JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 94.249.230.153

94.249.230.153 was found in our database!

This IP was reported 71 times. Confidence of Abuse is 100%: ?

100%

ISP	instantnode
Usage Type	Data Center/Web Hosting/Transit
ASN	AS49581
Hostname(s)	153.0-255.230.249.94.in-addr.arpa
Domain Name	ghostnet.de
Country	🇩🇪 Germany
City	Aachen, North Rhine-Westphalia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 94.249.230.153

Whois 94.249.230.153

IP Abuse Reports for 94.249.230.153:

This IP address has been reported a total of 71 times from 43 distinct sources. 94.249.230.153 was first reported on June 18th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-21 04:19:42 (1 week ago)	Fuzzing/Looking for credentials files.	Brute-Force Web App Attack
🇬🇧 andypiper	2026-06-21 01:00:47 (1 week ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇺🇸 directorioeducativo.com	2026-06-21 00:34:13 (1 week ago)	GET URL: "/.env"Agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"	Web App Attack
🇧🇷 Halux	2026-06-21 00:15:51 (1 week ago)	94.249.230.153 Probing protected path or service	Web App Attack
🇩🇪 LRob.fr	2026-06-20 22:45:03 (1 week ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇺🇸 jcbriar	2026-06-20 18:33:05 (1 week ago)	Searching for vulnerable scripts	Hacking Web App Attack
🇺🇸 dtorrer	2026-06-20 18:17:53 (1 week ago)	General vulnerability scan.	Port Scan
🇳🇱 wlt-blocker	2026-06-20 14:43:52 (1 week ago)	Unauthorized access to webpage admin	Web App Attack
🇫🇮 as211431.net	2026-06-20 14:36:05 (1 week ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /.env UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇩🇪 todix	2026-06-20 12:53:14 (1 week ago)	Web App Attack Exploid from 94.249.230.153	Web App Attack
🇺🇸 mccsoft.io	2026-06-20 11:20:09 (1 week ago)	Web application attack / vulnerability scanning. Source sent 1 HTTP request(s) (1 distinct paths) to ... show more Web application attack / vulnerability scanning. Source sent 1 HTTP request(s) (1 distinct paths) to our public nginx web server on TCP 80/443, probing blocked/sensitive paths; all returned HTTP 444 (connection closed by security rule, jail nginx-444). Sample requests: GET /.env. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36. Observed 2026-06-20 11:20:00 UTC. TCP handshake completed (requests fully received). Categories: Web App Attack / Bad Web Bot. show less	Bad Web Bot Web App Attack
🇦🇺 paulshipley.com.au	2026-06-20 10:47:09 (1 week ago)	[Sat Jun 20 20:47:08.627144 2026] [security2:error] [pid 787623] [client 94.249.230.153:37058] [clie ... show more [Sat Jun 20 20:47:08.627144 2026] [security2:error] [pid 787623] [client 94.249.230.153:37058] [client 94.249.230.153] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dance4fitness.com.au"] [uri "/.env"] [unique_id "ajZvrCjnLyJrwtNwR3BVhQAAAAE"] ... show less	Web App Attack
🇩🇪 FeG Deutschland	2026-06-20 09:44:54 (1 week ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇦🇺 2000cn.com.au	2026-06-20 07:31:35 (1 week ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
Anonymous	2026-06-20 06:35:46 (1 week ago)	94.249.230.153 - - [20/Jun/2026:06:35:45 +0000] "GET /.env HTTP/1.1" 404 7898 "-" "Mozilla/5.0 (Wind ... show more 94.249.230.153 - - [20/Jun/2026:06:35:45 +0000] "GET /.env HTTP/1.1" 404 7898 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" ... show less	Brute-Force Web App Attack

Showing 1 to 15 of 71 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 172.70.208.156

🇫🇷 85.217.140.25

🇨🇳 220.181.108.102

🇧🇷 186.207.159.137

🇩🇪 167.94.146.56

🇬🇧 139.59.173.98

🇦🇺 52.63.75.74

🇸🇬 35.187.231.181

🇺🇸 20.83.27.89

🇨🇳 220.167.233.38

🇳🇱 176.65.148.29

🇹🇭 159.192.132.36

🇸🇬 103.250.11.156

🇧🇩 103.4.145.50

🇬🇧 88.97.205.223

🇱🇻 81.30.98.158

🇺🇸 64.62.156.141

🇸🇬 47.236.196.154

🇨🇳 36.106.167.0

🇺🇸 20.102.115.195