JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 195.246.231.197

195.246.231.197 was found in our database!

This IP was reported 109 times. Confidence of Abuse is 53%: ?

53%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	1984 ehf
Usage Type	Data Center/Web Hosting/Transit
ASN	AS44925
Hostname(s)	vps-195-246-231-197.1984.is
Domain Name	1984.is
Country	🇮🇸 Iceland
City	Reykjavik, Capital Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 195.246.231.197

Whois 195.246.231.197

IP Abuse Reports for 195.246.231.197:

This IP address has been reported a total of 109 times from 45 distinct sources. 195.246.231.197 was first reported on August 10th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-11 09:49:18 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 195.246.231.197 (vps-195-246-231-197.1984.is): ... show more (mod_security) mod_security (id:210492) triggered by 195.246.231.197 (vps-195-246-231-197.1984.is): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 05:49:11.963911 2026] [security2:error] [pid 27277:tid 27277] [client 195.246.231.197:44018] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.sparkleluminous.com"] [uri "/.git/config"] [unique_id "aiqEl1hxY5_XL2xmNf52cQAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 nNordic	2026-06-09 10:19:14 (3 days ago)	Connection attempt blocked by IDS/IPS from 195.246.231.197/32	Hacking
🇺🇸 fortypoundhead	2026-06-05 09:57:53 (1 week ago)	Banned IP Address	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 09:01:38 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 195.246.231.197 (vps-195-246-231-197.1984.is): ... show more (mod_security) mod_security (id:210492) triggered by 195.246.231.197 (vps-195-246-231-197.1984.is): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 05:01:32.973746 2026] [security2:error] [pid 11408:tid 11408] [client 195.246.231.197:49886] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whore-cams.com"] [uri "/.git/config"] [unique_id "aiE-7AzTyeHqAXnw5BeSkQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 oncord	2026-06-03 14:18:58 (1 week ago)	Form spam	Web Spam
🇩🇪 Martin Lundstrom	2026-06-02 10:47:15 (1 week ago)	https://www.eagleeye-intelligence.com — IDS: network scan. Automatically detected and blocked.	Port Scan Web App Attack
🇫🇷 ✨	2026-06-02 01:26:11 (1 week ago)	Rule : PLESK BOT 2026-06-02 03:25:21 Unauthorized login attempt to Plesk Panel from IP 195.246.231.1 ... show more Rule : PLESK BOT 2026-06-02 03:25:21 Unauthorized login attempt to Plesk Panel from IP 195.246.231.197 with username admin show less	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 05:40:19 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 195.246.231.197 (vps-195-246-231-197.1984.is): ... show more (mod_security) mod_security (id:210730) triggered by 195.246.231.197 (vps-195-246-231-197.1984.is): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 01:40:12.889941 2026] [security2:error] [pid 1685:tid 1685] [client 195.246.231.197:59082] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|nealschonbiography.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nealschonbiography.com"] [uri "/dump.sql"] [unique_id "ahvJvCugU7jstcizYkkciAAAAAk"], referer: nealschonbiography.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-30 19:29:39 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 195.246.231.197 (vps-195-246-231-197.1984.is): ... show more (mod_security) mod_security (id:210730) triggered by 195.246.231.197 (vps-195-246-231-197.1984.is): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 15:29:33.737014 2026] [security2:error] [pid 21084:tid 21084] [client 195.246.231.197:54590] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|illinois-online.org\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "illinois-online.org"] [uri "/dump.sql"] [unique_id "ahs6nXWLa4TnIPv4ATsz2AAAAAI"], referer: illinois-online.org/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-29 11:51:23 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 195.246.231.197 (vps-195-246-231-197.1984.is): ... show more (mod_security) mod_security (id:210730) triggered by 195.246.231.197 (vps-195-246-231-197.1984.is): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 07:51:14.937522 2026] [security2:error] [pid 13807:tid 13818] [client 195.246.231.197:54840] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mentzlaw.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mentzlaw.com"] [uri "/dump.sql"] [unique_id "ahl9skRV3vLlqS0UAYAEvAAAAUc"], referer: mentzlaw.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-29 08:38:28 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 195.246.231.197 (vps-195-246-231-197.1984.is): ... show more (mod_security) mod_security (id:210730) triggered by 195.246.231.197 (vps-195-246-231-197.1984.is): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 04:38:20.056724 2026] [security2:error] [pid 9727:tid 9727] [client 195.246.231.197:48588] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|stufflebeam.name\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "stufflebeam.name"] [uri "/dump.sql"] [unique_id "ahlQfINLIyWBQj4DIUyDMgAAAAo"], referer: stufflebeam.name/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 SpaceHost-Server	2026-05-28 22:28:36 (2 weeks ago)		Brute-Force Web App Attack
🇫🇷 SpaceHost-Server	2026-05-27 22:27:28 (2 weeks ago)		Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-05-27 13:00:20 (2 weeks ago)	Plesk panel login attempt with forbidden username (root/admin), blocked by Fail2Ban in custom-plesk- ... show more Plesk panel login attempt with forbidden username (root/admin), blocked by Fail2Ban in custom-plesk-login jail show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-23 19:30:27 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 195.246.231.197 (vps-195-246-231-197.1984.is): ... show more (mod_security) mod_security (id:210730) triggered by 195.246.231.197 (vps-195-246-231-197.1984.is): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 23 15:30:23.437414 2026] [security2:error] [pid 14249:tid 14249] [client 195.246.231.197:47620] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|makegoodsausage.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "makegoodsausage.com"] [uri "/dump.sql"] [unique_id "ahIAT4CkvkYarB0dOiELFQAAAAI"], referer: makegoodsausage.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 109 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 91.230.168.170

🇰🇷 221.148.219.98

🇷🇴 193.32.162.16

🇩🇪 167.94.146.60

🇨🇳 123.173.5.4

🇮🇳 103.44.0.15

🇺🇸 66.240.236.116

🇸🇬 47.128.55.93

🇩🇪 45.135.141.22

🇺🇸 18.222.159.86

🇸🇬 8.219.221.108

🇺🇸 2600:1f18:3120:f505:3ee8:ba4e:12a3:1ce0

🇧🇷 200.185.204.43

🇧🇴 181.188.187.140

🇨🇳 118.213.34.132

🇨🇳 117.90.100.7

🇫🇮 65.108.149.206

🇹🇼 60.199.224.55

🇫🇷 54.38.241.200

🇩🇪 45.135.141.23