JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 149.28.93.107

149.28.93.107 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 81%: ?

81%

ISP	Vultr Holdings, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS20473
Hostname(s)	149.28.93.107.vultrusercontent.com
Domain Name	vultr.com
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 149.28.93.107

Whois 149.28.93.107

IP Abuse Reports for 149.28.93.107:

This IP address has been reported a total of 18 times from 16 distinct sources. 149.28.93.107 was first reported on June 12th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mnsf	2026-06-15 00:14:49 (2 hours ago)	Too many Status 40X (15)	Brute-Force Web App Attack
🇬🇷 setupgr	2026-06-14 23:39:09 (3 hours ago)	(mod_security) mod_security (id:11000011) triggered by 149.28.93.107: 1 in the last 86400 secs; Port ... show more (mod_security) mod_security (id:11000011) triggered by 149.28.93.107: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Mon Jun 15 02:39:08.368269 2026] [security2:error] [pid 921869:tid 921969] [client 149.28.93.107:56868] ModSecurity: Access denied with code 406 (phase 1). Matched phrase "vultrusercontent.com" at REMOTE_HOST. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "128"] [id "11000011"] [msg "BLOCKED BAD DOMAIN: 149.28.93.107.vultrusercontent.com"] [hostname "tavernadimitris.com"] [uri "/api/gateway/heartbeat"] [unique_id "ai87nF7fuOvzHSXykmzp_AAAABE"] show less	Port Scan
🇪🇸 pipeline.es	2026-06-14 19:44:33 (7 hours ago)	Port scanning / recon \| Evidence: date=2026-06-14 time=21:43:29 devname="[redacted]" devid="[redacte ... show more Port scanning / recon \| Evidence: date=2026-06-14 time=21:43:29 devname="[redacted]" devid="[redacted]" eventtime=1781466209108522945 tz=\"+0200\" logid=\"0000000013\" type=\"traffic\" subtype=\"forward\" level=\"notice\" vd="[redacted]" srcip=149.28.93.107 srcport=37314 srcintf="[redacted]" srcintfrole=\"wan\" dstip=[redacted] dstport=443 dstintf="[redacted]" dstintfrole=\"lan\" srccountry=\"United States\" dstcountry=\"Spain\" s \| ASN: AS-VULTR \| Country: US show less	Port Scan Web App Attack
🇳🇱 Site.eu	2026-06-14 18:33:54 (8 hours ago)	Excessive multi-domain requests	Brute-Force
Anonymous	2026-06-14 14:04:59 (12 hours ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: US, Attack patterns: Auto ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: US, Attack patterns: Automated scanning show less	Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-14 13:48:35 (12 hours ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TNZ	2026-06-14 12:31:22 (14 hours ago)	Automated honeypot: bot_detected:no_accept_language \| Path: /open/ \| ISP: AS20473 The Constant Compa ... show more Automated honeypot: bot_detected:no_accept_language \| Path: /open/ \| ISP: AS20473 The Constant Company, LLC \| ASN: AS20473 The Constant Company, LLC [HOSTING] \| Abuse score: 56 \| Open ports: [] \| UA: Mozilla/5.0 show less	Web App Attack
🇺🇸 VanKoh	2026-06-14 12:22:43 (14 hours ago)	149.28.93.107 - - [14/Jun/2026:06:22:42 -0600] "HEAD /api/gateway/heartbeat HTTP/1.1" 301 0 "-" "Moz ... show more 149.28.93.107 - - [14/Jun/2026:06:22:42 -0600] "HEAD /api/gateway/heartbeat HTTP/1.1" 301 0 "-" "Mozilla/5.0" 149.28.93.107 - - [14/Jun/2026:06:22:42 -0600] "HEAD /open/ HTTP/1.1" 301 0 "-" "Mozilla/5.0" 149.28.93.107 - - [14/Jun/2026:06:22:42 -0600] "HEAD /open/visitors/info/gets?uuid=1 HTTP/1.1" 301 0 "-" "Mozilla/5.0" ... show less	DDoS Attack Web App Attack
🇺🇸 VanKoh	2026-06-14 11:48:25 (14 hours ago)	149.28.93.107 - - [14/Jun/2026:05:48:24 -0600] "HEAD /api/gateway/heartbeat HTTP/1.1" 301 0 "-" "Moz ... show more 149.28.93.107 - - [14/Jun/2026:05:48:24 -0600] "HEAD /api/gateway/heartbeat HTTP/1.1" 301 0 "-" "Mozilla/5.0" 149.28.93.107 - - [14/Jun/2026:05:48:24 -0600] "HEAD /open/ HTTP/1.1" 301 0 "-" "Mozilla/5.0" 149.28.93.107 - - [14/Jun/2026:05:48:24 -0600] "HEAD /open/visitors/info/gets?uuid=1 HTTP/1.1" 301 0 "-" "Mozilla/5.0" ... show less	Port Scan Web App Attack
🇩🇪 iNetWorker	2026-06-14 10:40:09 (16 hours ago)	trolling for resource vulnerabilities	Web App Attack
🇺🇸 Rip	2026-06-14 10:18:39 (16 hours ago)	403 Errors: Access Forbidden	Brute-Force
🇩🇪 AetherFox	2026-06-14 08:31:43 (18 hours ago)	AetherFox VoidGuard detected: [Sun Jun 14 08:31:43.237302 2026] [authz_core:error] [pid 554468:tid 5 ... show more AetherFox VoidGuard detected: [Sun Jun 14 08:31:43.237302 2026] [authz_core:error] [pid 554468:tid 554478] [client 149.28.93.107:36880] AH01630: client denied by server configuration: proxy:https://[MASKED]/open/ [Sun Jun 14 08:31:43.246810 2026] [authz_core:error] [pid 554468:tid 554487] [client 149.28.93.107:36882] AH01630: client denied by server configuration: proxy:https://[MASKED]/api/gateway/heartbeat [Sun Jun 14 08:31:43.253384 2026] [authz_core:error] [pid 539813:tid 539825] [client 149.28.93.107:36870] AH01630: client denied by server configuration: proxy:https://[MASKED]/open/visitors/info/gets [Sun Jun 14 08:31:43.372072 2026] [authz_core:error] [pid 539784:tid 539790] [client 149.28.93.107:36904] AH01630: client denied by server configuration: proxy:https://[MASKED]/open/visitors/info/gets [Sun Jun 14 08:31:43.379070 2026] [authz_core:error] [pid 539784:tid 539788] [client 149.28.93.107:36888] AH01630: client denied by server configuration: ... show less	Bad Web Bot Web App Attack
🇩🇪 IVski	2026-06-14 07:29:20 (19 hours ago)	IVski WAF \| Multiple 403 Forbidden responses detected from this IP. Likely automated scanning.	DDoS Attack Bad Web Bot
🇩🇪 wsyq	2026-06-14 02:58:42 (23 hours ago)	Fail2Ban - \[NGINX\]40x-Forcing to access a restricted resource ...	Bad Web Bot Web App Attack
🇬🇧 pinguin	2026-06-14 01:34:56 (1 day ago)	Triggered Cloudflare WAF (linkMaze) from US. Action taken: LINK_MAZE_INJECTED Protocol: HTTP/1.1 (HE ... show more Triggered Cloudflare WAF (linkMaze) from US. Action taken: LINK_MAZE_INJECTED Protocol: HTTP/1.1 (HEAD method) Endpoint: /open/ UA: Mozilla/5.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇺 213.33.209.197

🇳🇱 185.242.226.59

🇩🇪 176.65.132.24

🇮🇳 165.232.187.53

🇺🇸 165.232.131.98

🇺🇸 147.185.132.150

🇺🇸 74.208.177.56

🇺🇸 66.132.172.16

🇨🇭 64.39.102.41

🇨🇳 60.13.6.15

🇻🇪 38.247.4.20

🇮🇩 36.79.232.215

🇺🇸 23.95.137.106

🇺🇸 20.169.107.167

🇵🇱 194.180.48.31

🇺🇸 193.3.53.11

🇺🇸 152.32.208.169

🇸🇪 146.247.236.59

🇻🇳 125.212.223.168

🇨🇳 119.249.100.217