JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 188.213.166.238

188.213.166.238 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 83%: ?

83%

ISP	Aruba S.p.A. - Cloud Services Farm2
Usage Type	Data Center/Web Hosting/Transit
ASN	AS31034
Hostname(s)	host238-166-213-188.serverdedicati.aruba.it
Domain Name	aruba.it
Country	🇮🇹 Italy
City	Arezzo, Tuscany

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 188.213.166.238

Whois 188.213.166.238

IP Abuse Reports for 188.213.166.238:

This IP address has been reported a total of 23 times from 15 distinct sources. 188.213.166.238 was first reported on June 11th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-14 18:15:17 (1 hour ago)	(mod_security) mod_security (id:210492) triggered by 188.213.166.238 (host238-166-213-188.serverdedi ... show more (mod_security) mod_security (id:210492) triggered by 188.213.166.238 (host238-166-213-188.serverdedicati.aruba.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 14:15:10.178237 2026] [security2:error] [pid 600:tid 718] [client 188.213.166.238:47554] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.greaternorthmiamihistory.org"] [uri "/.env"] [unique_id "ai7vrma8o8E0Ek1dBIsvUAAAAkM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 17:58:38 (1 hour ago)	(mod_security) mod_security (id:210492) triggered by 188.213.166.238 (host238-166-213-188.serverdedi ... show more (mod_security) mod_security (id:210492) triggered by 188.213.166.238 (host238-166-213-188.serverdedicati.aruba.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 13:58:33.666884 2026] [security2:error] [pid 18627:tid 18627] [client 188.213.166.238:39690] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.frightlibrary.org"] [uri "/.env"] [unique_id "ai7ryfaWrenMBek_r0yxhQAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 17:40:44 (1 hour ago)	(mod_security) mod_security (id:210492) triggered by 188.213.166.238 (host238-166-213-188.serverdedi ... show more (mod_security) mod_security (id:210492) triggered by 188.213.166.238 (host238-166-213-188.serverdedicati.aruba.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 13:40:40.928425 2026] [security2:error] [pid 6402:tid 6402] [client 188.213.166.238:57124] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.exhaustthelimits.org"] [uri "/.env"] [unique_id "ai7nmOLTPaf1C9FOz8hlcgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 08:52:13 (10 hours ago)	(mod_security) mod_security (id:210492) triggered by 188.213.166.238 (host238-166-213-188.serverdedi ... show more (mod_security) mod_security (id:210492) triggered by 188.213.166.238 (host238-166-213-188.serverdedicati.aruba.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 04:52:07.815719 2026] [security2:error] [pid 27615:tid 27615] [client 188.213.166.238:51034] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.theblackbell.co"] [uri "/.env"] [unique_id "ai5rt3F4nuvI29mjCK4qVwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 seniorlinuxadmin	2026-06-14 06:07:08 (13 hours ago)	188.213.166.238 - - [14/Jun/2026:07:07:06 +0100] "GET /.env HTTP/1.1" 403 158 "-" "Mozilla/5.0 (Wind ... show more 188.213.166.238 - - [14/Jun/2026:07:07:06 +0100] "GET /.env HTTP/1.1" 403 158 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0" show less	Port Scan Web App Attack
Anonymous	2026-06-14 04:05:22 (15 hours ago)	Blocked: Reason='Suspicious traffic score=60 (review-based detection)'; Requests=9	Hacking
🇳🇴 jad-abuse	2026-06-14 03:35:23 (15 hours ago)	ThreatFeed automated detection: malicious HTTP scanning / exploit attempts. Signatures: env_probe. O ... show more ThreatFeed automated detection: malicious HTTP scanning / exploit attempts. Signatures: env_probe. Observed by 1 sensor(s); 2 hits. show less	Web App Attack
Anonymous	2026-06-13 22:49:50 (20 hours ago)	Web App Attack	Brute-Force Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 22:18:02 (21 hours ago)	(mod_security) mod_security (id:210492) triggered by 188.213.166.238 (host238-166-213-188.serverdedi ... show more (mod_security) mod_security (id:210492) triggered by 188.213.166.238 (host238-166-213-188.serverdedicati.aruba.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 18:17:57.819948 2026] [security2:error] [pid 30903:tid 30903] [client 188.213.166.238:60298] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mlsdirect.xyz"] [uri "/.env"] [unique_id "ai3XFfXVZBNdVxAYQJBmFAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 20:29:47 (22 hours ago)	(mod_security) mod_security (id:210492) triggered by 188.213.166.238 (host238-166-213-188.serverdedi ... show more (mod_security) mod_security (id:210492) triggered by 188.213.166.238 (host238-166-213-188.serverdedicati.aruba.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 16:29:39.694426 2026] [security2:error] [pid 20065:tid 20090] [client 188.213.166.238:53600] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "yakagroup.org"] [uri "/.env"] [unique_id "ai29s8sy6NxIKas_BSLj6QAAARc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 11:47:24 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 188.213.166.238 (host238-166-213-188.serverdedi ... show more (mod_security) mod_security (id:210492) triggered by 188.213.166.238 (host238-166-213-188.serverdedicati.aruba.it): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 07:47:20.278195 2026] [security2:error] [pid 1684:tid 1684] [client 188.213.166.238:45276] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "toppress.ca"] [uri "/.env"] [unique_id "ai1DSHFMA_MVBHx4X5TRDwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-13 09:29:55 (1 day ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-06-13 08:42:22 (1 day ago)	Try to access /.env	Web App Attack
🇬🇧 Aetherweb Ark	2026-06-13 04:46:22 (1 day ago)	(mod_security) mod_security (id:949110) triggered by 188.213.166.238 (IT/Italy/host238-166-213-188.s ... show more (mod_security) mod_security (id:949110) triggered by 188.213.166.238 (IT/Italy/host238-166-213-188.serverdedicati.aruba.it): N in the last X secs show less	Web App Attack
🇬🇧 Oakley	2026-06-13 04:12:55 (1 day ago)	(confirmed_bot_sig) Confirmed bot	Hacking

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 194.74.196.10

🇲🇽 187.216.224.85

🇧🇴 181.188.176.242

🇨🇳 120.230.21.41

🇨🇳 112.12.159.92

🇩🇪 46.101.150.99

🇰🇷 1.235.192.214

🇺🇸 136.117.57.173

🇺🇸 135.237.126.114

🇨🇳 115.55.29.173

🇮🇳 103.175.62.33

🇮🇳 103.97.215.11

🇬🇧 87.106.44.172

🇮🇱 35.252.12.165

🇫🇮 35.228.82.22

🇨🇳 8.138.85.185

🇦🇲 178.160.228.254

🇨🇳 163.204.42.139

🇮🇩 114.10.47.235

🇵🇱 87.251.64.149