๐ง๐ท
Halux
2026-07-01 11:49:54
(53 minutes ago)
27.150.128.157 Probing protected path or service
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 11:05:17
(1 hour ago)
(mod_security) mod_security (id:210492) triggered by 27.150.128.157 (157.128.150.27.broad.xm.fj.dyna ...
show more
(mod_security) mod_security (id:210492) triggered by 27.150.128.157 (157.128.150.27.broad.xm.fj.dynamic.163data.com.cn): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 07:05:02.206636 2026] [security2:error] [pid 20210:tid 20210] [client 27.150.128.157:54842] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.thirdplanettechnology.space.ieas.org"] [uri "/.env"] [unique_id "akT0XmhwVFbF4qzJAwrNhAAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
electra
2026-07-01 07:55:22
(4 hours ago)
Attempted to access path /.env.local (GET request)
Hacking
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 03:38:20
(9 hours ago)
(mod_security) mod_security (id:210492) triggered by 27.150.128.157 (157.128.150.27.broad.xm.fj.dyna ...
show more
(mod_security) mod_security (id:210492) triggered by 27.150.128.157 (157.128.150.27.broad.xm.fj.dynamic.163data.com.cn): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 23:38:16.402056 2026] [security2:error] [pid 9288:tid 9288] [client 27.150.128.157:55512] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kippert.com"] [uri "/.env.development"] [unique_id "akSLqFAnN1N7Z6ondcKSKwAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-01 01:48:15
(10 hours ago)
27.150.128.157 - - [01/Jul/2026:03:48:04 +0200] "GET /docker-compose.yaml HTTP/1.1" 404 567 "-" "Moz ...
show more
27.150.128.157 - - [01/Jul/2026:03:48:04 +0200] "GET /docker-compose.yaml HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
27.150.128.157 - - [01/Jul/2026:03:48:04 +0200] "GET /docker-compose.override.yml HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
27.150.128.157 - - [01/Jul/2026:03:48:05 +0200] "GET /docker-compose.dev.yml HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
27.150.128.157 - - [01/Jul/2026:03:48:05 +0200] "GET /docker-compose.prod.yml HTTP/1.1" 404 567 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
27.150.128.157 - - [01/Jul/2026:03:48:08 +0200] "GET /config.json HTTP/1.1" 404 567 "-" "
...
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 01:40:23
(11 hours ago)
(mod_security) mod_security (id:210492) triggered by 27.150.128.157 (157.128.150.27.broad.xm.fj.dyna ...
show more
(mod_security) mod_security (id:210492) triggered by 27.150.128.157 (157.128.150.27.broad.xm.fj.dynamic.163data.com.cn): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 21:40:19.648007 2026] [security2:error] [pid 31537:tid 31551] [client 27.150.128.157:34710] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "velatorioslucenses.com"] [uri "/.env"] [unique_id "akRwAyS8Ia05JJRTeT-d6QAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
IloGus
2026-07-01 01:30:29
(11 hours ago)
WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail
Web App Attack
๐ท๐บ
DZBOT
2026-07-01 01:21:57
(11 hours ago)
DZBOT: Website Scanning / Scraping
Bad Web Bot
Exploited Host
Web App Attack
๐ฉ๐ช
onlyops.app
2026-07-01 01:00:12
(11 hours ago)
Web application firewall (ModSecurity) detected malicious traffic | detected by Fail2Ban (plesk-mods ...
show more
Web application firewall (ModSecurity) detected malicious traffic | detected by Fail2Ban (plesk-modsecurity jail) | onlyops.app
show less
Exploited Host
๐ฉ๐ช
big-cloud.nl
2026-07-01 00:42:32
(12 hours ago)
Try to access /.env
Web App Attack
๐ณ๐ฑ
wlt-blocker
2026-06-30 23:32:06
(13 hours ago)
Unauthorized access to webpage admin
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 22:51:57
(13 hours ago)
(mod_security) mod_security (id:210492) triggered by 27.150.128.157 (157.128.150.27.broad.xm.fj.dyna ...
show more
(mod_security) mod_security (id:210492) triggered by 27.150.128.157 (157.128.150.27.broad.xm.fj.dynamic.163data.com.cn): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 18:51:50.749997 2026] [security2:error] [pid 3117:tid 3117] [client 27.150.128.157:46000] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bloomingdiner.com.convoyforkids.com"] [uri "/.env"] [unique_id "akRIhjoLGvojf-XwwXDE0wAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
LRNP
2026-06-30 22:45:14
(13 hours ago)
experiments.lpoujol.fr:443 27.150.128.157 - - [30/Jun/2026:22:45:10 +0000] "GET /.env.sample HTTP/1. ...
show more
experiments.lpoujol.fr:443 27.150.128.157 - - [30/Jun/2026:22:45:10 +0000] "GET /.env.sample HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
experiments.lpoujol.fr:443 27.150.128.157 - - [30/Jun/2026:22:45:11 +0000] "GET /.env.dist HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
experiments.lpoujol.fr:443 27.150.128.157 - - [30/Jun/2026:22:45:11 +0000] "GET /.env.template HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
experiments.lpoujol.fr:443 27.150.128.157 - - [30/Jun/2026:22:45:11 +0000] "GET /.env.production.local HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36 (Silvy X Ran)"
experiments.lpoujo
...
show less
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-06-30 22:25:32
(14 hours ago)
Excessive multi-domain requests
Brute-Force
๐ฉ๐ช
DEV-DNS
2026-06-30 22:04:44
(14 hours ago)
(mod_security) mod_security triggered on hostname [redacted])
SQL Injection