JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 192.109.200.215

192.109.200.215 was found in our database!

This IP was reported 1,691 times. Confidence of Abuse is 100%: ?

100%

ISP	Telco power Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS51396
Domain Name	telcopower.eu
Country	🇩🇪 Germany
City	Aachen, North Rhine-Westphalia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 192.109.200.215

Whois 192.109.200.215

IP Abuse Reports for 192.109.200.215:

This IP address has been reported a total of 1,691 times from 508 distinct sources. 192.109.200.215 was first reported on April 5th 2026, and the most recent report was 28 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 raph	2026-05-24 06:07:27 (1 week ago)	[PROTECTED PATHS] crawler credentials.ini, aws.ini, aws.yml, etc.	Bad Web Bot Web App Attack
🇧🇬 pa4080	2026-05-23 22:53:00 (1 week ago)	Detected by ModSecurity. Request URI: /.aws/credentials	Web App Attack
🇫🇷 SpaceHost-Server	2026-05-23 22:34:35 (1 week ago)		Brute-Force Web App Attack
🇬🇧 Smish	2026-05-23 21:25:07 (1 week ago)	HONEYPOT HIT --> Fail2ban time=1779571506 log=2026-05-23T22:25:06+01:00 ip=192.109.200.215 host=m3ls ... show more HONEYPOT HIT --> Fail2ban time=1779571506 log=2026-05-23T22:25:06+01:00 ip=192.109.200.215 host=m3lsl.ext.44net.co.uk method=GET uri="/_profiler/phpinfo" status=404 ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" ref="-" rid=59d7b730f7d577b9f0708791aae0365b show less	Web App Attack
🇿🇦 slartybartfast69420blazit	2026-05-23 20:36:25 (1 week ago)	Fail2ban picked up 192.109.200.215 attacking nginx	Web App Attack
🇩🇪 macrob	2026-05-23 20:22:50 (1 week ago)	2026/05/23 20:22:49 [error] 3380583#3380583: 251182392 access forbidden by rule, client: 192.109.20 ... show more 2026/05/23 20:22:49 [error] 3380583#3380583: 251182392 access forbidden by rule, client: 192.109.200.215, server: finami.es, request: "GET /.aws/credentials HTTP/2.0", host: "finami.es", referrer: "http://finami.es/.aws/credentials" 2026/05/23 20:22:49 [error] 3380583#3380583: 251182396 access forbidden by rule, client: 192.109.200.215, server: finami.es, request: "GET /.env HTTP/2.0", host: "finami.es", referrer: "http://finami.es/.env" 2026/05/23 20:22:49 [error] 3380580#3380580: 251181711 access forbidden by rule, client: 192.109.200.215, server: finami.es, request: "GET /.env.example HTTP/2.0", host: "finami.es", referrer: "http://finami.es/.env.example" ... show less	Web App Attack
🇺🇸 conrad10781	2026-05-23 20:05:40 (1 week ago)	nginx-4xx	Web App Attack
🇺🇸 Charlesiv	2026-05-23 20:00:47 (1 week ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: BLOCK ASN: 51396 (Pfcloud UG) Proto ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: BLOCK ASN: 51396 (Pfcloud UG) Protocol: HTTP/1.1 (GET method) Endpoint: / Timestamp: 2026-05-23T19:27:25Z Ray ID: a0067537b902b89c UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 show less	Bad Web Bot
Anonymous	2026-05-23 19:34:22 (1 week ago)	(caddyscan) Scanner path probe from 192.109.200.215 (NL/The Netherlands/-): 5 in the last 3600 secs; ... show more (caddyscan) Scanner path probe from 192.109.200.215 (NL/The Netherlands/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 192.109.200.215 - - [23/May/2026:18:51:45 +0000] "GET /.aws/credentials HTTP/1.1" [REDACTED] 200 2627 192.109.200.215 - - [23/May/2026:18:51:45 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 192.109.200.215 - - [23/May/2026:18:51:46 +0000] "GET /.env.example HTTP/1.1" [REDACTED] 200 2627 192.109.200.215 - - [23/May/2026:19:34:02 +0000] "GET /.aws/credentials HTTP/1.1" [REDACTED] 200 2627 192.109.200.215 - - [23/May/2026:19:34:18 +0000] "GET /.env.example HTTP/1.1" show less	Port Scan
🇺🇸 Rayulcifer	2026-05-23 19:30:18 (1 week ago)	192.109.200.215 - - [23/May/2026:14:30:16 -0500] "GET /admin/phpinfo.php HTTP/1.1" 301 459 "-" "Mozi ... show more 192.109.200.215 - - [23/May/2026:14:30:16 -0500] "GET /admin/phpinfo.php HTTP/1.1" 301 459 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇺🇸 zwebvigil	2026-05-23 19:28:58 (1 week ago)	192.109.200.215 [23/May/2026:12:28:57 -0700] "GET /phpinfo.php HTTP/1.1" 401 381 "-" port=64922 "Mo ... show more 192.109.200.215 [23/May/2026:12:28:57 -0700] "GET /phpinfo.php HTTP/1.1" 401 381 "-" port=64922 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" "-" "-" "<ipaddr>" 375 192.109.200.215 [23/May/2026:12:28:57 -0700] "GET /test.php HTTP/1.1" 401 381 "-" port=64922 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" "-" "-" "<ipaddr>" 277 192.109.200.215 [23/May/2026:12:28:57 -0700] "GET /_profiler/phpinfo HTTP/1.1" 401 381 "-" port=64922 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" "-" "-" "<ipaddr>" 334 192.109.200.215 [23/May/2026:12:28:57 -0700] "GET /info.php HTTP/1.1" 401 381 "-" port=64922 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" "-" "-" "<ipaddr>" show less	Web App Attack
🇩🇪 ger-stg-sifi1	2026-05-23 19:00:52 (1 week ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇩🇪 paissangroup	2026-05-23 18:31:19 (1 week ago)	Multiple WAF Violations	Web App Attack
🇫🇮 Kimmo Rieskaniemi	2026-05-23 18:10:58 (1 week ago)	CrowdSec triggered crowdsecurity/http-probing	Web App Attack Hacking
Anonymous	2026-05-23 17:28:50 (1 week ago)	(caddyscan) Scanner path probe from 192.109.200.215 (NL/The Netherlands/-): 5 in the last 3600 secs; ... show more (caddyscan) Scanner path probe from 192.109.200.215 (NL/The Netherlands/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 192.109.200.215 - - [23/May/2026:16:59:38 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 192.109.200.215 - - [23/May/2026:16:59:38 +0000] "GET /.env.example HTTP/1.1" [REDACTED] 200 2627 192.109.200.215 - - [23/May/2026:17:28:32 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 192.109.200.215 - - [23/May/2026:17:28:33 +0000] "GET /.env.example HTTP/1.1" [REDACTED] 200 2627 192.109.200.215 - - [23/May/2026:17:28:48 +0000] "GET /.env.backup HTTP/1.1" show less	Port Scan

Showing 196 to 210 of 1691 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 200.227.84.242

🇮🇪 63.33.62.100

🇷🇺 5.164.6.184

🇯🇵 216.246.11.152

🇨🇭 209.99.190.113

🇪🇨 157.100.199.45

🇰🇷 112.184.28.133

🇵🇱 104.164.172.100

🇩🇪 94.16.17.140

🇻🇳 14.248.147.188

🇹🇷 194.31.11.5

🇺🇸 172.182.211.16

🇮🇩 103.157.26.229

🇭🇰 65.181.88.245

🇰🇿 45.66.52.41

🇷🇴 193.46.255.157

🇰🇷 182.221.1.100

🇧🇷 177.53.247.76

🇺🇸 165.154.36.71

🇦🇷 131.196.82.161