JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.5.38.6

191.5.38.6 was found in our database!

This IP was reported 25 times. Confidence of Abuse is 28%: ?

28%

ISP	SEMPRE TELECOMUNICACOES LTDA
Usage Type	Fixed Line ISP
ASN	AS28198
Hostname(s)	191-5-38-6.sempre.tec.br
Domain Name	sempre.tec.br
Country	🇧🇷 Brazil
City	Sete Lagoas, Minas Gerais

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.5.38.6

Whois 191.5.38.6

IP Abuse Reports for 191.5.38.6:

This IP address has been reported a total of 25 times from 13 distinct sources. 191.5.38.6 was first reported on November 6th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇦 leithzz	2026-06-06 13:09:13 (1 day ago)	Report by Cloudflare.Time: 2026-06-06T13:08:13Z	DDoS Attack
🇨🇦 leithzz	2026-05-31 19:20:40 (1 week ago)	Report by Cloudflare.Time: 2026-05-31T19:19:22Z	DDoS Attack
🇷🇴 Fn4ticHz	2026-05-30 15:41:27 (1 week ago)	DDoS blocked via ZeroGuard.ID	DDoS Attack Exploited Host
🇩🇪 SMARTNET	2026-05-27 06:03:53 (1 week ago)	Aisuru(Mirai variant) DDoS \| Incident ID: 22ada211-5b5c-463a-b46f-60fd11dc639d	DDoS Attack
🇸🇬 volcaryx	2026-05-25 12:02:29 (1 week ago)	Cloudflare detected an L7 DDoS attack (l7ddos) from BR. Action: BLOCK \| Protocol: HTTP/2 (GET) \| End ... show more Cloudflare detected an L7 DDoS attack (l7ddos) from BR. Action: BLOCK \| Protocol: HTTP/2 (GET) \| Endpoint: / \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	DDoS Attack Bad Web Bot
🇷🇴 Fn4ticHz	2026-05-09 14:01:56 (4 weeks ago)	Repeated DDoS targeted -- ZeroGuard X ManagedSRV	DDoS Attack Exploited Host
🇺🇸 cheatmaster.store	2026-05-08 11:34:51 (4 weeks ago)	Proxy parsed from 191.5.38.6:54121	Brute-Force SSH
🇩🇪 grassau.com	2026-03-20 15:37:51 (2 months ago)	(mod_security) mod_security triggered on hostname [redacted] 191.5.38.6 (BR/Brazil/Minas Gerais/Brum ... show more (mod_security) mod_security triggered on hostname [redacted] 191.5.38.6 (BR/Brazil/Minas Gerais/Brumadinho/191-5-38-6.sempre.tec.br) show less	SQL Injection
🇺🇸 COMPLEX	2026-01-26 01:07:23 (4 months ago)	Triggered Cloudflare WAF (l7ddos) from BR. Action taken: BLOCK ASN: undefined (undefined) Protocol: ... show more Triggered Cloudflare WAF (l7ddos) from BR. Action taken: BLOCK ASN: undefined (undefined) Protocol: HTTP/2 (GET method) Endpoint: / UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:146.0) Gecko/20100101 Firefox/146.0 show less	DDoS Attack Bad Web Bot
🇮🇹 VHosting	2025-12-30 13:28:17 (5 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH
🇨🇭 Modules	2025-12-16 01:28:13 (5 months ago)	Open proxy http://191.5.38.6:54121 (RT:24185ms,Loc:Brazil,ASN:AS28198)	Open Proxy
🇺🇸 TPI-Abuse	2025-12-13 01:11:11 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 191.5.38.6 (191-5-38-6.sempre.tec.br): 1 in the ... show more (mod_security) mod_security (id:210492) triggered by 191.5.38.6 (191-5-38-6.sempre.tec.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 12 20:11:08.103249 2025] [security2:error] [pid 8495:tid 8495] [client 191.5.38.6:34166] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "86mountaineers.net"] [uri "/.env.local"] [unique_id "aTy9LOijigEu-0HtXyODQQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-12 07:16:05 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 191.5.38.6 (191-5-38-6.sempre.tec.br): 1 in the ... show more (mod_security) mod_security (id:210492) triggered by 191.5.38.6 (191-5-38-6.sempre.tec.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 12 02:15:53.975114 2025] [security2:error] [pid 6197:tid 6197] [client 191.5.38.6:43109] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "purrple.ink"] [uri "/.env"] [unique_id "aTvBKeScwmFvMMHK9089MgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-11 17:37:23 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 191.5.38.6 (191-5-38-6.sempre.tec.br): 1 in the ... show more (mod_security) mod_security (id:210492) triggered by 191.5.38.6 (191-5-38-6.sempre.tec.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 11 12:37:05.895280 2025] [security2:error] [pid 12570:tid 12676] [client 191.5.38.6:41006] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pattinauction.com"] [uri "/.env"] [unique_id "aTsBQR1zoSazW4Sc3PDjTwAAAUo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-11 15:18:07 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 191.5.38.6 (191-5-38-6.sempre.tec.br): 1 in the ... show more (mod_security) mod_security (id:210492) triggered by 191.5.38.6 (191-5-38-6.sempre.tec.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 11 10:17:59.565142 2025] [security2:error] [pid 13468:tid 13468] [client 191.5.38.6:52815] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "srippy.com"] [uri "/.env"] [unique_id "aTrgpwrXMTASnVruR-zXagAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 25 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 205.210.31.143

🇩🇪 139.59.130.75

🇺🇸 104.152.52.211

🇸🇬 103.187.146.90

🇺🇸 98.159.37.187

🇮🇹 95.250.241.71

🇫🇷 91.231.89.145

🇫🇷 85.217.140.43

🇱🇹 81.30.98.158

🇧🇬 79.124.62.230

🇳🇱 45.142.193.169

🇫🇮 35.228.25.239

🇺🇸 3.128.171.252

🇺🇸 2604:a880:400:d1:0:4:8bf1:1001

🇬🇧 217.146.80.121

🇮🇳 182.95.124.206

🇨🇳 122.233.221.48

🇷🇺 81.211.72.167

🇺🇸 66.132.172.147

🇸🇬 47.84.130.53