JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 95.217.139.139

95.217.139.139 was found in our database!

This IP was reported 35 times. Confidence of Abuse is 44%: ?

44%

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Hostname(s)	fred.netvaz.com
Domain Name	hetzner.com
Country	🇫🇮 Finland
City	Helsinki, Uusimaa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 95.217.139.139

Whois 95.217.139.139

IP Abuse Reports for 95.217.139.139:

This IP address has been reported a total of 35 times from 25 distinct sources. 95.217.139.139 was first reported on April 23rd 2026, and the most recent report was 6 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇷 setupgr	2026-06-18 16:09:31 (6 hours ago)	(mod_security) mod_security (id:900001) triggered by 95.217.139.139 (FI/Finland/Uusimaa/Helsinki/-/[ ... show more (mod_security) mod_security (id:900001) triggered by 95.217.139.139 (FI/Finland/Uusimaa/Helsinki/-/[AS24940 HETZNER-AS]): 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Thu Jun 18 19:09:30.266820 2026] [security2:error] [pid 3299840:tid 3299878] [remote 95.217.139.139:53798] ModSecurity: Access denied with code 403 (phase 1). Match of "rx ^(www\\\\.)?(pankoskal\\\\.gr\|sea-sound\\\\.com)$" against "REQUEST_HEADERS:Host" required. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "75"] [id "900001"] [msg "Blocked WP Login attempt on domain: ftiaxtomonosou.gr"] [severity "CRITICAL"] [tag "security"] [hostname "ftiaxtomonosou.gr"] [uri "/wp-login.php"] [unique_id "ajQYOs_FiMTLiRjcoVqFlAABQgs"] show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-02 01:15:38 (2 weeks ago)	(mod_security) mod_security (id:225170) triggered by 95.217.139.139 (fred.netvaz.com): 1 in the last ... show more (mod_security) mod_security (id:225170) triggered by 95.217.139.139 (fred.netvaz.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 21:15:35.130586 2026] [security2:error] [pid 16814:tid 16814] [client 95.217.139.139:56378] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|lightningbug.farm\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "lightningbug.farm"] [uri "/wp-json/wp/v2/users/me"] [unique_id "ah4ut1ghD2xX_CVP076tNgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-05-31 08:58:54 (2 weeks ago)	(modsec_5040) ModSec 5040: API Basic Auth blocked from 95.217.139.139 (FI/Finland/fred.netvaz.com): ... show more (modsec_5040) ModSec 5040: API Basic Auth blocked from 95.217.139.139 (FI/Finland/fred.netvaz.com): 1 in the last 3600 secs (0-196) show less	Hacking
🇦🇺 MAGIC	2026-05-31 00:27:23 (2 weeks ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 nationaleventpros.com	2026-05-10 08:04:47 (1 month ago)	WordPress login attempt	Brute-Force
🇩🇪 FeG Deutschland	2026-05-09 14:37:00 (1 month ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇫🇷 tecnicorioja	2026-05-05 22:01:16 (1 month ago)	wp-login attack [05/May/2026:11:12:40	Brute-Force Web App Attack
Anonymous	2026-05-05 20:17:58 (1 month ago)	Reconnaissance – Login Page Scan	Web App Attack
🇲🇹 Malta	2026-05-04 20:51:22 (1 month ago)	95.217.139.139 - - [04/May/2026:22:51:22 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT ... show more 95.217.139.139 - - [04/May/2026:22:51:22 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36 Edge/15.15063" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
🇺🇸 lostswordfish.com	2026-05-04 16:28:06 (1 month ago)	Wordfence waf block on floridaactioncommittee	Web App Attack
🇲🇹 Malta	2026-05-03 11:16:46 (1 month ago)	95.217.139.139 - - [03/May/2026:13:16:46 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows ... show more 95.217.139.139 - - [03/May/2026:13:16:46 +0200] "POST /wp-login.php HTTP/1.1" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; LCJB; rv:11.0) like Gecko" show less	Hacking Web App Attack
🇬🇧 andypiper	2026-05-03 01:00:26 (1 month ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇺🇸 NicoID	2026-05-03 00:16:27 (1 month ago)	95.217.139.139 - - [02/May/2026:04:09:57 -0600] "GET /wp-login.php HTTP/2.0" 200 2488 "-" "Mozilla/4 ... show more 95.217.139.139 - - [02/May/2026:04:09:57 -0600] "GET /wp-login.php HTTP/2.0" 200 2488 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; Tablet PC 2.0)" ... show less	Brute-Force
🇺🇸 dtorrer	2026-05-02 09:06:10 (1 month ago)	Brute-force general attack.	Brute-Force
🇲🇹 Malta	2026-05-02 01:43:13 (1 month ago)	95.217.139.139 - - [02/May/2026:03:43:12 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT ... show more 95.217.139.139 - - [02/May/2026:03:43:12 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; MASBJS; rv:11.0) like Gecko" Brute-force password attempt show less	Hacking Web App Attack Brute-Force

Showing 1 to 15 of 35 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 183.251.241.84

🇱🇻 87.110.90.3

🇳🇱 45.148.10.157

🇧🇷 186.233.118.22

🇷🇺 178.178.222.53

🇫🇮 172.217.37.152

🇺🇸 156.232.13.218

🇳🇱 138.226.239.11

🇩🇪 87.106.118.51

🇺🇸 66.132.172.131

🇲🇾 47.250.161.217

🇺🇸 20.168.0.46

🇲🇽 187.191.48.23

🇺🇸 162.216.150.107

🇺🇸 162.216.149.27

🇱🇹 81.30.98.158

🇳🇱 45.148.10.141

🇬🇧 35.203.210.156

🇺🇸 172.202.105.96

🇺🇸 52.167.144.190