JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 45.94.209.196

45.94.209.196 was found in our database!

This IP was reported 221 times. Confidence of Abuse is 100%: ?

100%

ISP	Contabo GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS51167
Hostname(s)	vmi3338359.contaboserver.net
Domain Name	contabo.com
Country	🇫🇷 France
City	Lauterbourg, Grand Est

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 45.94.209.196

Whois 45.94.209.196

IP Abuse Reports for 45.94.209.196:

This IP address has been reported a total of 221 times from 134 distinct sources. 45.94.209.196 was first reported on June 1st 2026, and the most recent report was 11 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-03 15:05:38 (14 hours ago)	IncogNET WAF local CrowdSec decision. Scenario=crowdsecurity/http-cve-2021-41773; Action=ban; Events ... show more IncogNET WAF local CrowdSec decision. Scenario=crowdsecurity/http-cve-2021-41773; Action=ban; Events=1; Hosts=_; Paths=/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh; Country=FR; ASN=51167 Contabo GmbH show less	Hacking Web App Attack
Anonymous	2026-06-03 15:00:57 (14 hours ago)	[Wed Jun 03 17:00:56.607907 2026] [authz_core:error] [pid 600241] [client 45.94.209.196:40830] AH016 ... show more [Wed Jun 03 17:00:56.607907 2026] [authz_core:error] [pid 600241] [client 45.94.209.196:40830] AH01630: client denied by server configuration: /var/www/html/default/hello.world [Wed Jun 03 17:00:56.926154 2026] [authz_core:error] [pid 600241] [client 45.94.209.196:40830] AH01630: client denied by server configuration: /var/www/html/default/ [Wed Jun 03 17:00:56.997525 2026] [authz_core:error] [pid 600241] [client 45.94.209.196:40830] AH01630: client denied by server configuration: /var/www/html/default/vendor [Wed Jun 03 17:00:57.089622 2026] [authz_core:error] [pid 600241] [client 45.94.209.196:40830] AH01630: client denied by server configuration: /var/www/html/default/vendor [Wed Jun 03 17:00:57.311650 2026] [authz_core:error] [pid 600241] [client 45.94.209.196:40830] AH01630: client denied by server configuration: /var/www/html/default/vendor ... show less	Web App Attack
🇧🇪 Savvii	2026-06-03 14:06:49 (15 hours ago)	20 attempts against mh-ssh on escape	Brute-Force SSH
🇩🇪 iNetWorker	2026-06-03 13:31:19 (16 hours ago)	trying to access non-authorized port	Port Scan
🇩🇪 zupan	2026-06-03 13:12:28 (16 hours ago)	Blocked by UFW on vps [2222/tcp] \| SPT: 42485 \| TTL: 53 \| LEN: 40 \| TOS: 0x00 • Reported by: github. ... show more Blocked by UFW on vps [2222/tcp] \| SPT: 42485 \| TTL: 53 \| LEN: 40 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 bigscoots.com	2026-06-03 13:10:33 (16 hours ago)	(sshd) Failed SSH login from 45.94.209.196 (DE/Germany/vmi3338359.contaboserver.net): 5 in the last ... show more (sshd) Failed SSH login from 45.94.209.196 (DE/Germany/vmi3338359.contaboserver.net): 5 in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Jun 3 08:09:24 14214 sshd[14983]: Invalid user admin from 45.94.209.196 port 47846 Jun 3 08:09:26 14214 sshd[14983]: Failed password for invalid user admin from 45.94.209.196 port 47846 ssh2 Jun 3 08:09:57 14214 sshd[15122]: Invalid user orangepi from 45.94.209.196 port 35270 Jun 3 08:09:59 14214 sshd[15122]: Failed password for invalid user orangepi from 45.94.209.196 port 35270 ssh2 Jun 3 08:10:31 14214 sshd[15470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.94.209.196 user=root show less	Brute-Force SSH
🇩🇪 updown.io	2026-06-03 12:45:26 (16 hours ago)	2026-06-03T14:44:49.505839+02:00 db3.updn.io sshd[1941701]: Invalid user orangepi from 45.94.209.196 ... show more 2026-06-03T14:44:49.505839+02:00 db3.updn.io sshd[1941701]: Invalid user orangepi from 45.94.209.196 port 48630 2026-06-03T14:44:49.507842+02:00 db3.updn.io sshd[1941701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.94.209.196 2026-06-03T14:44:51.885332+02:00 db3.updn.io sshd[1941701]: Failed password for invalid user orangepi from 45.94.209.196 port 48630 ssh2 2026-06-03T14:45:23.932907+02:00 db3.updn.io sshd[1942289]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.94.209.196 user=root 2026-06-03T14:45:26.310621+02:00 db3.updn.io sshd[1942289]: Failed password for root from 45.94.209.196 port 41080 ssh2 ... show less	Brute-Force SSH
🇮🇩 Burayot	2026-06-03 12:45:22 (16 hours ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 45.94.209.196 (FR/France/vmi3338359 ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 45.94.209.196 (FR/France/vmi3338359.contaboserver.net): 1 in the last 3600 secs show less	Web App Attack
🇫🇷 vincent_EUDIER	2026-06-03 12:40:02 (16 hours ago)	ET EXPLOIT Apache HTTP Server 2.4.49 - Path Traversal Attempt (CVE-2021-41773) M2	Hacking
🇮🇪 AutosOnShow	2026-06-03 11:48:05 (17 hours ago)	blocked for webapp attack \| path requested: /index.php \| seen at 2026-06-03 11:47:36.790 \|	Web App Attack
🇦🇺 gregoo23	2026-06-03 10:20:42 (19 hours ago)	45.94.209.196 - - [03/Jun/2026:20:20:39 +1000] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2 ... show more 45.94.209.196 - - [03/Jun/2026:20:20:39 +1000] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 400 154 "-" "-" 45.94.209.196 - - [03/Jun/2026:20:20:40 +1000] "POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh HTTP/1.1" 400 154 "-" "-" 45.94.209.196 - - [03/Jun/2026:20:20:41 +1000] "POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 444 0 "-" "libredtail-http" ... show less	Bad Web Bot Web App Attack
🇺🇸 RAP	2026-06-03 10:19:28 (19 hours ago)	2026-06-03 10:19:28 UTC Unauthorized activity to TCP port 23. Telnet	Port Scan
🇹🇼 kk_it_man	2026-06-03 09:43:01 (19 hours ago)	ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 ET EXPLOIT Apache HTTP ... show more ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 ET EXPLOIT Apache HTTP Server 2.4.49 - Path Traversal Attempt (CVE-2021-41773) M2 ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt ET WEB_SERVER Generic PHP Remote File Include ET WEB_SERVER PHP tags in HTTP POST ET WEB_SERVER PHP.//Input in HTTP POST ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body ET WEB_SERVER ThinkPHP RCE Exploitation Attempt ET WEB_SERVER allow_url_include PHP config option in uri ET WEB_SERVER auto_prepend_file PHP config option in uri ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) GPL WEB_SERVER 403 Forbidden show less	Port Scan
🇳🇱 kbkb	2026-06-03 09:32:55 (20 hours ago)	CrowdSec detection: crowdsecurity/http-cve-2021-41773	Brute-Force SSH
🇳🇱 JCB	2026-06-03 09:00:00 (20 hours ago)	45.94.209.196 - - [03/Jun/2026:10:03:05 +0300] "POST /cgi-bin/../../../../../../../../../../bin/sh H ... show more 45.94.209.196 - - [03/Jun/2026:10:03:05 +0300] "POST /cgi-bin/../../../../../../../../../../bin/sh HTTP/1.1" 400 266 "-" "libredtail-http" ... show less	Web App Attack Hacking

Showing 31 to 45 of 221 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 191.240.37.46

🇮🇳 59.180.177.71

🇺🇸 205.210.31.45

🇹🇭 202.29.236.76

🇱🇧 185.187.131.138

🇨🇳 180.153.236.40

🇨🇳 180.100.198.68

🇮🇩 103.191.14.210

🇺🇸 68.82.210.87

🇺🇸 66.132.195.102

🇨🇳 61.153.184.151

🇺🇸 47.77.227.187

🇳🇱 34.7.166.56

🇨🇳 222.95.168.20

🇬🇧 193.163.125.117

🇦🇷 190.181.101.216

🇨🇳 175.19.75.2

🇺🇸 107.172.204.15

🇮🇩 103.195.31.156

🇺🇸 91.230.168.102