JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 157.254.221.197

157.254.221.197 was found in our database!

This IP was reported 95 times. Confidence of Abuse is 100%: ?

100%

ISP	Internet Utilities NA LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14315
Domain Name	iana.org
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 157.254.221.197

Whois 157.254.221.197

IP Abuse Reports for 157.254.221.197:

This IP address has been reported a total of 95 times from 73 distinct sources. 157.254.221.197 was first reported on May 15th 2026, and the most recent report was 10 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-03 16:43:38 (10 hours ago)	(caddyscan) Scanner path probe from 157.254.221.197 (US/United States/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 157.254.221.197 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 157.254.221.197 - - [03/Jun/2026:16:43:29 +0000] "GET /.aws/credentials HTTP/1.1" [REDACTED] 200 2627 157.254.221.197 - - [03/Jun/2026:16:43:29 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 157.254.221.197 - - [03/Jun/2026:16:43:34 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 157.254.221.197 - - [03/Jun/2026:16:43:34 +0000] "GET /.env.example HTTP/1.1" [REDACTED] 200 2627 157.254.221.197 - - [03/Jun/2026:16:43:34 +0000] "GET /.env.local HTTP/1.1" show less	Port Scan
🇳🇴 Bots.go.to.hell	2026-06-03 15:40:26 (11 hours ago)	This IP was detected by CrowdSec triggering custom/http-bad-crawler-ban	Web App Attack Bad Web Bot
🇳🇱 ConsulHosting	2026-06-03 13:45:48 (13 hours ago)	Excessive failed CAPTCHA attempts (CAPTCHA DoS)	Web App Attack
🇩🇪 Skyrider	2026-06-03 13:41:07 (13 hours ago)	crowdsecurity/http-sensitive-files	Hacking
🇺🇸 mnsf	2026-06-03 12:06:15 (15 hours ago)	Abuse Detected (2)	Brute-Force Web App Attack
🇲🇾 Rizzy	2026-06-03 11:59:56 (15 hours ago)	Multiple WAF Violations	Brute-Force Web App Attack
Anonymous	2026-06-03 11:08:14 (16 hours ago)	(caddyscan) Scanner path probe from 157.254.221.197 (US/United States/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 157.254.221.197 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 157.254.221.197 - - [03/Jun/2026:11:07:55 +0000] "GET /.aws/credentials HTTP/1.1" [REDACTED] 200 2627 157.254.221.197 - - [03/Jun/2026:11:08:01 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 157.254.221.197 - - [03/Jun/2026:11:08:09 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 157.254.221.197 - - [03/Jun/2026:11:08:10 +0000] "GET /.env.example HTTP/1.1" [REDACTED] 200 2627 157.254.221.197 - - [03/Jun/2026:11:08:10 +0000] "GET /.env.production HTTP/1.1" show less	Port Scan
🇬🇧 openstrike.co.uk	2026-06-03 05:14:29 (22 hours ago)	79 attacks on password grabbing URLs, VC URLs, config grabbing URLs (type 2), env grabbing URLs: GET ... show more 79 attacks on password grabbing URLs, VC URLs, config grabbing URLs (type 2), env grabbing URLs: GET /.aws/credentials HTTP/1.1 GET /.git/config HTTP/1.1 GET /config.json HTTP/1.1 GET /public/.env HTTP/1.1 show less	Hacking
🇨🇭 4server	2026-06-03 00:26:16 (1 day ago)	[WedJun0302:26:06.5330142026][security2:error][pid239202:tid239426][client157.254.221.197:0]ModSecur ... show more [WedJun0302:26:06.5330142026][security2:error][pid239202:tid239426][client157.254.221.197:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"fondazionemontgrand.ch\"][uri\"/vault.env\"][unique_id\"ah90nia3fzQV1uHGqta3AwAAAQQ\"] show less	Hacking Web App Attack
🇩🇪 itsolon	2026-06-03 00:08:14 (1 day ago)	[03/Jun/2026:02:07:45 +0200] 178044526584.535562 157.254.221.197 58318 217.154.7.177 443 [03/Jun/202 ... show more [03/Jun/2026:02:07:45 +0200] 178044526584.535562 157.254.221.197 58318 217.154.7.177 443 [03/Jun/2026:02:07:45 +0200] 178044526590.389701 157.254.221.197 58318 217.154.7.177 443 [03/Jun/2026:02:07:45 +0200] 178044526559.846694 157.254.221.197 58318 217.154.7.177 443 [03/Jun/2026:02:08:07 +0200] 178044528790.944955 157.254.221.197 58318 217.154.7.177 443 [03/Jun/2026:02:08:13 +0200] 178044529369.879603 157.254.221.197 58318 217.154.7.177 443 ... show less	Port Scan Hacking Brute-Force Web App Attack
🇺🇸 WellSpring	2026-06-02 23:12:17 (1 day ago)	env leak on officialcovenant.org/.env — WellSpr.ing/NetSentinel civic-AI security layer	Web App Attack
🇳🇱 wlt-blocker	2026-06-02 22:15:37 (1 day ago)	Unauthorized access to webpage admin	Web App Attack
🇩🇪 Viveronese	2026-06-02 21:06:23 (1 day ago)	HTTP vulnerability scanning	Web App Attack
🇩🇪 FeG Deutschland	2026-06-02 19:54:54 (1 day ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1247	Exploited Host Web App Attack
Anonymous	2026-06-02 19:01:45 (1 day ago)	(caddyscan) Scanner path probe from 157.254.221.197 (US/United States/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 157.254.221.197 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 157.254.221.197 - - [02/Jun/2026:19:01:30 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 157.254.221.197 - - [02/Jun/2026:19:01:31 +0000] "GET /.aws/credentials HTTP/1.1" [REDACTED] 200 2627 157.254.221.197 - - [02/Jun/2026:19:01:43 +0000] "GET /.env.example HTTP/1.1" [REDACTED] 200 2627 157.254.221.197 - - [02/Jun/2026:19:01:43 +0000] "GET /.env.development HTTP/1.1" [REDACTED] 200 2627 157.254.221.197 - - [02/Jun/2026:19:01:43 +0000] "GET /.env.production HTTP/1.1" show less	Port Scan

Showing 1 to 15 of 95 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 165.154.206.139

🇩🇪 139.59.151.64

🇳🇱 91.124.209.51

🇨🇳 49.72.111.25

🇺🇸 20.65.194.87

🇬🇧 188.240.59.61

🇺🇸 185.223.152.184

🇺🇸 147.185.132.204

🇨🇳 123.145.9.174

🇨🇳 106.117.117.91

🇺🇸 64.62.156.152

🇨🇳 61.53.1.98

🇨🇳 14.103.118.167

🇸🇬 2a09:bac5:55fd:25b9::3c2:4c

🇬🇧 2a06:4880:6000::8d

🇩🇪 213.209.159.158

🇸🇬 212.73.148.22

🇺🇸 205.210.31.40

🇳🇱 192.142.24.7

🇺🇸 185.255.100.197