JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 82.211.9.164

82.211.9.164 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 0%: ?

ISP	firstcolo GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS44066
Domain Name	firstcolo.net
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 82.211.9.164

Whois 82.211.9.164

IP Abuse Reports for 82.211.9.164:

This IP address has been reported a total of 23 times from 10 distinct sources. 82.211.9.164 was first reported on September 11th 2025, and the most recent report was 8 months ago.

Old Reports: The most recent abuse report for this IP address is from 8 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2025-10-17 19:07:08 (8 months ago)	wordpress-trap	Web App Attack
🇺🇸 TPI-Abuse	2025-10-17 00:13:14 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 82.211.9.164 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 82.211.9.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 16 20:13:06.331337 2025] [security2:error] [pid 21601:tid 21601] [client 82.211.9.164:14111] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|macro-astrology.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "macro-astrology.com"] [uri "/1.sql"] [unique_id "aPGKEiXHCsncBIdEU_UfiQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2025-10-15 00:05:14 (8 months ago)	VM5 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2025-10-13 05:43:31 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 82.211.9.164 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 82.211.9.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 13 01:43:21.071985 2025] [security2:error] [pid 18063:tid 18063] [client 82.211.9.164:41189] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|sharawi-gum.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "sharawi-gum.com"] [uri "/wp-content/database.sql"] [unique_id "aOyRefX01ps0_HjuPLOf3gAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-13 04:52:50 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 82.211.9.164 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 82.211.9.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Oct 13 00:52:42.202010 2025] [security2:error] [pid 1644:tid 1644] [client 82.211.9.164:1239] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|oshadega.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "oshadega.com"] [uri "/wp-content/data.sql"] [unique_id "aOyFmv5sGJnWyrYE8kHaCwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Savvii	2025-10-12 13:28:26 (8 months ago)	21 attempts against mh_ha-misbehave-ban on iron	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-10-07 17:02:41 (8 months ago)	wordpress-trap	Web App Attack
🇮🇩 Burayot	2025-10-04 22:32:52 (8 months ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 82.211.9.164 (DE/Germany/-): 1 in th ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 82.211.9.164 (DE/Germany/-): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 Penny Packer	2025-10-04 14:53:59 (8 months ago)	Fail2Ban apache-tripwires	Web App Attack
Anonymous	2025-10-03 16:31:15 (8 months ago)	Failed login attempt detected by Fail2Ban in recidive jail	Brute-Force
Anonymous	2025-10-03 14:31:31 (8 months ago)	wordpress-trap	Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 22:46:42 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 82.211.9.164 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 82.211.9.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 18:41:58.583234 2025] [security2:error] [pid 18062:tid 18062] [client 82.211.9.164:14507] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nchsfootballgolfouting.com"] [uri "/backup/.env"] [unique_id "aN2uNuW8iMYfEOD9FAyQ3gAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Starburst SysOp Team	2025-10-01 22:41:52 (8 months ago)	(mod_security-custom) mod_security (id:210492) triggered by 82.211.9.164 (DE/Germany/Hesse/Frankfurt ... show more (mod_security-custom) mod_security (id:210492) triggered by 82.211.9.164 (DE/Germany/Hesse/Frankfurt am Main (Frankfurt am Main Ost)/-/[AS44066 DE-FIRSTCOLO firstcolo.net]): 1 in the last 3600 secs (0-srv1) show less	Hacking
🇺🇸 Penny Packer	2025-10-01 10:21:57 (8 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇺🇸 TPI-Abuse	2025-09-30 09:22:27 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 82.211.9.164 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 82.211.9.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Sep 30 05:22:22.233320 2025] [security2:error] [pid 31318:tid 31318] [client 82.211.9.164:17947] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|alsdepot.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "alsdepot.com"] [uri "/1.sql"] [unique_id "aNuhThnFSWp_pw0XJvX23gAAACo"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 223.84.239.151

🇩🇪 213.133.103.229

🇰🇷 211.223.107.86

🇦🇺 203.56.155.70

🇺🇸 193.202.87.236

🇩🇪 162.158.95.158

🇳🇬 152.32.140.39

🇭🇰 101.36.127.85

🇺🇸 66.132.195.22

🇭🇰 8.218.0.249

🇬🇧 2.57.17.56

🇫🇮 2.26.105.210

🇨🇱 200.111.163.110

🇺🇸 199.245.176.8

🇲🇰 185.193.240.246

🇺🇸 184.105.139.73

🇫🇮 147.185.133.179

🇺🇸 137.131.9.65

🇩🇪 69.5.169.226

🇺🇸 20.65.193.76