JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 94.249.230.151

94.249.230.151 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 63%: ?

63%

ISP	instantnode
Usage Type	Data Center/Web Hosting/Transit
ASN	AS49581
Hostname(s)	151.0-255.230.249.94.in-addr.arpa
Domain Name	ghostnet.de
Country	🇩🇪 Germany
City	Aachen, North Rhine-Westphalia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 94.249.230.151

Whois 94.249.230.151

IP Abuse Reports for 94.249.230.151:

This IP address has been reported a total of 20 times from 10 distinct sources. 94.249.230.151 was first reported on June 18th 2026, and the most recent report was 8 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 Halux	2026-06-19 00:34:54 (8 minutes ago)	94.249.230.151 Probing protected path or service	Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 00:25:37 (17 minutes ago)	(mod_security) mod_security (id:210492) triggered by 94.249.230.151 (151.0-255.230.249.94.in-addr.ar ... show more (mod_security) mod_security (id:210492) triggered by 94.249.230.151 (151.0-255.230.249.94.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 20:25:34.725771 2026] [security2:error] [pid 13407:tid 13407] [client 94.249.230.151:52172] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "askthetarotcards.com"] [uri "/.env"] [unique_id "ajSMfvRyqfka54dunfaCJwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 23:59:00 (44 minutes ago)	(mod_security) mod_security (id:210492) triggered by 94.249.230.151 (151.0-255.230.249.94.in-addr.ar ... show more (mod_security) mod_security (id:210492) triggered by 94.249.230.151 (151.0-255.230.249.94.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 19:58:53.994894 2026] [security2:error] [pid 3595:tid 3595] [client 94.249.230.151:46922] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "asiabeef.network"] [uri "/.env"] [unique_id "ajSGPa3eix5FlG_dmOXacwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-18 23:40:18 (1 hour ago)	94.249.230.151 - - [18/Jun/2026:23:40:18 +0000] "GET /.env HTTP/1.1" 404 34470 "-" "Mozilla/5.0 (Win ... show more 94.249.230.151 - - [18/Jun/2026:23:40:18 +0000] "GET /.env HTTP/1.1" 404 34470 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" ... show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 23:22:42 (1 hour ago)	(mod_security) mod_security (id:210492) triggered by 94.249.230.151 (151.0-255.230.249.94.in-addr.ar ... show more (mod_security) mod_security (id:210492) triggered by 94.249.230.151 (151.0-255.230.249.94.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 19:22:37.447377 2026] [security2:error] [pid 26673:tid 26673] [client 94.249.230.151:40720] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aschmidtconsulting.com"] [uri "/.env"] [unique_id "ajR9vcp7eoVl1-kU_Q-U6AAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Smish	2026-06-18 23:01:47 (1 hour ago)	HONEYPOT HIT --> Fail2ban time=1781823705 log=2026-06-19T00:01:45+01:00 ip=94.249.230.151 host=as210 ... show more HONEYPOT HIT --> Fail2ban time=1781823705 log=2026-06-19T00:01:45+01:00 ip=94.249.230.151 host=as210667.net method=GET uri="/.env" status=404 ua="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" ref="-" rid=b6344461f3eb8518644413c50b8524f7 show less	Web App Attack
🇬🇧 pinguin	2026-06-18 23:01:40 (1 hour ago)	Triggered Cloudflare WAF (firewallManaged) from DE. Action taken: BLOCK Protocol: HTTP/1.1 (GET meth ... show more Triggered Cloudflare WAF (firewallManaged) from DE. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /.env UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-18 22:58:12 (1 hour ago)	(mod_security) mod_security (id:210492) triggered by 94.249.230.151 (151.0-255.230.249.94.in-addr.ar ... show more (mod_security) mod_security (id:210492) triggered by 94.249.230.151 (151.0-255.230.249.94.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 18:58:04.739351 2026] [security2:error] [pid 8795:tid 8795] [client 94.249.230.151:52120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arzoma.com"] [uri "/.env"] [unique_id "ajR3_BaZRyR8m4e55mm3zwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 DZBOT	2026-06-18 22:56:03 (1 hour ago)	DZBOT: Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 22:39:57 (2 hours ago)	(mod_security) mod_security (id:210492) triggered by 94.249.230.151 (151.0-255.230.249.94.in-addr.ar ... show more (mod_security) mod_security (id:210492) triggered by 94.249.230.151 (151.0-255.230.249.94.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 18:39:53.942694 2026] [security2:error] [pid 15838:tid 15838] [client 94.249.230.151:54200] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "artsun.art"] [uri "/.env"] [unique_id "ajRzuVDHBVffnYNZD8-VDQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-18 21:59:44 (2 hours ago)	Auto-ban: >3000 req/min op 2026-06-18	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-06-18 21:57:29 (2 hours ago)	(mod_security) mod_security (id:210492) triggered by 94.249.230.151 (151.0-255.230.249.94.in-addr.ar ... show more (mod_security) mod_security (id:210492) triggered by 94.249.230.151 (151.0-255.230.249.94.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 17:57:21.920754 2026] [security2:error] [pid 22768:tid 22768] [client 94.249.230.151:50332] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arteseros.com"] [uri "/.env"] [unique_id "ajRpwYrqfd8pjKYTw_GLlQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 21:42:04 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 94.249.230.151 (151.0-255.230.249.94.in-addr.ar ... show more (mod_security) mod_security (id:210492) triggered by 94.249.230.151 (151.0-255.230.249.94.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 17:41:59.258211 2026] [security2:error] [pid 9956:tid 9956] [client 94.249.230.151:42598] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "artaria.us"] [uri "/.env"] [unique_id "ajRmJ8UwQItMEcgc6MKfKQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 21:20:42 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 94.249.230.151 (151.0-255.230.249.94.in-addr.ar ... show more (mod_security) mod_security (id:210492) triggered by 94.249.230.151 (151.0-255.230.249.94.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 17:20:35.234983 2026] [security2:error] [pid 27055:tid 27055] [client 94.249.230.151:54884] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arrasmithquill.com"] [uri "/.env"] [unique_id "ajRhI-3h7lJnQBuODWgdwgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 20:55:44 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 94.249.230.151 (151.0-255.230.249.94.in-addr.ar ... show more (mod_security) mod_security (id:210492) triggered by 94.249.230.151 (151.0-255.230.249.94.in-addr.arpa): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 16:55:38.257655 2026] [security2:error] [pid 3240:tid 3240] [client 94.249.230.151:33808] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "armorcorp.com"] [uri "/.env"] [unique_id "ajRbSmMQy2Hbe1Ls9FZ7SQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 210.113.178.135

🇸🇬 172.70.143.228

🇩🇪 167.94.146.47

🇧🇪 158.173.67.158

🇺🇸 132.196.94.33

🇩🇪 130.12.180.196

🇺🇸 72.240.125.133

🇮🇷 185.213.165.138

🇷🇴 141.98.83.240

🇨🇳 116.179.32.144

🇭🇰 101.36.108.191

🇳🇱 91.92.42.19

🇬🇧 35.203.210.136

🇰🇷 14.63.196.175

🇧🇪 198.235.24.211

🇮🇳 182.95.185.142

🇧🇷 179.49.95.30

🇨🇦 174.113.16.27

🇹🇭 147.50.103.212

🇺🇸 135.237.126.244