JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 157.254.221.224

157.254.221.224 was found in our database!

This IP was reported 90 times. Confidence of Abuse is 100%: ?

100%

ISP	Internet Utilities NA LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14315
Domain Name	iana.org
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 157.254.221.224

Whois 157.254.221.224

IP Abuse Reports for 157.254.221.224:

This IP address has been reported a total of 90 times from 57 distinct sources. 157.254.221.224 was first reported on May 20th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-05-28 19:19:17 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 157.254.221.224 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 157.254.221.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 15:19:10.187202 2026] [security2:error] [pid 11631:tid 11631] [client 157.254.221.224:58268] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "edupal.net"] [uri "/api/.env"] [unique_id "ahiVLlehf9DIjrCIjCtN0wAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-05-28 19:13:33 (6 days ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 18:59:55 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 157.254.221.224 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 157.254.221.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 14:59:50.168562 2026] [security2:error] [pid 9561:tid 9561] [client 157.254.221.224:59894] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "echinech.utilis.net"] [uri "/public/.env"] [unique_id "ahiQpom_pAyHZSlpZff_pQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 raph	2026-05-28 18:48:32 (6 days ago)	[DOT FILES] crawler .env, .git, .config, etc.	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 18:43:38 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 157.254.221.224 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 157.254.221.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 14:43:31.733551 2026] [security2:error] [pid 27086:tid 27086] [client 157.254.221.224:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "earscript.net"] [uri "/.env.test"] [unique_id "ahiM01X4lPX63taJDO9tTQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Charlesiv	2026-05-28 18:00:39 (6 days ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE ASN: 14315 (1GSER ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE ASN: 14315 (1GSERVERS, LLC) Protocol: HTTP/1.1 (GET method) Endpoint: /__env.js Timestamp: 2026-05-28T17:46:22Z Ray ID: a02f14153f141dc3 UA: Mozilla/5.0 (Linux; Android 13; SM-G998B) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/26.0 Chrome/122.0.0.0 Mobile Safari/537.36 show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-28 17:43:57 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 157.254.221.224 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 157.254.221.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 13:43:50.163263 2026] [security2:error] [pid 29594:tid 29594] [client 157.254.221.224:48186] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "drfunnell.vccemail.net"] [uri "/.git/config"] [unique_id "ahh-1tDg4yS-CFg6EY5XuQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 AetherFox	2026-05-28 17:34:37 (6 days ago)	AetherFox VoidGuard detected: [Thu May 28 17:34:09.572318 2026] [authz_core:error] [pid 2035637:tid ... show more AetherFox VoidGuard detected: [Thu May 28 17:34:09.572318 2026] [authz_core:error] [pid 2035637:tid 2035656] [client 157.254.221.224:38498] AH01630: client denied by server configuration: proxy:http://[MASKED]/ [Thu May 28 17:34:09.572558 2026] [authz_core:error] [pid 2035637:tid 2035656] [client 157.254.221.224:38498] AH01630: client denied by server configuration: /var/www/html/ERRORpages/403.html [Thu May 28 17:34:23.746516 2026] [authz_core:error] [pid 2035637:tid 2035690] [client 157.254.221.224:37628] AH01630: client denied by server configuration: proxy:http://[MASKED]/robots.txt [Thu May 28 17:34:23.746644 2026] [authz_core:error] [pid 2035637:tid 2035690] [client 157.254.221.224:37628] AH01630: client denied by server configuration: /var/www/html/ERRORpages/403.html [Thu May 28 17:34:36.934667 2026] [authz_core:error] [pid 2035637:tid 2035645] [client 157.254.221.224:59754] AH01630: client denied by server configuration: proxy:http://[MASKED]/manif ... show less	Bad Web Bot Web App Attack
🇩🇪 pscriptos	2026-05-28 17:31:19 (6 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing	Web App Attack Hacking
🇪🇸 pipeline.es	2026-05-28 17:19:54 (6 days ago)	Web scanning / probing for vulnerable paths \| URL: /keys/service-account.json \| Evidence: landingow. ... show more Web scanning / probing for vulnerable paths \| URL: /keys/service-account.json \| Evidence: landingow.aavv.com 157.254.221.224 - - [28/May/2026:19:18:24 +0200] \"GET /keys/service-account.json HTTP/1.1\" 404 223 \"-\" \"Mozilla/5.0 (Linux; Android 15; Pixel 9 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36\" GEOIP_COUNTRY_CODE=US \| ASN: 1GSERVERS \| Country: US show less	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 17:13:35 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 157.254.221.224 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 157.254.221.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 13:13:28.393810 2026] [security2:error] [pid 28520:tid 28520] [client 157.254.221.224:41686] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "handankoc.net"] [uri "/.env.production"] [unique_id "ahh3uKN2Bjfj8-4gmyiYhAAAACU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 ersei.net	2026-05-28 17:11:19 (6 days ago)	Nonstop scanning with no cooldown or respect for 429.	Bad Web Bot
🇩🇪 expandmade.com	2026-05-28 15:13:34 (6 days ago)	trolling for installation vulnerabilities [28/May/2026:15:13:34 "GET /_next/static/buildManifest.js" ... show more trolling for installation vulnerabilities [28/May/2026:15:13:34 "GET /_next/static/buildManifest.js"] show less	Web App Attack
🇬🇧 consul.to	2026-05-28 14:13:10 (6 days ago)	Web attack/malicious scanning detected	Web App Attack
🇹🇷 Threat.live	2026-05-20 13:15:06 (2 weeks ago)	Suspicious Connection Attempts	Brute-Force

Showing 76 to 90 of 90 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 182.43.235.218

🇺🇸 154.16.119.22

🇮🇳 152.58.25.28

🇺🇸 97.107.134.31

🇺🇸 66.132.195.56

🇬🇧 37.156.64.100

🇧🇷 191.177.177.252

🇵🇰 175.107.2.67

🇺🇸 159.203.136.205

🇳🇱 144.31.14.203

🇵🇰 139.135.42.5

🇨🇳 121.18.220.74

🇰🇷 111.171.127.190

🇸🇬 101.47.156.170

🇮🇹 95.231.210.40

🇷🇴 80.94.92.165

🇫🇷 51.159.104.219

🇺🇸 2600:3c02::2000:32ff:fec2:83b3

🇧🇷 205.210.31.241

🇧🇷 205.210.31.175