This IP address has been reported a total of
24
times from
19 distinct
sources.
172.214.46.96 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Blocked by fail2ban on gVPS [8080/tcp]
Source Port: 45979
TTL: 49
Packet Length: 60
TOS: 0x00
Analy ...
show moreBlocked by fail2ban on gVPS [8080/tcp]
Source Port: 45979
TTL: 49
Packet Length: 60
TOS: 0x00
Analyzed by https://ip.wiredalter.com
show less
(mod_security-custom) mod_security (id:210492) triggered by 172.214.46.96 (US/United States/Virginia ...
show more(mod_security-custom) mod_security (id:210492) triggered by 172.214.46.96 (US/United States/Virginia/Washington/-/[AS8075 MICROSOFT-CORP-MSN-AS-BLOCK]): 1 in the last 3600 secs (0-srv1)
show less
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show moreAuto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-23.
show less
(mod_security) mod_security (id:210492) triggered by 172.214.46.96 (-): 1 in the last 300 secs; Port ...
show more(mod_security) mod_security (id:210492) triggered by 172.214.46.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 23 10:50:26.858660 2026] [security2:error] [pid 6246:tid 6246] [client 172.214.46.96:7168] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "guitar-pedals-amp.com"] [uri "/.env"] [unique_id "ahG-skbrLafMBHriAe4k2QAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
(PERMBLOCK) 172.214.46.96 (US/United States/-) has had more than 4 temp blocks in the last 86400 sec ...
show more(PERMBLOCK) 172.214.46.96 (US/United States/-) has had more than 4 temp blocks in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_PERMBLOCK_COUNT; Logs:
show less
Port Scan
Anonymous
(caddyscan) Scanner path probe from 172.214.46.96 (US/United States/-): 5 in the last 3600 secs; Por ...
show more(caddyscan) Scanner path probe from 172.214.46.96 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 172.214.46.96 - - [23/May/2026:13:10:28 +0000] "GET /@fs/.env.development?import&raw HTTP/1.1"
[REDACTED] 200 2627 172.214.46.96 - - [23/May/2026:13:10:28 +0000] "GET /@fs/.env.production?import&raw HTTP/1.1"
[REDACTED] 200 2627 172.214.46.96 - - [23/May/2026:13:10:28 +0000] "GET /@fs/.env.test?import&raw HTTP/1.1"
[REDACTED] 200 2627 172.214.46.96 - - [23/May/2026:13:10:28 +0000] "GET /@fs/.git/config?import&raw HTTP/1.1"
[REDACTED] 200 2627 172.214.46.96 - - [23/May/2026:13:10:28 +0000] "GET /@fs/.git/config?import?raw HTTP/1.1"
show less
Port Scan
Anonymous
(caddyscan) Scanner path probe from 172.214.46.96 (US/United States/-): 5 in the last 3600 secs; Por ...
show more(caddyscan) Scanner path probe from 172.214.46.96 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 172.214.46.96 - - [23/May/2026:12:10:13 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 172.214.46.96 - - [23/May/2026:12:10:13 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 172.214.46.96 - - [23/May/2026:12:10:13 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 172.214.46.96 - - [23/May/2026:12:10:13 +0000] "GET /@fs/.env?import&raw HTTP/1.1"
[REDACTED] 200 2627 172.214.46.96 - - [23/May/2026:12:10:13 +0000] "GET /@fs/.env.local?import&raw HTTP/1.1"
show less
Port Scan
Anonymous
fail2ban: apache-secrets-scan jail (1 hits in 2419200s) on skipper
[SatMay2313:13:41.1644392026][security2:error][pid1968571:tid1968581][client172.214.46.96:0]ModSecur ...
show more[SatMay2313:13:41.1644392026][security2:error][pid1968571:tid1968581][client172.214.46.96:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"comarcosa.com.81-17-25-250.cpanel.site\"][uri\"/config/.env\"][unique_id\"ahGL5YHmLklZ3pzWe3dLEAAAAEY\"]\,referer:https://claude.ai/
show less
Hacking
Web App Attack
Anonymous
(caddyscan) Scanner path probe from 172.214.46.96 (US/United States/-): 5 in the last 3600 secs; Por ...
show more(caddyscan) Scanner path probe from 172.214.46.96 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 172.214.46.96 - - [23/May/2026:11:09:52 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 172.214.46.96 - - [23/May/2026:11:09:52 +0000] "GET /.git/config HTTP/1.1"
[REDACTED] 200 2627 172.214.46.96 - - [23/May/2026:11:09:52 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 172.214.46.96 - - [23/May/2026:11:09:52 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 172.214.46.96 - - [23/May/2026:11:09:52 +0000] "GET /@fs/.env?import&raw HTTP/1.1"
show less
Port Scan
Showing 1 to
15
of 24 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ