JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.94.9.249

172.94.9.249 was found in our database!

This IP was reported 144 times. Confidence of Abuse is 0%: ?

ISP	Secure Internet LLC (UK)
Usage Type	Data Center/Web Hosting/Transit
ASN	AS213790
Domain Name	btcloud.ro
Country	🇳🇱 Netherlands
City	Kerkrade, Limburg

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.94.9.249

Whois 172.94.9.249

IP Abuse Reports for 172.94.9.249:

This IP address has been reported a total of 144 times from 102 distinct sources. 172.94.9.249 was first reported on February 25th 2026, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-03-06 10:17:43 (2 months ago)	FortiWeb WAF: 908 attacks detected. Threat Score: 702300. Types: Client Management(454), Block IP Li ... show more FortiWeb WAF: 908 attacks detected. Threat Score: 702300. Types: Client Management(454), Block IP List(454). Origin: Netherlands. show less	Web App Attack
🇩🇪 SwiftServer	2026-03-06 06:12:38 (2 months ago)	172.94.9.249 - - [06/Mar/2026:08:12:34 +0200] "GET /.github/workflows HTTP/1.1" 403 195 "https://git ... show more 172.94.9.249 - - [06/Mar/2026:08:12:34 +0200] "GET /.github/workflows HTTP/1.1" 403 195 "https://github.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36" 172.94.9.249 - - [06/Mar/2026:08:12:37 +0200] "GET /.aws/config HTTP/1.1" 403 195 "https://www.reddit.com/" "Mozilla/5.0 (Linux; Android 14; Pixel 8 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Mobile Safari/537.36" 172.94.9.249 - - [06/Mar/2026:08:12:37 +0200] "GET /.env HTTP/1.1" 403 134 "https://news.ycombinator.com/" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 172.94.9.249 - - [06/Mar/2026:08:12:37 +0200] "GET /.git/refs/heads/master HTTP/1.1" 403 134 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3 Safari/605.1.15" 172.94.9.249 - - [06/Mar/2026:08:12:37 +0200] "GET /root/.s3cfg HTTP/1.1" 403 134 "https://www.google.com/" "Mozilla/5.0 (compatible; Googlebot/2 ... show less	Brute-Force Web App Attack
🇨🇭 YF	2026-03-06 06:05:02 (2 months ago)	Attempted access to sensitive files	Web App Attack
🇩🇪 bsoft.de	2026-03-06 04:26:22 (2 months ago)	172.94.9.249 - - [06/Mar/2026:05:26:21 +0100] "POST /ja?_cb=2956129238467890927 HTTP/1.1" 301 169 "- ... show more 172.94.9.249 - - [06/Mar/2026:05:26:21 +0100] "POST /ja?_cb=2956129238467890927 HTTP/1.1" 301 169 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)" show less	Bad Web Bot Web App Attack
🇩🇪 updown.io	2026-03-06 01:22:36 (2 months ago)	{"level":"info","ts":1772760155.3007226,"logger":"http.log.access.log1","msg":"handled request","req ... show more {"level":"info","ts":1772760155.3007226,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"172.94.9.249","remote_port":"55736","client_ip":"172.94.9.249","proto":"HTTP/1.1","method":"POST","host":"status.wlotzka.org","uri":"/api/users?_cb=2079502366109627924","headers":{"Next-Action":["24e61fb584593f44b16539a0711d7c67bbfa1998"],"X-Client-Ip":["127.0.0.1"],"Content-Type":["multipart/form-data; boundary=----WebKitFormBoundaryiueamdqjjibmpude"],"Accept":["/"],"Sec-Fetch-Site":["same-origin"],"Cache-Control":["no-cache, no-store, must-revalidate, max-age=0"],"X-Forwarded-For":["127.0.0.1"],"Accept-Encoding":["gzip"],"X-Real-Ip":["127.0.0.1"],"True-Client-Ip":["127.0.0.1"],"Content-Length":["715"],"Cf-Connecting-Ip":["127.0.0.1"],"Pragma":["no-cache"],"User-Agent":["Mozilla/5.0 (Linux; Android 14; Pixel 8 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Mobile Safari/537.36"],"Accept-Language":["pt-BR,pt;q=0.9,en;q=0.8"],"Sec-Fetch-Dest":["empty"], ... show less	DDoS Attack Web App Attack
🇺🇸 natdem.org	2026-03-05 21:11:43 (3 months ago)	Web: GraphQL probe, .env file probe, Config file probe	Web App Attack Hacking
🇬🇧 pinguin	2026-03-05 18:58:36 (3 months ago)	Triggered Cloudflare WAF (firewallManaged) from NL. Action taken: LOG Protocol: HTTP/1.1 (POST metho ... show more Triggered Cloudflare WAF (firewallManaged) from NL. Action taken: LOG Protocol: HTTP/1.1 (POST method) Endpoint: / UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇳🇱 i-turnradio.nl	2026-03-05 17:29:04 (3 months ago)	2026-03-05 18:29:04 (CET) ~ Blocked by abusescan risk assessment	Web App Attack
🇩🇪 bsoft.de	2026-03-05 14:37:41 (3 months ago)	172.94.9.249 - - [05/Mar/2026:15:37:40 +0100] "POST /api/auth/session?_cb=5854010666853465431 HTTP/1 ... show more 172.94.9.249 - - [05/Mar/2026:15:37:40 +0100] "POST /api/auth/session?_cb=5854010666853465431 HTTP/1.1" 301 169 "-" "Googlebot/2.1 (+http://www.google.com/bot.html)" show less	Bad Web Bot Web App Attack
🇩🇪 Interceptor_HQ	2026-03-05 10:16:44 (3 months ago)	request_uri: /?_cb=7350180915569146695 -- automatic report --	Brute-Force Hacking
🇳🇱 Site.eu	2026-03-05 09:32:17 (3 months ago)	Excessive multi-domain requests	Brute-Force
🇨🇱 ifiguero	2026-03-05 08:16:53 (3 months ago)	Web Attack (\x00\x00\x00\x00\x00). 7d ban	Web App Attack
🇩🇪 David Ferneding	2026-03-05 06:20:13 (3 months ago)	This IP was blocked by CrowdSec, triggering crowdsecurity/http-probing	Web App Attack Hacking
🇩🇪 David Ferneding	2026-03-05 06:04:32 (3 months ago)	This IP was blocked by CrowdSec, triggering LePresidente/http-generic-403-bf	Web App Attack Hacking
🇳🇿 Antinson	2026-03-05 03:10:52 (3 months ago)	Scraping with a high error ratio and request rate Requests to unauthorized or suspicious endpoints ( ... show more Scraping with a high error ratio and request rate Requests to unauthorized or suspicious endpoints (.git, .well-known, .php, etc.) show less	Bad Web Bot

Showing 1 to 15 of 144 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 185.223.235.28

🇩🇪 45.135.194.83

🇰🇷 220.118.173.234

🇮🇩 203.175.125.130

🇺🇸 162.216.149.230

🇨🇳 120.46.184.6

🇺🇸 109.105.209.7

🇺🇸 69.175.92.21

🇳🇱 45.148.10.151

🇬🇧 2.58.172.222

🇯🇵 156.227.232.198

🇩🇪 155.117.127.214

🇳🇱 89.21.67.181

🇩🇪 64.89.163.173

🇨🇳 58.215.186.186

🇮🇩 36.88.109.138

🇺🇸 35.212.96.153

🇲🇽 189.173.42.116

🇧🇷 186.251.213.132

🇳🇱 185.223.235.26