JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 84.52.6.253

84.52.6.253 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 100%: ?

100%

ISP	AS INFONET
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8728
Hostname(s)	dhcp-84-52-6-253.cable.infonet.ee
Domain Name	infonet.ee
Country	🇪🇪 Estonia
City	Tallinn, Harjumaa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 84.52.6.253

Whois 84.52.6.253

IP Abuse Reports for 84.52.6.253:

This IP address has been reported a total of 28 times from 18 distinct sources. 84.52.6.253 was first reported on June 16th 2026, and the most recent report was 15 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Baking333	2026-06-17 17:04:43 (15 hours ago)	[redacted] 84.52.6.253 - - [17/Jun/2026:18:04:40 +0100] "GET /.env HTTP/1.1" 302 5288 0/65806 "-" "M ... show more [redacted] 84.52.6.253 - - [17/Jun/2026:18:04:40 +0100] "GET /.env HTTP/1.1" 302 5288 0/65806 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" [redacted] 84.52.6.253 - - [17/Jun/2026:18:04:40 +0100] "GET / HTTP/1.1" 206 9038 0/182907 "https://[redacted]/.env" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" show less	Bad Web Bot Web App Attack
🇫🇷 Baking333	2026-06-17 11:58:50 (20 hours ago)	[redacted] 84.52.6.253 - - [17/Jun/2026:12:58:47 +0100] "GET /.env HTTP/1.1" 302 5288 0/94785 "-" "M ... show more [redacted] 84.52.6.253 - - [17/Jun/2026:12:58:47 +0100] "GET /.env HTTP/1.1" 302 5288 0/94785 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" [redacted] 84.52.6.253 - - [17/Jun/2026:12:58:48 +0100] "GET / HTTP/1.1" 206 12767 0/136337 "https://[redacted]/.env" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" show less	Bad Web Bot Web App Attack
🇬🇧 openstrike.co.uk	2026-06-17 05:13:58 (1 day ago)	2 attacks on env grabbing URLs: GET /.env HTTP/1.1	Hacking
🇺🇸 TPI-Abuse	2026-06-17 02:58:46 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 84.52.6.253 (dhcp-84-52-6-253.cable.infonet.ee) ... show more (mod_security) mod_security (id:210492) triggered by 84.52.6.253 (dhcp-84-52-6-253.cable.infonet.ee): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 22:58:38.409409 2026] [security2:error] [pid 20653:tid 20653] [client 84.52.6.253:13102] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "3fabgals.com"] [uri "/.env"] [unique_id "ajINXtNqnn-6wVKIDJgCRwAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 BlueWire Hosting	2026-06-17 02:57:04 (1 day ago)	Probing websites for vulnerabilities	Web App Attack
🇺🇸 dtorrer	2026-06-17 02:55:56 (1 day ago)	General vulnerability scan.	Port Scan
🇩🇪 Ba-Yu	2026-06-17 02:39:21 (1 day ago)	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇺🇸 MPL	2026-06-17 01:48:46 (1 day ago)	tcp/443 (12 or more attempts)	Port Scan
🇫🇷 Baking333	2026-06-17 01:10:37 (1 day ago)	[redacted] 84.52.6.253 - - [17/Jun/2026:02:10:35 +0100] "GET /.env HTTP/1.1" 302 5288 0/78810 "-" "M ... show more [redacted] 84.52.6.253 - - [17/Jun/2026:02:10:35 +0100] "GET /.env HTTP/1.1" 302 5288 0/78810 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" [redacted] 84.52.6.253 - - [17/Jun/2026:02:10:35 +0100] "GET / HTTP/1.1" 206 12767 0/178278 "https://[redacted]/.env" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" show less	Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-17 00:37:53 (1 day ago)	Abuse Detected (2)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 23:13:34 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 84.52.6.253 (dhcp-84-52-6-253.cable.infonet.ee) ... show more (mod_security) mod_security (id:210492) triggered by 84.52.6.253 (dhcp-84-52-6-253.cable.infonet.ee): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 19:13:26.767308 2026] [security2:error] [pid 27589:tid 27589] [client 84.52.6.253:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "365soft.top"] [uri "/.env"] [unique_id "ajHYljLryOO67K8SYte13AAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-06-16 22:55:13 (1 day ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 127	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 22:51:22 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 84.52.6.253 (dhcp-84-52-6-253.cable.infonet.ee) ... show more (mod_security) mod_security (id:210492) triggered by 84.52.6.253 (dhcp-84-52-6-253.cable.infonet.ee): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 18:51:16.981949 2026] [security2:error] [pid 20261:tid 20261] [client 84.52.6.253:28963] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "2massociatesllc.com"] [uri "/.env"] [unique_id "ajHTZJoI9v5e-4KQQaV5OQAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 22:34:35 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 84.52.6.253 (dhcp-84-52-6-253.cable.infonet.ee) ... show more (mod_security) mod_security (id:210492) triggered by 84.52.6.253 (dhcp-84-52-6-253.cable.infonet.ee): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 18:34:28.629345 2026] [security2:error] [pid 15314:tid 15314] [client 84.52.6.253:51706] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "247.fishing"] [uri "/.env"] [unique_id "ajHPdLC9uvD6M_mPe4kv2AAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 2000cn.com.au	2026-06-16 22:21:19 (1 day ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 220.135.183.95

🇨🇳 218.21.37.250

🇹🇼 198.235.24.74

🇨🇳 175.6.141.237

🇻🇳 171.244.141.86

🇳🇱 91.92.40.4

🇮🇹 81.57.15.243

🇩🇪 185.242.3.195

🇩🇪 164.90.225.210

🇳🇱 158.94.211.16

🇺🇸 129.121.102.3

🇨🇳 112.37.113.86

🇫🇷 92.103.134.183

🇳🇱 78.142.18.172

🇺🇸 64.62.156.64

🇨🇳 58.216.29.108

🇳🇱 45.148.10.151

🇳🇱 34.6.226.135

🇬🇧 193.32.209.235

🇨🇳 112.19.161.224