JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 196.117.167.147

196.117.167.147 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 51%: ?

51%

ISP	2G/3G/4G Mobile Costumers
Usage Type	Fixed Line ISP
ASN	AS36925
Domain Name	orange.ma
Country	🇲🇦 Morocco
City	Casablanca, Casablanca-Settat

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 196.117.167.147

Whois 196.117.167.147

IP Abuse Reports for 196.117.167.147:

This IP address has been reported a total of 11 times from 8 distinct sources. 196.117.167.147 was first reported on June 7th 2026, and the most recent report was 11 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇹 NonOggiCaroMio	2026-06-08 00:15:01 (11 hours ago)	Arruso ca si: crowdsecurity/http-sensitive-files	Brute-Force
🇺🇸 TPI-Abuse	2026-06-07 21:16:06 (14 hours ago)	(mod_security) mod_security (id:210492) triggered by 196.117.167.147 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 196.117.167.147 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 17:15:59.726536 2026] [security2:error] [pid 6345:tid 6345] [client 196.117.167.147:51343] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sekelconsulting.com"] [uri "/.env"] [unique_id "aiXfj8lC2WjBfzkCs-iVGQAAAAI"], referer: https://www.yahoo.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 inlink.ltd	2026-06-07 20:49:14 (14 hours ago)	dot file probe	Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 20:47:55 (14 hours ago)	(mod_security) mod_security (id:210492) triggered by 196.117.167.147 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 196.117.167.147 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 16:47:50.755434 2026] [security2:error] [pid 27853:tid 27853] [client 196.117.167.147:62995] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "heytechiesshow.com"] [uri "/.env"] [unique_id "aiXY9vjzILOGtN_-ItvQGgAAAAc"], referer: https://duckduckgo.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-06-07 20:24:04 (15 hours ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 18:20:13 (17 hours ago)	(mod_security) mod_security (id:210492) triggered by 196.117.167.147 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 196.117.167.147 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 14:20:09.731214 2026] [security2:error] [pid 28420:tid 28436] [client 196.117.167.147:64927] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "skillcert.org"] [uri "/.env"] [unique_id "aiW2WalRVUpFwtUnBgshhAAAAA0"], referer: https://www.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-07 18:05:16 (17 hours ago)	Abuse Detected (4)	Brute-Force Web App Attack
🇩🇪 ramazan	2026-06-07 17:55:42 (17 hours ago)	Fail2Ban: nginx-4xx \| Failures: 10 \| Log: /.env /.env.backup /.env.bak /.env.local /.env.production	Web App Attack Hacking
🇫🇷 Baking333	2026-06-07 17:54:30 (17 hours ago)	redacted:80 196.117.167.147 - - [07/Jun/2026:18:54:29 +0100] "GET /.env HTTP/1.1" 200 203 0/21648 "h ... show more redacted:80 196.117.167.147 - - [07/Jun/2026:18:54:29 +0100] "GET /.env HTTP/1.1" 200 203 0/21648 "https://[redacted]/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" redacted:80 196.117.167.147 - - [07/Jun/2026:18:54:29 +0100] "GET /public/.env HTTP/1.1" 200 202 0/19311 "https://[redacted]/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" show less	Bad Web Bot Web App Attack
🇫🇷 GabrielJST	2026-06-07 16:31:15 (19 hours ago)	(mod_security) mod_security triggered on hostname [redacted] 196.117.167.147 (MA/Morocco/-): (CF_EN ... show more (mod_security) mod_security triggered on hostname [redacted] 196.117.167.147 (MA/Morocco/-): (CF_ENABLE) show less	SQL Injection
🇺🇸 mnsf	2026-06-07 16:05:16 (19 hours ago)	Scanning/Probing (28)	Brute-Force Web App Attack

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 178.16.52.163

🇮🇳 168.144.148.219

🇵🇪 161.132.50.236

🇭🇰 146.70.79.47

🇮🇳 125.19.253.154

🇺🇸 69.74.29.21

🇺🇸 64.62.197.197

🇹🇼 35.201.245.21

🇦🇺 34.151.155.12

🇶🇦 20.173.116.24

🇳🇱 5.83.143.115

🇮🇷 80.210.47.222

🇧🇬 78.128.114.82

🇹🇳 41.225.238.233

🇬🇭 154.161.253.113

🇩🇪 150.241.68.127

🇨🇳 125.124.183.254

🇱🇹 81.30.98.158

🇺🇸 65.49.1.212

🇩🇪 46.225.237.210