JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.121.139.95

172.121.139.95 was found in our database!

This IP was reported 7 times. Confidence of Abuse is 18%: ?

18%

ISP	EGIHosting
Usage Type	Data Center/Web Hosting/Transit
ASN	AS18779
Domain Name	egihosting.com
Country	🇺🇸 United States of America
City	Santa Clara, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.121.139.95

Whois 172.121.139.95

IP Abuse Reports for 172.121.139.95:

This IP address has been reported a total of 7 times from 3 distinct sources. 172.121.139.95 was first reported on May 27th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-05-29 11:51:22 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 172.121.139.95 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 172.121.139.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 07:51:12.666039 2026] [security2:error] [pid 18855:tid 18855] [client 172.121.139.95:46955] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.perissosdigitalmarketing.com.kevinfranz.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.perissosdigitalmarketing.com.kevinfranz.com"] [uri "/db_backup.sql"] [unique_id "ahl9sCgkhiMM6d7NHMRQfQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-28 22:03:36 (2 weeks ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-27. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-27 22:43:07 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 172.121.139.95 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.121.139.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 18:42:42.984833 2026] [security2:error] [pid 11315:tid 11315] [client 172.121.139.95:44811] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.thewillsmith.anthonyjoseph.us"] [uri "/.env.development"] [unique_id "ahdzYgPMNOYeShzN5eiC6wAAAAA"], referer: https://www.google.com/search?q=www.thewillsmith.anthonyjoseph.us show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-27 22:00:52 (2 weeks ago)	Auto-ban: >3000 req/min op 2026-05-27	Web App Attack SSH Hacking
Anonymous	2026-05-27 17:45:03 (2 weeks ago)	suspicious request in access.log	Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 17:23:13 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 172.121.139.95 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.121.139.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 13:23:07.101473 2026] [security2:error] [pid 10712:tid 10712] [client 172.121.139.95:59365] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "acctusa.net"] [uri "/.env.development"] [unique_id "ahcoe8fmlpETGt1kF3yLugAAAB0"], referer: https://www.google.com/search?q=acctusa.net show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 00:23:02 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 172.121.139.95 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 172.121.139.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:22:56.328420 2026] [security2:error] [pid 5446:tid 5446] [client 172.121.139.95:35425] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.weathercarib.weathercarib.net\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.weathercarib.weathercarib.net"] [uri "/config/database.php.bak"] [unique_id "ahY5YLtjm41tJ2XOPd1x-wAAAAA"], referer: https://www.google.com/search?q=www.weathercarib.weathercarib.net show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 7 of 7 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 176.65.149.182

🇺🇸 147.185.132.193

🇮🇳 106.51.29.53

🇮🇳 103.162.216.206

🇺🇸 91.230.168.138

🇳🇱 45.142.193.18

🇲🇰 31.11.74.146

🇨🇳 222.71.233.162

🇺🇸 208.84.101.205

🇲🇽 186.96.145.241

🇺🇸 185.180.141.37

🇫🇷 176.178.53.145

🇨🇳 171.118.18.215

🇺🇦 159.224.213.138

🇯🇵 152.32.204.21

🇩🇪 128.0.64.26

🇫🇷 91.231.89.187

🇫🇷 91.231.89.47

🇨🇿 78.80.34.6

🇺🇸 66.228.53.78