JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 148.251.71.9

148.251.71.9 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 91%: ?

91%

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Hostname(s)	static.9.71.251.148.clients.your-server.de
Domain Name	hetzner.de
Country	🇩🇪 Germany
City	Falkenstein, Saxony

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 148.251.71.9

Whois 148.251.71.9

IP Abuse Reports for 148.251.71.9:

This IP address has been reported a total of 23 times from 16 distinct sources. 148.251.71.9 was first reported on June 11th 2026, and the most recent report was 36 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-12 22:28:06 (36 minutes ago)	(mod_security) mod_security (id:210580) triggered by 148.251.71.9 (static.9.71.251.148.clients.your- ... show more (mod_security) mod_security (id:210580) triggered by 148.251.71.9 (static.9.71.251.148.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 18:28:02.411857 2026] [security2:error] [pid 18712:tid 18712] [client 148.251.71.9:51750] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "parameters.yml" at ARGS:file. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt\|\|kippert.com\|F\|2"] [data "Matched Data: parameters.yml found within ARGS:file: config/parameters.yml"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "kippert.com"] [uri "/index.php/_profiler/open"] [unique_id "aiyH8vyK6emzBM3vsVyEyAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Octopuce	2026-06-12 22:18:07 (46 minutes ago)	Aggressive web search of vulnerable pages: /application.yml /.env /.env.local /public/.env /laravel/ ... show more Aggressive web search of vulnerable pages: /application.yml /.env /.env.local /public/.env /laravel/.env ... show less	Web App Attack
🇮🇹 ciccio diddo	2026-06-12 21:13:50 (1 hour ago)	CMS/WP Exploit multiple 40X port:Tcp/80,443	Brute-Force Web App Attack
🇺🇸 chrisj	2026-06-12 20:53:43 (2 hours ago)	[Fri Jun 12 20:53:42.910084 2026] [proxy_fcgi:error] [pid 69693:tid 69703] [remote 148.251.71.9:5518 ... show more [Fri Jun 12 20:53:42.910084 2026] [proxy_fcgi:error] [pid 69693:tid 69703] [remote 148.251.71.9:55182] AH01071: Got error 'Primary script unknown' [Fri Jun 12 20:53:43.014915 2026] [proxy_fcgi:error] [pid 69693:tid 69704] [remote 148.251.71.9:55182] AH01071: Got error 'Primary script unknown' [Fri Jun 12 20:53:43.119855 2026] [proxy_fcgi:error] [pid 69693:tid 69710] [remote 148.251.71.9:55182] AH01071: Got error 'Primary script unknown' ... show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-12 19:40:26 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 148.251.71.9 (static.9.71.251.148.clients.your- ... show more (mod_security) mod_security (id:210492) triggered by 148.251.71.9 (static.9.71.251.148.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 15:40:19.164234 2026] [security2:error] [pid 6149:tid 6149] [client 148.251.71.9:53565] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.grampys.toys"] [uri "/wp-config.php.bak"] [unique_id "aixgo6j2LVAhq_Q31Cx7YAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 LSPCCU	2026-06-12 19:09:56 (3 hours ago)	TSEC Honeypot Network report. Threat score: 100/100. Categories: Port Scan, Hacking, Brute-Force, We ... show more TSEC Honeypot Network report. Threat score: 100/100. Categories: Port Scan, Hacking, Brute-Force, Web App Attack, SSH. Honeypot: ssh-telnet, cowrie. Context: Attacker IP 148. show less	Port Scan Hacking Brute-Force Web App Attack SSH
🇳🇱 Site.eu	2026-06-12 18:05:32 (4 hours ago)	Excessive multi-domain requests	Brute-Force
🇺🇸 TPI-Abuse	2026-06-12 16:34:57 (6 hours ago)	(mod_security) mod_security (id:210492) triggered by 148.251.71.9 (static.9.71.251.148.clients.your- ... show more (mod_security) mod_security (id:210492) triggered by 148.251.71.9 (static.9.71.251.148.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 12:34:51.212614 2026] [security2:error] [pid 31314:tid 31314] [client 148.251.71.9:59575] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "route66choir.banis-associates.com"] [uri "/wp-config.php.bak"] [unique_id "aiw1K7g6gV4jz8z-XIbhgQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 15:54:25 (7 hours ago)	(mod_security) mod_security (id:210492) triggered by 148.251.71.9 (static.9.71.251.148.clients.your- ... show more (mod_security) mod_security (id:210492) triggered by 148.251.71.9 (static.9.71.251.148.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 11:54:18.662906 2026] [security2:error] [pid 18995:tid 18995] [client 148.251.71.9:57563] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "trailofcrumbs.com"] [uri "/wp-config.php.bak"] [unique_id "aiwrqm2TuDjtClvH_zUTqAAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 DZBOT	2026-06-12 15:47:37 (7 hours ago)	DZBOT: Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇺🇸 LotPhantom	2026-06-12 15:39:45 (7 hours ago)	2026/06/12 15:39:44 [error] 594837#594837: 19291 access forbidden by rule, client: 148.251.71.9, se ... show more 2026/06/12 15:39:44 [error] 594837#594837: 19291 access forbidden by rule, client: 148.251.71.9, server: staging-api.bridginggaps.tech, request: "GET /.env HTTP/2.0", host: "staging-api.bridginggaps.tech", referrer: "http://staging-api.bridginggaps.tech/.env" ... show less	Web App Attack
🇳🇱 wlt-blocker	2026-06-12 15:21:40 (7 hours ago)	Unauthorized access to webpage admin	Web App Attack
🇺🇸 kosada.com	2026-06-12 14:30:29 (8 hours ago)	Web vulnerability probing: /_profiler/phpinfo	Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 13:45:46 (9 hours ago)	(mod_security) mod_security (id:210492) triggered by 148.251.71.9 (static.9.71.251.148.clients.your- ... show more (mod_security) mod_security (id:210492) triggered by 148.251.71.9 (static.9.71.251.148.clients.your-server.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 09:45:38.893980 2026] [security2:error] [pid 29398:tid 29398] [client 148.251.71.9:52769] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.27"] [uri "/wp-config.php.bak"] [unique_id "aiwNgowXlw_CICq8akZrzgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-12 13:30:38 (9 hours ago)	Multiple web server 400 error codes from same source ip	Web App Attack

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇭 202.29.225.158

🇧🇪 198.235.24.216

🇹🇼 198.235.24.101

🇷🇺 138.124.69.150

🇸🇬 118.139.164.171

🇺🇸 192.169.197.123

🇺🇸 173.199.117.55

🇹🇭 147.50.231.135

🇨🇳 120.48.111.71

🇷🇴 80.94.92.164

🇺🇸 64.52.161.203

🇫🇷 51.68.34.131

🇦🇺 27.124.111.122

🇺🇦 2.63.234.138

🇷🇴 2.57.121.25

🇭🇰 152.32.170.55

🇫🇮 147.185.133.233

🇮🇪 134.149.58.221

🇺🇸 91.230.168.50

🇺🇸 66.132.195.72