๐ฉ๐ช
ghostwarriors
2026-07-07 06:51:24
(5 hours ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
Smish
2026-06-27 11:59:03
(1 week ago)
HONEYPOT HIT --> Fail2ban time=1782561541 log=2026-06-27T12:59:01+01:00 ip=194.195.91.6 host=direct. ...
show more
HONEYPOT HIT --> Fail2ban time=1782561541 log=2026-06-27T12:59:01+01:00 ip=194.195.91.6 host=direct.smishcraft.com method=GET uri="/logs/django.log" status=404 ua="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36" ref="-" rid=09c92795cf9269a63980a51bc343b057
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 11:35:15
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 194.195.91.6 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 194.195.91.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 07:34:52.555830 2026] [security2:error] [pid 31465:tid 31465] [client 194.195.91.6:58929] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.johneiden.com"] [uri "/.env.prod"] [unique_id "aj-1XCSVlCMJMM9fdlsSrwAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 10:56:21
(1 week ago)
(mod_security) mod_security (id:210730) triggered by 194.195.91.6 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 194.195.91.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 06:56:08.368525 2026] [security2:error] [pid 26359:tid 26359] [client 194.195.91.6:28619] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||heytechiesshow.com|F|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "heytechiesshow.com"] [uri "/logs/django.log"] [unique_id "aj-sSL0W--5v0L4ChLyjPwAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-27 10:28:21
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 194.195.91.6 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 194.195.91.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 06:28:06.955593 2026] [security2:error] [pid 14686:tid 14686] [client 194.195.91.6:52027] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.lyounglaw.com"] [uri "/.env"] [unique_id "aj-ltibMXVIY4hWZLjO4RwAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Mykola Spesivtsev
2026-06-27 08:23:32
(1 week ago)
HTTP Tarpit detected bot activity:TargetPort:443, Path:/api/.env, Method:GET, UA:Mozilla/5.0 (Window ...
show more
HTTP Tarpit detected bot activity:TargetPort:443, Path:/api/.env, Method:GET, UA:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36
show less
Port Scan
Web App Attack
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-27 07:56:07
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 194.195.91.6 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 194.195.91.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 03:55:49.798817 2026] [security2:error] [pid 4333:tid 4333] [client 194.195.91.6:22687] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.iwsa.info"] [uri "/.env.prod"] [unique_id "aj-CBY04zNu_6UCGuLFm1wAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
Mykola Spesivtsev
2026-06-27 04:36:46
(1 week ago)
HTTP Tarpit detected bot activity:TargetPort:443, Path:/manage.py, Method:GET, UA:Mozilla/5.0 (Macin ...
show more
HTTP Tarpit detected bot activity:TargetPort:443, Path:/manage.py, Method:GET, UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 Version/17.4 Safari/605.1.15
show less
Port Scan
Web App Attack
Bad Web Bot
๐ฉ๐ช
Mykola Spesivtsev
2026-06-27 03:25:10
(1 week ago)
HTTP Tarpit detected bot activity:TargetPort:443, Path:/info.php, Method:GET, UA:Mozilla/5.0 (X11; L ...
show more
HTTP Tarpit detected bot activity:TargetPort:443, Path:/info.php, Method:GET, UA:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 Chrome/124.0.0.0 Safari/537.36
show less
Port Scan
Web App Attack
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-27 02:10:33
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 194.195.91.6 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 194.195.91.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 22:09:21.922160 2026] [security2:error] [pid 19162:tid 19162] [client 194.195.91.6:35173] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "trafficstopper.com"] [uri "/.htaccess"] [unique_id "aj8w0fgyiAX6hz31-phiFwAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-26 22:29:53
(1 week ago)
194.195.91.6 - - [27/Jun/2026:01:29:23 +0300] "GET /docker-compose.yml HTTP/1.1" 404 264
194.195.91. ...
show more
194.195.91.6 - - [27/Jun/2026:01:29:23 +0300] "GET /docker-compose.yml HTTP/1.1" 404 264
194.195.91.6 - - [27/Jun/2026:01:29:26 +0300] "GET /.env.local HTTP/1.1" 403 249
194.195.91.6 - - [27/Jun/2026:01:29:52 +0300] "GET /.env.old HTTP/1.1" 403 247
show less
Bad Web Bot
Anonymous
2026-06-26 18:57:50
(1 week ago)
fail2ban_an apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [uri "/.env.m ...
show more
fail2ban_an apache-modsecurity [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [uri "/.env.master"]
show less
Bad Web Bot
Web App Attack
Anonymous
2026-06-26 18:37:40
(1 week ago)
194.195.91.6 - - [26/Jun/2026:18:37:39 +0000] "GET /.env.save HTTP/1.1" 404 6973 "-" "Mozilla/5.0 (W ...
show more
194.195.91.6 - - [26/Jun/2026:18:37:39 +0000] "GET /.env.save HTTP/1.1" 404 6973 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0"
...
show less
Brute-Force
Web App Attack
Anonymous
2026-06-26 17:58:42
(1 week ago)
[Fri Jun 26 19:58:06.827045 2026] [authz_core:error] [pid 720764] [client 194.195.91.6:46751] AH0163 ...
show more
[Fri Jun 26 19:58:06.827045 2026] [authz_core:error] [pid 720764] [client 194.195.91.6:46751] AH01630: client denied by server configuration: /var/www/html/default/actuator
[Fri Jun 26 19:58:09.739822 2026] [authz_core:error] [pid 720810] [client 194.195.91.6:59521] AH01630: client denied by server configuration: /var/www/html/default/actuator
[Fri Jun 26 19:58:11.854557 2026] [authz_core:error] [pid 712205] [client 194.195.91.6:20577] AH01630: client denied by server configuration: /var/www/html/default/debug-probe-xyz-123
[Fri Jun 26 19:58:30.522202 2026] [authz_core:error] [pid 720764] [client 194.195.91.6:51141] AH01630: client denied by server configuration: /var/www/html/default/symfony.lock
[Fri Jun 26 19:58:41.890310 2026] [authz_core:error] [pid 712196] [client 194.195.91.6:59085] AH01630: client denied by server configuration: /var/www/html/default/.env.development.local
...
show less
Web App Attack
Anonymous
2026-06-18 11:54:54
(2 weeks ago)
(PERMBLOCK) 194.195.91.6 (SE/Sweden/-) has had more than 4 temp blocks
Hacking