JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.101.157.252

191.101.157.252 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 0%: ?

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Fixed Line ISP
ASN	AS174
Domain Name	netutils.io
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.101.157.252

Whois 191.101.157.252

IP Abuse Reports for 191.101.157.252:

This IP address has been reported a total of 26 times from 11 distinct sources. 191.101.157.252 was first reported on June 29th 2023, and the most recent report was 5 months ago.

Old Reports: The most recent abuse report for this IP address is from 5 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇹 VHosting	2026-01-08 11:08:34 (5 months ago)	Detected mail brute force attack from 4 different servers	Brute-Force
🇮🇹 VHosting	2025-10-13 22:29:03 (8 months ago)	Detected mail brute force attack from 4 different servers	Brute-Force
🇳🇱 exxos	2025-08-31 10:03:01 (9 months ago)	http-no-verb	Hacking
🇷🇺 Agrohim	2025-08-19 23:18:36 (9 months ago)	Gate Inet blocked for categories:	DDoS Attack Ping of Death Port Scan Hacking Brute-Force
🇧🇷 hostseries	2025-05-08 21:39:49 (1 year ago)	Brute-force cPanel Services	Brute-Force
🇧🇷 hostseries	2025-05-06 14:01:39 (1 year ago)	Brute-force cPanel Services	Brute-Force
Anonymous	2025-04-17 17:30:39 (1 year ago)	Ports: 25,2525,110,143,993,995; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇺🇸 bigscoots.com	2024-08-30 16:11:13 (1 year ago)	(smtpauth) Failed SMTP AUTH login from 191.101.157.252 (DE/Germany/-): 5 in the last 3600 secs; Port ... show more (smtpauth) Failed SMTP AUTH login from 191.101.157.252 (DE/Germany/-): 5 in the last 3600 secs; Ports: 25,465,587; Direction: 0; Trigger: LF_SMTPAUTH; Logs: 2024-08-30 12:10:13 dovecot_login authenticator failed for (AEDDXUl) [191.101.157.252]:55876: 535 Incorrect authentication data ([email protected]) 2024-08-30 12:10:21 dovecot_login authenticator failed for (1B7LlR9W) [191.101.157.252]:56070: 535 Incorrect authentication data ([email protected]) 2024-08-30 12:10:33 dovecot_login authenticator failed for (rIhPRDN) [191.101.157.252]:56490: 535 Incorrect authentication data ([email protected]) 2024-08-30 12:10:52 dovecot_login authenticator failed for (qGtH7CFL) [191.101.157.252]:57087: 535 Incorrect authentication data ([email protected]) 2024-08-30 12:11:10 dovecot_login authenticator failed for (tmTHHV) [191.101.157.252]:58040: 535 Incorrect authentication data ([email protected]) show less	Brute-Force SSH
🇺🇸 TPI-Abuse	2024-06-19 15:57:22 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 191.101.157.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 191.101.157.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 19 11:57:17.870628 2024] [security2:error] [pid 22106] [client 191.101.157.252:51862] [client 191.101.157.252] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mgtofficial.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mgtofficial.com"] [uri "/site/default/settings.php.BAK"] [unique_id "ZnL_3ZAVb5GrsBdfd1x_MgAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-06-19 14:44:01 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 191.101.157.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 191.101.157.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 19 10:43:54.880438 2024] [security2:error] [pid 32556:tid 47637592286976] [client 191.101.157.252:51058] [client 191.101.157.252] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|dermatologyresearch.org.aafm.us\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dermatologyresearch.org.aafm.us"] [uri "/site/default/settings.php.BAK"] [unique_id "ZnLuqhAggRsvAwmtX9qs9wAAAE0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-06-19 14:18:44 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 191.101.157.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 191.101.157.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 19 10:18:36.046526 2024] [security2:error] [pid 7651] [client 191.101.157.252:57222] [client 191.101.157.252] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|almudenastrust.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "almudenastrust.com"] [uri "/site/default/settings.php.BAK"] [unique_id "ZnLovOym_lHWv8stIhahdAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇷 hostseries	2024-06-19 10:37:51 (1 year ago)	Trigger: LF_MODSEC	Brute-Force
🇺🇸 TPI-Abuse	2024-06-19 09:44:11 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 191.101.157.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 191.101.157.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 19 05:44:06.497389 2024] [security2:error] [pid 31710] [client 191.101.157.252:46180] [client 191.101.157.252] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|fishleadership.org\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "fishleadership.org"] [uri "/site/default/settings.php.BAK"] [unique_id "ZnKoZkyTujfsCL8q9axEvQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇲🇾 Rizzy	2024-06-19 04:59:10 (1 year ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-06-19 01:35:53 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 191.101.157.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 191.101.157.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 18 21:35:46.630424 2024] [security2:error] [pid 19384] [client 191.101.157.252:33460] [client 191.101.157.252] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|markrudin.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "markrudin.com"] [uri "/site/default/settings.php.BAK"] [unique_id "ZnI18qKnDSiOAbnZ4ZjfGwAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 26 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 178.16.54.246

🇺🇸 142.248.80.209

🇺🇸 66.132.172.235

🇸🇬 47.82.8.192

🇸🇬 47.82.8.119

🇳🇱 45.148.10.157

🇦🇺 34.129.218.249

🇳🇱 23.176.184.152

🇨🇳 221.205.108.125

🇺🇸 193.3.53.6

🇺🇸 174.129.88.58

🇻🇳 110.172.29.157

🇻🇳 103.138.113.149

🇿🇦 102.134.116.198

🇩🇪 78.46.211.133

🇲🇾 49.124.151.43

🇺🇸 47.89.243.214

🇳🇱 45.148.10.151

🇬🇧 35.203.210.51

🇷🇴 2.57.122.177