JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 95.216.39.43

95.216.39.43 was found in our database!

This IP was reported 171 times. Confidence of Abuse is 100%: ?

100%

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Hostname(s)	static.43.39.216.95.clients.your-server.de
Domain Name	hetzner.com
Country	🇫🇮 Finland
City	Helsinki, Uusimaa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 95.216.39.43

Whois 95.216.39.43

IP Abuse Reports for 95.216.39.43:

This IP address has been reported a total of 171 times from 91 distinct sources. 95.216.39.43 was first reported on May 19th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-25 17:03:53 (1 day ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: FI, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: FI, Attack patterns: WordPress scanning, Backup file probing, Cloud secrets probing show less	Bad Web Bot Web App Attack
Anonymous	2026-06-24 17:03:51 (2 days ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: FI, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: FI, Attack patterns: WordPress scanning, Backup file probing, Cloud secrets probing show less	Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-24 17:01:26 (2 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇫🇮 sw0ok	2026-06-24 16:32:21 (2 days ago)	time="2026-06-24T16:32:18Z" level=info msg="Access to https://portainer.sw0ok.dev/_rNd9xZ7kL3 (metho ... show more time="2026-06-24T16:32:18Z" level=info msg="Access to https://portainer.sw0ok.dev/_rNd9xZ7kL3 (method GET) is not authorized to user <anonymous>, responding with status code 302 with location redirect to https://auth.sw0ok.dev/?rd=https%3A%2F%2Fportainer.sw0ok.dev%2F_rNd9xZ7kL3&rm=GET" method=GET path=/api/authz/forward-auth remote_ip=95.216.39.43 time="2026-06-24T16:32:20Z" level=info msg="Access to https://portainer.sw0ok.dev/ (method GET) is not authorized to user <anonymous>, responding with status code 302 with location redirect to https://auth.sw0ok.dev/?rd=https%3A%2F%2Fportainer.sw0ok.dev%2F&rm=GET" method=GET path=/api/authz/forward-auth remote_ip=95.216.39.43 time="2026-06-24T16:32:20Z" level=info msg="Access to https://portainer.sw0ok.dev/robots.txt (method GET) is not authorized to user <anonymous>, responding with status code 302 with location redirect to https://auth.sw0ok.dev/?rd=https%3A%2F%2Fportainer.sw0ok.dev%2Frobots.txt&rm=GET" method=GET path=/api/authz/forward-au ... show less	Brute-Force
🇩🇪 FeG Deutschland	2026-06-24 15:11:23 (2 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1247	Exploited Host Web App Attack
🇩🇪 webanyone	2026-06-24 14:45:35 (2 days ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇩🇪 strxmpp	2026-06-24 13:58:52 (3 days ago)	95.216.39.43 - - [24/Jun/2026:15:58:51 +0200] "HEAD /.continue/config.json HTTP/1.1" 404 4502 "-" "M ... show more 95.216.39.43 - - [24/Jun/2026:15:58:51 +0200] "HEAD /.continue/config.json HTTP/1.1" 404 4502 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ChatGPT-User/1.0; +https://openai.com/bot)" ... show less	Bad Web Bot
Anonymous	2026-06-24 13:53:03 (3 days ago)	[24/Jun/2026:13:53:02 +0000] host=test.lovelyrender.com server=test.lovelyrender.com ip=95.216.39.43 ... show more [24/Jun/2026:13:53:02 +0000] host=test.lovelyrender.com server=test.lovelyrender.com ip=95.216.39.43 method=HEAD req=/wp-config.php.bak uri=/index.php status=404 bytes=0 rt=0.029 urt=0.029 ref="-" ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36" ... show less	Web App Attack Bad Web Bot
🇬🇧 OptimusGO	2026-06-24 12:25:01 (3 days ago)	Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Time ... show more Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Timestamp: 2026-06-24 13:25:01 UTC Log evidence: 06/24/2026-13:25:00.522606 [] [1:9000060:2] AUTONOMOUS Long-term Reconnaissance [] [Classification: (null)] [Priority: 2] {TCP} 95.216.39.43:55272 -> 185.127.18.66:443 06/24/2026-13:25:00.520384 [wDrop] [] [1:7000500:1] FINSERV CRITICAL: Aggressive Port Scan [] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 95.216.39.43:55230 -> 185.127.18.66:443 show less	Port Scan Brute-Force
🇮🇹 Inartis	2026-06-24 12:03:22 (3 days ago)	95.216.39.43 - - [24/Jun/2026:14:03:20 +0200] "GET /.env.bak HTTP/1.1" 403 5495 "https://www.google. ... show more 95.216.39.43 - - [24/Jun/2026:14:03:20 +0200] "GET /.env.bak HTTP/1.1" 403 5495 "https://www.google.com/search?q=evw2024.it" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ChatGPT-User/1.0; +https://openai.com/bot)" 95.216.39.43 - - [24/Jun/2026:14:03:20 +0200] "GET /.env.save HTTP/1.1" 403 5495 "-" "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.6422.113 Mobile Safari/537.36" 95.216.39.43 - - [24/Jun/2026:14:03:20 +0200] "GET /.env.production.local HTTP/1.1" 403 5495 "https://www.google.com/search?q=evw2024.it" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ... show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 alecj.com	2026-06-24 11:36:13 (3 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/appsec-vpatch	Web App Attack
🇫🇷 mrcrassi	2026-06-24 11:20:43 (3 days ago)	Triggered Cloudflare WAF (botFight) from FI. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (HEA ... show more Triggered Cloudflare WAF (botFight) from FI. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (HEAD method) Endpoint: /.env.local UA: Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇷🇺 SeMPaI	2026-06-24 11:04:15 (3 days ago)	[[hidden by err]] NginxScanWarning found some malicious activity from 95.216.39.43,level=clear, tags ... show more [[hidden by err]] NginxScanWarning found some malicious activity from 95.216.39.43,level=clear, tags=invalid. Line='95.216.39.43 - - [24/Jun/2026:14:04:14 +0300] "GET /_rNd9xZ7kL3 HTTP/1.1" 403 180 "https://www.google.com/search?q=git.catgirllover.ru" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"', soreason=blacklist show less	Port Scan Web App Attack
🇮🇩 Burayot	2026-06-24 09:41:54 (3 days ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 95.216.39.43 (FI/Finland/static.43.3 ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 95.216.39.43 (FI/Finland/static.43.39.216.95.clients.your-server.de): 2 in the last 3600 secs show less	Web App Attack
🇩🇪 BlueWire Hosting	2026-06-24 08:38:08 (3 days ago)	Probing websites for vulnerabilities	Web App Attack SQL Injection

Showing 1 to 15 of 171 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 187.251.132.2

🇺🇸 162.216.149.172

🇰🇷 115.68.226.131

🇺🇸 79.127.217.40

🇩🇪 167.99.129.241

🇳🇱 160.119.71.136

🇺🇸 44.212.131.50

🇨🇳 36.33.167.165

🇺🇸 17.22.245.70

🇻🇳 2402:800:6172:d24d:349d:80f3:c7f4:1084

🇩🇪 207.241.172.103

🇹🇳 197.5.145.114

🇰🇷 175.119.225.68

🇨🇳 113.125.165.132

🇩🇪 46.249.98.62

🇺🇸 20.163.60.204

🇨🇦 216.26.239.80

🇷🇴 193.32.162.84

🇺🇸 168.62.22.54

🇮🇩 114.122.36.177