JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 157.254.221.224

157.254.221.224 was found in our database!

This IP was reported 90 times. Confidence of Abuse is 100%: ?

100%

ISP	Internet Utilities NA LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14315
Domain Name	iana.org
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 157.254.221.224

Whois 157.254.221.224

IP Abuse Reports for 157.254.221.224:

This IP address has been reported a total of 90 times from 57 distinct sources. 157.254.221.224 was first reported on May 20th 2026, and the most recent report was 31 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Nevermind	2026-05-30 04:34:37 (4 days ago)	157.254.221.224 - - [30/May/2026:06:34:17 +0200] "GET /.aws/credentials HTTP/1.1" 404 4756 "-" "Mozi ... show more 157.254.221.224 - - [30/May/2026:06:34:17 +0200] "GET /.aws/credentials HTTP/1.1" 404 4756 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 157.254.221.224 - - [30/May/2026:06:34:18 +0200] "GET /config.json HTTP/1.1" 404 4756 "-" "Mozilla/5.0 (Linux; Android 14; V2309A) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36" 157.254.221.224 - - [30/May/2026:06:34:36 +0200] "GET /wp-json/wp/v2/ HTTP/1.1" 404 4756 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 YaBrowser/24.10.0.0 Safari/537.36" 157.254.221.224 - - [30/May/2026:06:34:36 +0200] "GET /wp-json/ HTTP/1.1" 404 4756 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" ... show less	Web App Attack
🇧🇷 chronos	2026-05-30 02:48:30 (5 days ago)	2026-05-29 23:24:02 UTC-3\|\|Unauthorized connection attempt detected for port scanning	Port Scan
🇧🇷 chronos	2026-05-30 02:24:02 (5 days ago)	Web traffic. Possible probing or exploitation attempts. \| Port: 80 \| Proto: TCP \| Location: United S ... show more Web traffic. Possible probing or exploitation attempts. \| Port: 80 \| Proto: TCP \| Location: United States, Phoenix show less	Exploited Host Brute-Force Port Scan
🇺🇸 mnsf	2026-05-30 02:07:00 (5 days ago)	Too many Status 40X (22)	Brute-Force Web App Attack
🇬🇧 consul.to	2026-05-29 16:42:28 (5 days ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 zwebvigil	2026-05-29 05:55:15 (5 days ago)	157.254.221.224 [28/May/2026:22:54:22 -0700] "GET /js/custom.min.js.map HTTP/1.1" 404 2705 "-" port ... show more 157.254.221.224 [28/May/2026:22:54:22 -0700] "GET /js/custom.min.js.map HTTP/1.1" 404 2705 "-" port=53398 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0" "-" "-" "<host>" 737 157.254.221.224 [28/May/2026:22:54:23 -0700] "GET /photos/ HTTP/1.1" 401 2394 "-" port=53398 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36" "-" "-" "<host>" 1094 157.254.221.224 [28/May/2026:22:54:34 -0700] "GET /404-not-found/ HTTP/1.1" 404 2693 "-" port=44222 "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0" "-" "-" "<host>" 516 157.254.221.224 [28/May/2026:22:55:03 -0700] "GET /404-not-found/ HTTP/1.1" 404 2693 "-" port=43354 "Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1" "-" "-" "<host>" 777 157.254 show less	Web App Attack
Anonymous	2026-05-29 05:45:34 (5 days ago)	Multiple web server 400 error codes from same source ip	Web App Attack
🇩🇪 pscriptos	2026-05-29 05:32:23 (5 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-05-29 05:23:24 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 157.254.221.224 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 157.254.221.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 01:23:19.393450 2026] [security2:error] [pid 9250:tid 9250] [client 157.254.221.224:56942] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fydelityco.com.fydelity.net"] [uri "/.env.old"] [unique_id "ahkixze9Q-1xUE8SERGLEgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 ConsulHosting	2026-05-29 04:27:23 (5 days ago)	Excessive failed CAPTCHA attempts (CAPTCHA DoS)	Web App Attack
🇺🇸 abenage	2026-05-29 04:17:36 (5 days ago)	157.254.221.224 - - [28/May/2026:22:17:35 -0600] "GET /sitemap.xml HTTP/1.1" 404 564 "-" "Mozilla/5. ... show more 157.254.221.224 - - [28/May/2026:22:17:35 -0600] "GET /sitemap.xml HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/116.0.0.0" show less	Bad Web Bot Web App Attack
Anonymous	2026-05-29 04:14:48 (5 days ago)	(caddyscan) Scanner path probe from 157.254.221.224 (US/United States/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 157.254.221.224 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 157.254.221.224 - - [29/May/2026:04:14:43 +0000] "GET /.aws/credentials HTTP/1.1" [REDACTED] 200 2627 157.254.221.224 - - [29/May/2026:04:14:44 +0000] "GET /.env.local HTTP/1.1" [REDACTED] 200 2627 157.254.221.224 - - [29/May/2026:04:14:44 +0000] "GET /.env.backup HTTP/1.1" [REDACTED] 200 2627 157.254.221.224 - - [29/May/2026:04:14:45 +0000] "GET /.env.example HTTP/1.1" [REDACTED] 200 2627 157.254.221.224 - - [29/May/2026:04:14:45 +0000] "GET /.env.test HTTP/1.1" show less	Port Scan
🇫🇷 masterguru	2026-05-29 04:13:31 (5 days ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 157.254.221.224 (US/United States/-): ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 157.254.221.224 (US/United States/-): 2 in the last 3600 secs (0-196) show less	Hacking
🇺🇸 TPI-Abuse	2026-05-29 03:41:31 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 157.254.221.224 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 157.254.221.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 23:41:25.114506 2026] [security2:error] [pid 20025:tid 20025] [client 157.254.221.224:51216] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "frankienash.nashes.net"] [uri "/app/.env"] [unique_id "ahkK5WyaEv1P2n7Vb7nMrQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 AetherFox	2026-05-29 03:19:27 (6 days ago)	AetherFox VoidGuard detected: [Fri May 29 03:18:58.537952 2026] [authz_core:error] [pid 2189752:tid ... show more AetherFox VoidGuard detected: [Fri May 29 03:18:58.537952 2026] [authz_core:error] [pid 2189752:tid 2189769] [client 157.254.221.224:34394] AH01630: client denied by server configuration: proxy:http://[MASKED]/ [Fri May 29 03:18:58.538087 2026] [authz_core:error] [pid 2189752:tid 2189769] [client 157.254.221.224:34394] AH01630: client denied by server configuration: /var/www/html/ERRORpages/403.html [Fri May 29 03:19:08.222001 2026] [authz_core:error] [pid 2189781:tid 2189788] [client 157.254.221.224:52864] AH01630: client denied by server configuration: proxy:http://[MASKED]/sitemap.xml [Fri May 29 03:19:08.222219 2026] [authz_core:error] [pid 2189781:tid 2189788] [client 157.254.221.224:52864] AH01630: client denied by server configuration: /var/www/html/ERRORpages/403.html [Fri May 29 03:19:26.349109 2026] [authz_core:error] [pid 2189752:tid 2189773] [client 157.254.221.224:59140] AH01630: client denied by server configuration: proxy:http://[MASKED]/mani ... show less	Bad Web Bot Web App Attack

Showing 46 to 60 of 90 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇦 213.218.214.110

🇧🇷 205.210.31.200

🇵🇦 191.101.96.181

🇳🇱 173.239.217.185

🇳🇱 173.239.217.184

🇸🇿 143.105.155.153

🇵🇰 103.196.161.232

🇷🇺 91.245.159.185

🇺🇸 69.12.64.44

🇺🇸 66.154.105.106

🇱🇹 62.60.130.251

🇸🇬 47.236.172.167

🇬🇧 45.82.76.118

🇸🇬 45.78.198.177

🇧🇪 34.14.116.242

🇺🇸 20.168.6.226

🇺🇸 2a03:2880:f806:1e::

🇦🇺 2406:2d40:41c2:9d08:e0d7:d926:3f30:7d93

🇯🇵 207.56.225.202

🇳🇱 204.76.203.222