JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 128.140.96.46

128.140.96.46 was found in our database!

This IP was reported 67 times. Confidence of Abuse is 100%: ?

100%

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Hostname(s)	static.46.96.140.128.clients.your-server.de
Domain Name	hetzner.com
Country	🇩🇪 Germany
City	Nuremberg, Bavaria

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 128.140.96.46

Whois 128.140.96.46

IP Abuse Reports for 128.140.96.46:

This IP address has been reported a total of 67 times from 52 distinct sources. 128.140.96.46 was first reported on June 21st 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 andreighitan	2026-06-25 13:53:35 (1 day ago)	Automated exploit scanner — credential harvesting (.env, wp-config, .yarnrc), PHPUnit RCE CVE-2017-9 ... show more Automated exploit scanner — credential harvesting (.env, wp-config, .yarnrc), PHPUnit RCE CVE-2017-9841, OpenWRT Luci RCE CVE-2023-1767, Hikvision probe against WordPress hosting server. Sustained attack campaign since April 2026. show less	Web App Attack
Anonymous	2026-06-25 09:25:05 (1 day ago)	128.140.96.46 - - [25/Jun/2026:06:25:04 -0300] "GET /.env HTTP/1.1" 404 118 "-" "Mozilla/5.0 (compat ... show more 128.140.96.46 - - [25/Jun/2026:06:25:04 -0300] "GET /.env HTTP/1.1" 404 118 "-" "Mozilla/5.0 (compatible)" 128.140.96.46 - - [25/Jun/2026:06:25:04 -0300] "GET /.env.production HTTP/1.1" 404 118 "-" "Mozilla/5.0 (compatible)" ... show less	Port Scan
Anonymous	2026-06-25 08:07:09 (1 day ago)	UFW blocked 3 unsolicited TCP packet(s) in last 65 minutes ago. Destination port(s): 3000,8080,9090. ... show more UFW blocked 3 unsolicited TCP packet(s) in last 65 minutes ago. Destination port(s): 3000,8080,9090. Server has no public-facing services; all blocks are uninvited. show less	Port Scan
Anonymous	2026-06-25 05:43:34 (1 day ago)	Blocked by ModSec and CSF	Port Scan
🇫🇷 -SK-	2026-06-25 01:54:15 (1 day ago)	DUS - (f2b weechat-relay massive attemts)	Brute-Force Port Scan Web App Attack
🇩🇪 reznekcs	2026-06-25 00:44:54 (1 day ago)	F2B apache-noscript ban. Logs: [Thu Jun 25 02:44:50.556202 2026] [proxy_fcgi:error] [pid 1124635] [c ... show more F2B apache-noscript ban. Logs: [Thu Jun 25 02:44:50.556202 2026] [proxy_fcgi:error] [pid 1124635] [client 128.140.96.46:56916] AH01071: Got error 'Primary script unknown' [Thu Jun 25 02:44:53.583028 2026] [proxy_fcgi:error] [pid 1124635] [client 128.140.96.46:56916] AH01071: Got error 'Primary script unknown' [Thu Jun 25 02:44:53.887691 2026] [proxy_fcgi:error] [pid 1126296] [client 128.140.96.46:56960] AH01071: Got error 'Primary script unknown' show less	Web App Attack
🇬🇧 OptimusGO	2026-06-24 21:05:06 (1 day ago)	Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Time ... show more Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Timestamp: 2026-06-24 22:05:05 UTC Log evidence: 06/24/2026-22:05:05.219549 [] [1:1000103:1] SECURITY Management Port Probe - CRITICAL [] [Classification: Attempted Administrator Privilege Gain] [Priority: 1] {TCP} 128.140.96.46:55064 -> 185.127.18.66:8080 show less	Port Scan Brute-Force
🇩🇪 vmd56152.contaboserver.net	2026-06-24 18:22:58 (2 days ago)	128.140.96.46 - - [24/Jun/2026:20:22:53 +0200] "GET /fetch?url=http://169.254.169.254/latest/meta-da ... show more 128.140.96.46 - - [24/Jun/2026:20:22:53 +0200] "GET /fetch?url=http://169.254.169.254/latest/meta-data/iam/security-credentials/ HTTP/1.1" 404 196 "-" "Mozilla/5.0 (compatible)" 128.140.96.46 - - [24/Jun/2026:20:22:53 +0200] "GET /fetch?url=http://169.254.169.254/latest/meta-data/iam/info HTTP/1.1" 404 196 "-" "Mozilla/5.0 (compatible)" 128.140.96.46 - - [24/Jun/2026:20:22:54 +0200] "GET /fetch?url=http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token HTTP/1.1" 404 196 "-" "Mozilla/5.0 (compatible)" 128.140.96.46 - - [24/Jun/2026:20:22:54 +0200] "GET /fetch?uri=http://169.254.169.254/latest/meta-data/iam/security-credentials/ HTTP/1.1" 404 196 "-" "Mozilla/5.0 (compatible)" 128.140.96.46 - - [24/Jun/2026:20:22:55 +0200] "GET /fetch?uri=http://169.254.169.254/latest/meta-data/iam/info HTTP/1.1" 404 196 "-" "Mozilla/5.0 (compatible)" 128.140.96.46 - - [24/Jun/2026:20:22:55 +0200] "GET /fetch?uri=http://metadata.google.internal/computeMetadata/v1/insta ... show less	Brute-Force
🇫🇷 Dechavanne	2026-06-24 18:00:09 (2 days ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇫🇷 masterguru	2026-06-24 17:22:28 (2 days ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-197)	Hacking Bad Web Bot
🇫🇷 Baking333	2026-06-24 13:26:01 (2 days ago)	redacted:443 128.140.96.46 - - [24/Jun/2026:14:25:58 +0100] "GET /.[redacted] HTTP/1.1" 200 5340 0/5 ... show more redacted:443 128.140.96.46 - - [24/Jun/2026:14:25:58 +0100] "GET /.[redacted] HTTP/1.1" 200 5340 0/53274 "-" "Mozilla/5.0 (compatible)" redacted:443 128.140.96.46 - - [24/Jun/2026:14:25:58 +0100] "GET /.[redacted] HTTP/1.1" 200 5340 0/62025 "-" "Mozilla/5.0 (compatible)" show less	Bad Web Bot Web App Attack
🇫🇷 sthoyer.de	2026-06-24 12:46:58 (2 days ago)	128.140.96.46 - - [24/Jun/2026:14:46:56 +0200] "GET /.env.local HTTP/1.1" 302 495 "-" "Mozilla/5.0 ( ... show more 128.140.96.46 - - [24/Jun/2026:14:46:56 +0200] "GET /.env.local HTTP/1.1" 302 495 "-" "Mozilla/5.0 (compatible)" 128.140.96.46 - - [24/Jun/2026:14:46:56 +0200] "GET /.env.staging HTTP/1.1" 302 495 "-" "Mozilla/5.0 (compatible)" 128.140.96.46 - - [24/Jun/2026:14:46:56 +0200] "GET /.env HTTP/1.1" 302 495 "-" "Mozilla/5.0 (compatible)" ... show less	Web App Attack
🇫🇷 dwmp	2026-06-24 09:11:36 (2 days ago)	[24/Jun/2026:11:11:35.484808 +0200] ajufR6e9EmYtNzNxVpsfJwAAAAg 128.140.96.46 36070 38.242.227.117 7 ... show more [24/Jun/2026:11:11:35.484808 +0200] ajufR6e9EmYtNzNxVpsfJwAAAAg 128.140.96.46 36070 38.242.227.117 7080 [24/Jun/2026:11:11:35.485037 +0200] ajufR5wOP4DQFnD@UuM18wAAAMA 128.140.96.46 36066 38.242.227.117 7080 [24/Jun/2026:11:11:35.485429 +0200] ajufR@zrPSUMY1TdCw-HVgAAAIw 128.140.96.46 36068 38.242.227.117 7080 ... show less	Brute-Force SSH
🇫🇷 maxxsense	2026-06-24 08:55:48 (2 days ago)	(mod_security) mod_security triggered on hostname [redacted] 128.140.96.46 (DE/Germany/static.46.96. ... show more (mod_security) mod_security triggered on hostname [redacted] 128.140.96.46 (DE/Germany/static.46.96.140.128.clients.your-server.de) show less	SQL Injection
🇫🇷 HerrWolf	2026-06-24 06:30:05 (2 days ago)	CrowdSec Detection: crowdsecurity/http-probing	Web App Attack

Showing 1 to 15 of 67 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 139.59.132.8

🇩🇪 194.187.176.91

🇨🇳 183.210.230.119

🇺🇸 164.92.107.174

🇮🇳 159.65.144.72

🇺🇸 107.175.145.85

🇳🇱 91.92.40.231

🇨🇳 39.154.8.242

🇺🇸 20.163.2.35

🇻🇳 14.225.253.26

🇺🇸 3.235.179.87

🇺🇸 205.185.116.245

🇯🇵 202.212.191.16

🇺🇸 172.236.228.218

🇨🇦 142.44.220.145

🇫🇷 104.28.243.187

🇳🇱 45.148.10.147

🇺🇸 40.77.167.35

🇮🇳 182.19.35.57

🇨🇳 111.18.16.197