Dear Hetzner Abuse Team,
I would like to report abusive activity originating from one of your IP
addresses.
*Source IP:*5.9.218.173
*Network:*5.9.218.168 – 5.9.218.175 (AS24940)
*Date/time:*January 2026 (UTC, exact timestamps available)
The IP was generating a high volume of automated HTTP requests against
our production website, including repeated POST requests to application
endpoints, clearly consistent with an automated
application-layer attack / vulnerability scanning activity.
This traffic:
*
was not legitimate user or crawler behavior,
*
caused increased error rates in the application,
*
originated from a Hetzner-hostedzencja-hosted VPS,
*
was mitigated by blocking the IP address.
We can provide access log excerpts, timestamps, and request samples if
needed.
Please investigate this activity and take appropriate action according
to your abuse policy.
Thank you for your assistance.
The traffic volume from this IP exceeded 18,000 HTTP requests within a
short time window and was clearly automated.
5.9.218.173 - - [21/Jan/2026:20:34:39 +0100] "GET / HTTP/1.1" 200 "-"
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/126.0.0.0"
5.9.218.173 - - [21/Jan/2026:20:34:39 +0100] "GET /V0k8VDpbKgzyJiHV
HTTP/1.1" 404 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)
Chrome/126.0.0.0"
5.9.218.173 - - [21/Jan/2026:20:34:39 +0100] "GET /?uDGy={fUDW}&SzbM=
