JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 157.254.221.197

157.254.221.197 was found in our database!

This IP was reported 95 times. Confidence of Abuse is 100%: ?

100%

ISP	Internet Utilities NA LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14315
Domain Name	iana.org
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 157.254.221.197

Whois 157.254.221.197

IP Abuse Reports for 157.254.221.197:

This IP address has been reported a total of 95 times from 73 distinct sources. 157.254.221.197 was first reported on May 15th 2026, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 e.fierstra	2026-05-29 22:23:06 (5 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-05-29 20:48:33 (5 days ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 20:42:04 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 16:41:58.405042 2026] [security2:error] [pid 24435:tid 24435] [client 157.254.221.197:41620] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "yeejia.net"] [uri "/.git/config"] [unique_id "ahiolvtn6ukkeqfnEjPXwQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 20:25:23 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 16:25:18.251601 2026] [security2:error] [pid 19692:tid 19692] [client 157.254.221.197:49282] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tracybur.net"] [uri "/.env.staging"] [unique_id "ahikrhULRqcEqynPnRLbdwAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 19:50:07 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 15:49:59.447947 2026] [security2:error] [pid 32563:tid 32604] [client 157.254.221.197:50734] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "quetzalcoatl2012.net"] [uri "/backend/.env"] [unique_id "ahicZwOb-Z_YlD67c_pxtAAAAUQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 19:30:06 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 15:29:56.650008 2026] [security2:error] [pid 11394:tid 11394] [client 157.254.221.197:52656] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.mykidsdaycare.net"] [uri "/.env.backup"] [unique_id "ahiXtMizt06MTPHpb88FFAAAACE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 18:54:19 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 14:54:11.355773 2026] [security2:error] [pid 31411:tid 31411] [client 157.254.221.197:47328] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "infraredovens.net"] [uri "/.env.test"] [unique_id "ahiPU_Rm01dD38kF_6RosAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 18:35:53 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 14:35:49.760786 2026] [security2:error] [pid 13527:tid 13527] [client 157.254.221.197:56968] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fydelity.net"] [uri "/.env.backup"] [unique_id "ahiLBaVDujJS2cP9aW-4BAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 18:10:19 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 14:10:13.018521 2026] [security2:error] [pid 16559:tid 16559] [client 157.254.221.197:57158] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "deargrampy.net"] [uri "/api/.env"] [unique_id "ahiFBZcB_39LOgZmNu4mIQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-05-28 17:55:57 (6 days ago)	Multiple WAF Violations	Web App Attack
Anonymous	2026-05-28 17:53:53 (6 days ago)	(caddyscan) Scanner path probe from 157.254.221.197 (US/United States/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 157.254.221.197 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 157.254.221.197 - - [28/May/2026:17:53:49 +0000] "GET /backend/.env HTTP/1.1" [REDACTED] 200 2627 157.254.221.197 - - [28/May/2026:17:53:49 +0000] "GET /.ssh/id_rsa HTTP/1.1" [REDACTED] 200 2627 157.254.221.197 - - [28/May/2026:17:53:49 +0000] "GET /.aws/credentials HTTP/1.1" [REDACTED] 200 2627 157.254.221.197 - - [28/May/2026:17:53:49 +0000] "GET /.env.local HTTP/1.1" [REDACTED] 200 2627 157.254.221.197 - - [28/May/2026:17:53:49 +0000] "GET /.env.staging HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-28 17:47:42 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 13:47:36.434248 2026] [security2:error] [pid 7797:tid 7797] [client 157.254.221.197:41374] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.bpcompany.net"] [uri "/.env.staging"] [unique_id "ahh_uKriviNJam2ieaWJCAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 17:31:58 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 13:31:50.996522 2026] [security2:error] [pid 20963:tid 20963] [client 157.254.221.197:56100] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "antiradares.net"] [uri "/.git/config"] [unique_id "ahh8Bht9EkJozG6eZIJIEgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 17:16:56 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 157.254.221.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 13:16:49.731771 2026] [security2:error] [pid 6779:tid 6779] [client 157.254.221.197:43778] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.13i.net"] [uri "/admin/.env"] [unique_id "ahh4ga1q30rwO9nvP4dU7QAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 essinghigh	2026-05-28 17:01:00 (6 days ago)	IPS Detection: 157.254.221.197 -> DPT: 80	Port Scan

Showing 76 to 90 of 95 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 205.210.31.216

🇩🇪 194.88.98.116

🇧🇷 177.55.227.195

🇸🇬 157.230.250.54

🇩🇪 142.250.154.101

🇩🇪 69.5.169.241

🇺🇸 66.132.224.16

🇺🇸 50.62.22.47

🇧🇷 45.238.101.91

🇬🇧 35.203.211.83

🇳🇱 195.178.110.199

🇳🇱 192.142.24.66

🇫🇷 178.238.229.119

🇺🇸 173.239.198.62

🇺🇸 91.230.168.37

🇫🇷 88.138.20.172

🇩🇪 69.5.169.195

🇩🇪 69.5.169.134

🇺🇸 66.132.172.16

🇳🇱 50.7.233.211