JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 82.25.96.209

82.25.96.209 was found in our database!

This IP was reported 44 times. Confidence of Abuse is 100%: ?

100%

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS47583
Domain Name	netutils.io
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 82.25.96.209

Whois 82.25.96.209

IP Abuse Reports for 82.25.96.209:

This IP address has been reported a total of 44 times from 31 distinct sources. 82.25.96.209 was first reported on June 7th 2026, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-08 22:00:12 (4 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-07. show less	Web App Attack SSH Hacking
🇦🇺 AWW-Admin	2026-06-08 11:35:09 (4 days ago)	(mod_security) mod_security triggered on hostname [redacted] 82.25.96.209 (DE/Germany/-)	SQL Injection
🇺🇸 sandra361	2026-06-08 11:35:02 (4 days ago)	Port scan detected: 35 attempts across 1 ports (443). \| Evidence: GHOST_SCAN:IN=enp1s0 OUT= SRC=82.2 ... show more Port scan detected: 35 attempts across 1 ports (443). \| Evidence: GHOST_SCAN:IN=enp1s0 OUT= SRC=82.25.96.209 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=47397 DF PROTO=TCP SPT=32416 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 show less	Port Scan
🇷🇺 DZBOT	2026-06-08 11:20:51 (4 days ago)	DZBOT: Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 08:49:57 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 82.25.96.209 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 82.25.96.209 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 04:49:53.661148 2026] [security2:error] [pid 31196:tid 31216] [client 82.25.96.209:36726] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "omniuscorp.com"] [uri "/core/.env.save"] [unique_id "aiaCMaCie2Mfe5aFkGqtXQAAAVI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-08 08:37:37 (4 days ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇫🇷 masterguru	2026-06-08 07:54:34 (4 days ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-195)	Hacking Web App Attack
Anonymous	2026-06-08 06:50:01 (4 days ago)	suspicious request in access.log	Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 05:22:54 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 82.25.96.209 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 82.25.96.209 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 01:22:50.215161 2026] [security2:error] [pid 13136:tid 13136] [client 82.25.96.209:22868] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "elcalamo.com"] [uri "/api/.env.save"] [unique_id "aiZRqrUXJvlpSUESAsbNZwAAAF0"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Axel	2026-06-08 04:20:07 (5 days ago)	Blocked by Fail2Ban. Flagged by jail plesk-modsecurity \| UK-01	Exploited Host
Anonymous	2026-06-08 03:16:03 (5 days ago)	Bot / scanning and/or hacking attempts: GET /.env.save HTTP/1.1, GET /laravel/.env HTTP/1.1, GET /ba ... show more Bot / scanning and/or hacking attempts: GET /.env.save HTTP/1.1, GET /laravel/.env HTTP/1.1, GET /backend/.env HTTP/1.1, GET /dev/.env HTTP/1.1, GET /api/.env HTTP/1.1, GET /members/.env HTTP/1.1, GET /app/.env HTTP/1.1 show less	Hacking Web App Attack
🇳🇱 e.fierstra	2026-06-08 01:53:19 (5 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-08 01:24:07 (5 days ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-201)	Hacking Web App Attack
🇫🇷 ✨	2026-06-08 00:35:13 (5 days ago)	Domain : redirect.netenergy.uk Rule : env 2026-06-08 00:33:23 217.194.210.152 GET /laravel/.env - 44 ... show more Domain : redirect.netenergy.uk Rule : env 2026-06-08 00:33:23 217.194.210.152 GET /laravel/.env - 443 - 82.25.96.209 HTTP/1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 - crimpselfstorage.com 404 0 2 1526 233 51 - - show less	Hacking SQL Injection
🇺🇸 TPI-Abuse	2026-06-08 00:07:44 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 82.25.96.209 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 82.25.96.209 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 20:07:37.572688 2026] [security2:error] [pid 9754:tid 9754] [client 82.25.96.209:43080] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftwwx.com"] [uri "/core/.env"] [unique_id "aiYHyQHRDAR91uI73EaPsAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 44 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 203.245.41.180

🇺🇸 165.154.172.20

🇺🇸 147.185.132.111

🇺🇸 147.185.132.56

🇦🇺 123.209.108.106

🇫🇷 109.205.181.217

🇸🇬 103.187.147.214

🇺🇸 64.62.197.191

🇧🇷 45.205.1.69

🇭🇰 34.96.152.238

🇺🇸 216.25.89.88

🇧🇪 198.235.24.195

🇧🇷 177.54.62.68

🇹🇭 110.164.193.196

🇮🇹 78.134.49.171

🇲🇾 60.50.39.35

🇬🇧 35.203.210.203

🇺🇸 23.121.103.110

🇩🇪 194.88.98.90

🇧🇷 191.8.216.111