JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 194.195.91.4

194.195.91.4 was found in our database!

This IP was reported 95 times. Confidence of Abuse is 77%: ?

77%

ISP	TerraTransit AG
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	terratransit.de
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 194.195.91.4

Whois 194.195.91.4

IP Abuse Reports for 194.195.91.4:

This IP address has been reported a total of 95 times from 52 distinct sources. 194.195.91.4 was first reported on September 19th 2021, and the most recent report was 7 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-27 15:54:09 (7 hours ago)	Web App Attack	Brute-Force Exploited Host Web App Attack
🇬🇧 Smish	2026-06-27 11:58:48 (11 hours ago)	HONEYPOT HIT --> Fail2ban time=1782561527 log=2026-06-27T12:58:47+01:00 ip=194.195.91.4 host=direct. ... show more HONEYPOT HIT --> Fail2ban time=1782561527 log=2026-06-27T12:58:47+01:00 ip=194.195.91.4 host=direct.smishcraft.com method=GET uri="/info.php" status=404 ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36" ref="-" rid=e9c4c6c35c9b24d228dad3ddd24625ca show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 11:35:40 (11 hours ago)	(mod_security) mod_security (id:210492) triggered by 194.195.91.4 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 194.195.91.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 07:34:57.456111 2026] [security2:error] [pid 5932:tid 5932] [client 194.195.91.4:53871] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.johneiden.com"] [uri "/.env.production"] [unique_id "aj-1YXvFZ-Rm5lwMK8Y3sgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 07:56:18 (15 hours ago)	(mod_security) mod_security (id:210492) triggered by 194.195.91.4 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 194.195.91.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 03:55:38.229948 2026] [security2:error] [pid 3449:tid 3449] [client 194.195.91.4:63383] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.iwsa.info"] [uri "/.env"] [unique_id "aj-B-u_u0CXbJ8TFLzkPmAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Marten Mark	2026-06-27 06:16:25 (17 hours ago)	194.195.91.4 - - [27/Jun/2026:06:16:23 +0000] "GET /.env.local HTTP/1.1" 404 552 "-" "Mozilla/5.0 (X ... show more 194.195.91.4 - - [27/Jun/2026:06:16:23 +0000] "GET /.env.local HTTP/1.1" 404 552 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36" ... show less	Web App Attack Bad Web Bot
🇩🇪 Mykola Spesivtsev	2026-06-27 05:36:26 (17 hours ago)	HTTP Tarpit detected bot activity:TargetPort:443, Path:/config/services.yaml, Method:GET, UA:Mozilla ... show more HTTP Tarpit detected bot activity:TargetPort:443, Path:/config/services.yaml, Method:GET, UA:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36 show less	Port Scan Web App Attack Bad Web Bot
🇩🇪 Mykola Spesivtsev	2026-06-27 04:00:37 (19 hours ago)	HTTP Tarpit detected bot activity:TargetPort:80, Path:/settings.py, Method:GET, UA:Mozilla/5.0 (Wind ... show more HTTP Tarpit detected bot activity:TargetPort:80, Path:/settings.py, Method:GET, UA:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36 show less	Port Scan Web App Attack Bad Web Bot
🇩🇪 Mykola Spesivtsev	2026-06-27 02:24:53 (21 hours ago)	HTTP Tarpit detected bot activity:TargetPort:80, Path:/xyzabc123_not_exist_probe, Method:GET, UA:Moz ... show more HTTP Tarpit detected bot activity:TargetPort:80, Path:/xyzabc123_not_exist_probe, Method:GET, UA:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36 show less	Port Scan Web App Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-27 02:10:46 (21 hours ago)	(mod_security) mod_security (id:210492) triggered by 194.195.91.4 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 194.195.91.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 22:09:21.914648 2026] [security2:error] [pid 19686:tid 19686] [client 194.195.91.4:59821] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "trafficstopper.com"] [uri "/.htaccess"] [unique_id "aj8w0RCQNj9bdLY7GzDTKAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mccsoft.io	2026-06-27 00:07:00 (23 hours ago)	Web application attack / vulnerability scanning. Source sent 1 HTTP request(s) (1 distinct paths) to ... show more Web application attack / vulnerability scanning. Source sent 1 HTTP request(s) (1 distinct paths) to our public nginx web server on TCP 80/443, probing blocked/sensitive paths; all returned HTTP 444 (connection closed by security rule, jail nginx-444). Sample requests: GET /wp-config.php. User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 Version/17.4 Safari/6. Observed 2026-06-27 00:06:02 UTC. TCP handshake completed (requests fully received). Categories: Web App Attack / Bad Web Bot. show less	Bad Web Bot Web App Attack
🇩🇪 kkwemi	2026-06-26 20:34:53 (1 day ago)	Blocked by block-exploit-paths on /.env.old	Bad Web Bot
Anonymous	2026-06-26 18:37:14 (1 day ago)	194.195.91.4 - - [26/Jun/2026:18:37:13 +0000] "GET /.env HTTP/1.1" 404 6978 "-" "Mozilla/5.0 (Macint ... show more 194.195.91.4 - - [26/Jun/2026:18:37:13 +0000] "GET /.env HTTP/1.1" 404 6978 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4) AppleWebKit/537.36 Chrome/123.0.0.0 Safari/537.36" ... show less	Brute-Force Web App Attack
Anonymous	2026-06-26 17:58:58 (1 day ago)	194.195.91.4 - - [26/Jun/2026:19:58:57 +0200] "GET /application/.env HTTP/1.1" 403 2368 "-" "Mozilla ... show more 194.195.91.4 - - [26/Jun/2026:19:58:57 +0200] "GET /application/.env HTTP/1.1" 403 2368 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0" ... show less	Brute-Force Web App Attack
Anonymous	2026-06-18 13:12:42 (1 week ago)	(wordpress) Failed wordpress login from 194.195.91.4 (SE/Sweden/-)	Brute-Force
🇫🇷 dynamix	2026-06-18 07:03:26 (1 week ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack

Showing 1 to 15 of 95 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 185.180.141.39

🇦🇷 149.107.222.79

🇳🇱 91.92.40.176

🇨🇦 85.217.149.28

🇷🇺 62.231.20.54

🇨🇳 175.165.87.55

🇺🇸 172.114.124.233

🇻🇳 115.78.9.138

🇨🇳 112.86.225.149

🇩🇪 94.26.106.80

🇳🇱 45.156.87.7

🇺🇸 45.3.39.2

🇩🇪 43.228.157.82

🇨🇳 218.13.214.18

🇪🇸 185.121.15.184

🇬🇧 165.232.39.111

🇷🇺 151.252.84.225

🇺🇸 147.185.132.165

🇩🇪 104.207.56.216

🇮🇷 86.57.63.158