Anonymous
2026-06-30 19:29:42
(16 hours ago)
Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER
Brute-Force
SSH
๐จ๐ฆ
Slackin' Jack
2026-06-30 18:53:22
(16 hours ago)
Unauthorized scraper/crawler on port 80/443. (195.128.248.33)
Bad Web Bot
๐ฉ๐ช
Honeypot-EU-Fru
2026-06-30 18:53:01
(16 hours ago)
195.128.248.33 - - [redacted] [30/Jun/2026:20:52:58 +0200] "GET /actuator/heapdump HTTP/1.1" 404 188 ...
show more
195.128.248.33 - - [redacted] [30/Jun/2026:20:52:58 +0200] "GET /actuator/heapdump HTTP/1.1" 404 188 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130
...
show less
Bad Web Bot
Web App Attack
๐จ๐ฆ
electronico
2026-06-30 16:57:49
(18 hours ago)
195.128.248.33 - - [01/Jul/2026:03:57:36 +1100] "GET /wp-json/fluent-smtp/v2/settings HTTP/1.1" 404 ...
show more
195.128.248.33 - - [01/Jul/2026:03:57:36 +1100] "GET /wp-json/fluent-smtp/v2/settings HTTP/1.1" 404 5878 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
195.128.248.33 - - [01/Jul/2026:03:57:38 +1100] "GET /wp-json/fluent-smtp/v1/settings HTTP/1.1" 404 5878 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
195.128.248.33 - - [01/Jul/2026:03:57:44 +1100] "GET /v1/secret/data/smtp HTTP/1.1" 404 5878 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
195.128.248.33 - - [01/Jul/2026:03:57:45 +1100] "GET /v1/kv/?recurse=true HTTP/1.1" 404 5878 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36"
195.128.248.33 - - [01/Jul/2026:03:57:45 +1100] "GET /job/%7B%7Bjob%7D%7D/lastBuild/consoleText HTTP/1.1" 404 5878 "-" "Mozilla/5.0
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 16:57:17
(18 hours ago)
(mod_security) mod_security (id:210492) triggered by 195.128.248.33 (dedicated.vsys.host): 1 in the ...
show more
(mod_security) mod_security (id:210492) triggered by 195.128.248.33 (dedicated.vsys.host): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 12:57:12.946303 2026] [security2:error] [pid 18374:tid 18374] [client 195.128.248.33:63304] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.59"] [uri "/.env"] [unique_id "akP1aI15sblBnZFAGg3bmAAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
donarev419
2026-06-30 03:50:03
(1 day ago)
Connection to port 443 with data transfer.
Data preview:
Port Scan
Hacking
๐บ๐ธ
sandra361
2026-06-30 03:22:43
(1 day ago)
Port scan detected: 13 attempts across 2 ports (443,80). | Evidence: GHOST_SCAN: IN=enp1s0 SRC=195.1 ...
show more
Port scan detected: 13 attempts across 2 ports (443,80). | Evidence: GHOST_SCAN: IN=enp1s0 SRC=195.128.248.33 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=26300 DF PROTO=TCP SPT=3674 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0
show less
Port Scan
๐ฉ๐ช
sandra361
2026-06-30 02:39:02
(1 day ago)
Port scan detected: 6 attempts across 2 ports (443,80). | Evidence: GHOST_SCAN: IN=ens3 SRC=195.128. ...
show more
Port scan detected: 6 attempts across 2 ports (443,80). | Evidence: GHOST_SCAN: IN=ens3 SRC=195.128.248.33 LEN=60 TOS=0x00 PREC=0x00 TTL=54 ID=10676 DF PROTO=TCP SPT=20052 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0
show less
Port Scan
๐ซ๐ท
GoodOldTOS
2026-06-23 00:45:52
(1 week ago)
Connection to MSSQL honeypot
Hacking
๐ฉ๐ช
dispaisyenterprises
2026-06-23 00:43:18
(1 week ago)
Honeypot [fra-de-honeypot]: MSSQL traffic (on 1433) without login credentials
Reported by DisPaisy E ...
show more
Honeypot [fra-de-honeypot]: MSSQL traffic (on 1433) without login credentials
Reported by DisPaisy Enterprises (dispaisy.systems) using: https://github.com/sefinek/T-Pot-To-AbuseIPDB
show less
Port Scan
๐ฉ๐ช
D3RP4UL
2026-06-23 00:43:17
(1 week ago)
MSSQL traffic (on 1433) without login credentials
Port Scan
๐ฉ๐ช
LRob.fr
2026-06-21 08:00:07
(1 week ago)
Repeated 404 errors, blocked by Fail2ban in custom-404 jail
Bad Web Bot
๐ฌ๐ง
consul.to
2026-06-17 12:28:23
(1 week ago)
Web attack/malicious scanning detected
Web App Attack
๐ฌ๐ท
setupgr
2026-06-17 12:26:09
(1 week ago)
(mod_security) mod_security (id:11000011) triggered by 195.128.248.33 (UA/Ukraine/Kyiv City/Kyiv/-/[ ...
show more
(mod_security) mod_security (id:11000011) triggered by 195.128.248.33 (UA/Ukraine/Kyiv City/Kyiv/-/[AS6698 VIRTUALSYSTEMS]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Wed Jun 17 15:26:04.312693 2026] [security2:error] [pid 2210175:tid 2210250] [client 195.128.248.33:57210] ModSecurity: Access denied with code 406 (phase 1). Matched phrase "vsys.host" at REMOTE_HOST. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "131"] [id "11000011"] [msg "BLOCKED BAD DOMAIN: dedicated.vsys.host"] [severity "CRITICAL"] [hostname "davids.gr"] [uri "/"] [unique_id "ajKSXH9oGssBgNwsPFtqFgAAAFI"]
show less
Port Scan