JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 95.111.240.214

95.111.240.214 was found in our database!

This IP was reported 81 times. Confidence of Abuse is 100%: ?

100%

ISP	Contabo GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS51167
Hostname(s)	vmi3229296.contaboserver.net
Domain Name	contabo.com
Country	🇫🇷 France
City	Lauterbourg, Grand Est

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 95.111.240.214

Whois 95.111.240.214

IP Abuse Reports for 95.111.240.214:

This IP address has been reported a total of 81 times from 65 distinct sources. 95.111.240.214 was first reported on June 3rd 2026, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 micropedro	2026-06-17 15:30:49 (4 days ago)	4 incidents: malicious activity. First: 2026-06-10 10:30, Last: 2026-06-17 11:30 UTC. Triggers: ufw- ... show more 4 incidents: malicious activity. First: 2026-06-10 10:30, Last: 2026-06-17 11:30 UTC. Triggers: ufw-repeater. show less	Port Scan
🇺🇸 Dave Hansen	2026-06-11 21:55:04 (1 week ago)	(mod_security) mod_security triggered on hostname [redacted] 95.111.240.214 (FR/France/vmi3229296.co ... show more (mod_security) mod_security triggered on hostname [redacted] 95.111.240.214 (FR/France/vmi3229296.contaboserver.net) show less	SQL Injection
Anonymous	2026-06-11 18:57:16 (1 week ago)	95.111.240.214 - - [11/Jun/2026:18:57:10 +0000] "GET /wp-config.php HTTP/1.1" 404 4077 "-" "Mozilla/ ... show more 95.111.240.214 - - [11/Jun/2026:18:57:10 +0000] "GET /wp-config.php HTTP/1.1" 404 4077 "-" "Mozilla/5.0 (compatible)" "-" 95.111.240.214 - - [11/Jun/2026:18:57:10 +0000] "GET /wp-config.php.bak HTTP/1.1" 404 4081 "-" "Mozilla/5.0 (compatible)" "-" 95.111.240.214 - - [11/Jun/2026:18:57:10 +0000] "GET /wp-config.php.save HTTP/1.1" 404 4082 "-" "Mozilla/5.0 (compatible)" "-" 95.111.240.214 - - [11/Jun/2026:18:57:10 +0000] "GET /wp-config.php~ HTTP/1.1" 404 4081 "-" "Mozilla/5.0 (compatible)" "-" 95.111.240.214 - - [11/Jun/2026:18:57:10 +0000] "GET /wp-config.php.dist HTTP/1.1" 404 4081 "-" "Mozilla/5.0 (compatible)" "-" 95.111.240.214 - - [11/Jun/2026:18:57:10 +0000] "GET /wp-config.php.orig HTTP/1.1" 404 4080 "-" "Mozilla/5.0 (compatible)" "-" 95.111.240.214 - - [11/Jun/2026:18:57:10 +0000] "GET /wp-config.php.old HTTP/1.1" 404 4083 "-" "Mozilla/5.0 (compatible)" "-" 95.111.240.214 - - [11/Jun/2026:18:57:15 +0000] "GET /app/etc/env.php HTTP/1.1" 404 4081 "-" "Mozilla/5.0 (compatible)" "- ... show less	Port Scan Brute-Force
🇬🇧 Axel	2026-06-11 17:40:02 (1 week ago)	Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /.env.example ... show more Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /.env.example Server: UK-01 show less	Web App Attack Hacking SQL Injection
🇩🇪 HoneyPotFRI	2026-06-11 17:31:27 (1 week ago)	95.111.240.214 - - [11/Jun/2026:19:31:11 +0200] "GET /.env HTTP/1.1" 404 125 "-" "Mozilla/5.0 (compa ... show more 95.111.240.214 - - [11/Jun/2026:19:31:11 +0200] "GET /.env HTTP/1.1" 404 125 "-" "Mozilla/5.0 (compatible)" 95.111.240.214 [redacted] (51167-Contabo GmbH France Lauterbourg) - - [11/Jun/2026:19:31:1 ... show less	Bad Web Bot Web App Attack
🇬🇧 Oakley	2026-06-11 17:02:13 (1 week ago)	(confirmed_bot_sig) Confirmed bot	Hacking
🇩🇪 Ano_Nym	2026-06-11 15:54:16 (1 week ago)	CrowdSec IDS alert on VPS 217.154.115.19 (DE). Scenario: crowdsecurity/http-probing	Web App Attack
🇩🇪 barbarella	2026-06-11 15:35:20 (1 week ago)	Multiple (6) times attack on http port 80: Configuration snooping in .env file (GET /.env) 17:35: ... show more Multiple (6) times attack on http port 80: Configuration snooping in .env file (GET /.env) 17:35:22 Configuration snooping in .env file (GET /.env.example) 17:35:39 Hacking attempt of vulnerable PHP Script (GET /wp-config.php) 17:35:43 Configuration snooping (GET /config/database.yml) 17:35:44 Hacking attempt (GET /sites/default/settings.php) 17:37:02 Configuration snooping (GET /.git/head) show less	Hacking Web App Attack
🇩🇪 barbarella	2026-06-11 14:29:10 (1 week ago)	Multiple (7) times attack on http port 80: Configuration snooping in .env file (GET /.env) 14:29: ... show more Multiple (7) times attack on http port 80: Configuration snooping in .env file (GET /.env) 14:29:12 Configuration snooping in .env file (GET /.env.example) 14:29:13 Configuration snooping in .env file (GET /.env.development) 14:30:07 scanning for exposed directories (GET /includes/config.php) 14:30:07 Configuration snooping (GET /include/config.php) 14:30:31 Configuration snooping (GET /.git/HEAD) 14:30:32 Configuration snooping (GET /.git/head) show less	Hacking Web App Attack
🇺🇸 xxkodedxx	2026-06-11 13:57:14 (1 week ago)	[Zorvexus edge-defense] Edge-block (probe URI / bad UA / hostile vhost) Trigger: 2× edge-block in 10 ... show more [Zorvexus edge-defense] Edge-block (probe URI / bad UA / hostile vhost) Trigger: 2× edge-block in 10m window. Origin: DE / AS51167 Contabo GmbH Active: 13:56:46→13:56:53 UTC Volume: 2 HTTP req Probed: /compose.yml, /docker-compose.override.yml Status mix: 444×2 Vhost fishing: 67.217.240.72 UA: "Mozilla/5.0 (compatible)" Auto-banned 30d. zorvexus-banner. show less	Bad Web Bot Web App Attack
🇺🇸 markawes	2026-06-11 13:50:33 (1 week ago)	[SynFast] Auto banned by Fail2Ban. Reason: Web vulnerability scan detected. Evidence: 95.111.240.21 ... show more [SynFast] Auto banned by Fail2Ban. Reason: Web vulnerability scan detected. Evidence: 95.111.240.214 - - [11/Jun/2026:13:50:32 +0000] "GET /.env HTTP/1.1" 404 134 "-" "Mozilla/5.0 (compatible)" 95.111.240.214 - - [11/Jun/2026:13:50:32 +0000] "GET /.env.production HTTP/1.1" 404 134 "-" "Mozilla/5.0 (compatible)" show less	Web App Attack Port Scan
🇩🇪 Ano_Nym	2026-06-11 11:05:15 (1 week ago)	CrowdSec IDS alert on VPS 217.154.115.19 (DE). Scenario: crowdsecurity/http-sensitive-files	Web App Attack
🇩🇪 pcpiefke	2026-06-11 10:42:32 (1 week ago)	(mod_security) mod_security triggered on hostname [redacted] 95.111.240.214 (FR/France/vmi3229296.co ... show more (mod_security) mod_security triggered on hostname [redacted] 95.111.240.214 (FR/France/vmi3229296.contaboserver.net) show less	SQL Injection
🇩🇪 Phenix Info	2026-06-11 10:40:04 (1 week ago)	SmallGuard.fr/Prestashop Forbidden Ext.	Web App Attack
Anonymous	2026-06-11 08:07:35 (1 week ago)	95.111.240.214 detected on srv01	Port Scan

Showing 1 to 15 of 81 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 221.12.37.6

🇳🇱 176.65.139.181

🇯🇴 176.29.31.126

🇹🇷 131.222.251.148

🇺🇸 2604:a880:400:d1:0:4:9e83:6001

🇺🇸 216.180.246.23

🇷🇺 176.103.91.63

🇺🇸 159.223.159.115

🇺🇸 104.140.145.148

🇳🇱 91.92.40.5

🇫🇷 85.217.140.46

🇺🇸 74.235.188.96

🇯🇲 72.27.82.41

🇺🇸 70.115.138.167

🇪🇨 66.231.71.50

🇧🇷 45.7.194.123

🇧🇷 45.4.110.237

🇰🇷 1.214.214.114

🇸🇮 193.2.241.134

🇲🇾 183.171.148.171