuator/heapdump HTTP/1.1"
show less
Port Scan
2026-06-09 17:23:03
(7 hours ago)
Blocked by ModSec and CSF
Port Scan
πΊπΈ
TPI-Abuse
2026-06-09 15:16:06
(9 hours ago)
(mod_security) mod_security (id:210730) triggered by 34.53.166.154 (154.166.53.34.bc.googleuserconte ...
show more
(mod_security) mod_security (id:210730) triggered by 34.53.166.154 (154.166.53.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 11:16:02.883479 2026] [security2:error] [pid 32438:tid 32482] [client 34.53.166.154:46608] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||daviscountyossr.org|F|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "daviscountyossr.org"] [uri "/.config/gcloud/credentials.db"] [unique_id "aiguMrPZa_YMaWlXT3OSZgAAAYI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
DEV-DNS
2026-06-09 14:15:33
(10 hours ago)
(mod_security) mod_security triggered on hostname [redacted])
SQL Injection
π©πͺ
updown.io
2026-06-09 14:06:23
(10 hours ago)
{"level":"info","ts":1781013981.7645543,"logger":"http.log.access.log1","msg":"handled request","req ...
show more
{"level":"info","ts":1781013981.7645543,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"34.53.166.154","remote_port":"34442","client_ip":"34.53.166.154","proto":"HTTP/1.1","method":"GET","host":"fedcbaupdate.yxupdate.ponqponmlkjihgbwwwc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io","uri":"/actuator/heapdump","headers":{"User-Agent":["Mozilla/5.0 (Linux; Android 7.1.1; 1607-A01 Build/NMF26F; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/66.0.3359.126 MQQBrowser/6.2 TBS/044807 Mobile Safari/537.36 MMWEBID/2867 MicroMessenger/7.0.6.1460(0x27000634) Process/tools NetType/WIFI Language/zh_CN"],"Accept-Charset":["utf-8"],"Accept-Encoding":["gzip"],"Connection":["close"]}},"bytes_read":0,"user_id":"","duration":0.000049204,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://fedcbaupdate.yxupdate.ponqponmlkjihgbwwwc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io/actu
...
show less
DDoS Attack
Web App Attack
2026-06-09 10:32:34
(14 hours ago)
CrowdSec ban: crowdsecurity/http-probing
Port Scan
π©π°
ScamAware
2026-06-09 09:39:31
(15 hours ago)
Detected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensiti ...
show more
Detected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensitive files, source control, config, and backups). Hits from same IP in last 60 minutes: 97. Unique request paths counted internally: 97. Cloudflare action: block. Cloudflare source: firewallCustom.
show less
Web App Attack
2026-06-09 07:46:37
(17 hours ago)
Multiple web server 400 error codes from same source ip
Web App Attack
π¦πΊ
aranguren.org
2026-06-09 06:57:06
(17 hours ago)
34.53.166.154 - - [09/Jun/2026:16:57:05 +1000] "GET /.azure/credentials HTTP/1.1" 404 995 "-" "Mozil ...
show more
34.53.166.154 - - [09/Jun/2026:16:57:05 +1000] "GET /.azure/credentials HTTP/1.1" 404 995 "-" "Mozilla/5.0 (SymbianOS 9.4; Series60/5.0 NokiaN97-1/10.0.012; Profile/MIDP-2.1 Configuration/CLDC-1.1; en-us) AppleWebKit/525 (KHTML, like Gecko) WicKed/7.1.12344"
34.53.166.154 - - [09/Jun/2026:16:57:05 +1000] "GET /configprops HTTP/1.1" 404 995 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.25 Safari/537.36 Core/1.70.3722.400 QQBrowser/10.5.3739.400"
34.53.166.154 - - [09/Jun/2026:16:57:05 +1000] "GET /actuator/httptrace HTTP/1.1" 404 995 "-" "Mozilla/5.0 (MSIE 9.0; Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 Edge/14.14931"
34.53.166.154 - - [09/Jun/2026:16:57:05 +1000] "GET /threaddump HTTP/1.1" 404 995 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.1 Safari/605.1.15"
34.53.166.154 - - [09/Jun/2026:16:57:05 +1000] "GET /actua
...
show less
Bad Web Bot