JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 196.117.196.97

196.117.196.97 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 80%: ?

80%

ISP	2G/3G/4G Mobile Costumers
Usage Type	Fixed Line ISP
ASN	AS36925
Domain Name	orange.ma
Country	🇲🇦 Morocco
City	Casablanca, Casablanca-Settat

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 196.117.196.97

Whois 196.117.196.97

IP Abuse Reports for 196.117.196.97:

This IP address has been reported a total of 23 times from 17 distinct sources. 196.117.196.97 was first reported on May 29th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇱 SinaiCL	2026-05-30 20:27:13 (1 week ago)	Automated Nginx block. Attack type: Scan for config files. Total malicious requests: 23 across multi ... show more Automated Nginx block. Attack type: Scan for config files. Total malicious requests: 23 across multiple servers. show less	Bad Web Bot
🇭🇺 DumaNet	2026-05-30 04:33:00 (1 week ago)	Web app attack attempts, scanning for vulnerability. Date: 2026 May 30. 04:30:56 Source IP: 196.11 ... show more Web app attack attempts, scanning for vulnerability. Date: 2026 May 30. 04:30:56 Source IP: 196.117.196.97 Portion of the log(s): 196.117.196.97 - [30/May/2026:04:30:55 +0200] "GET /laravel/.env HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 196.117.196.97 - [30/May/2026:04:30:54 +0200] "GET /.env.example HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 196.117.196.97 - [30/May/2026:04:30:54 +0200] "GET /.env.dev HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 196.117.196.97 - [30/May/2026:04:30:53 +0200] "GET /.env.prod HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 196.117.196.97 - [30/May/2026:04:30:50 +0200] "GET /.env.staging HTTP/1.1" 404 555 show less	Web App Attack
🇬🇧 consul.to	2026-05-30 03:13:18 (1 week ago)	Web attack/malicious scanning detected	Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-05-30 02:08:01 (1 week ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [ice01,ice02]	Hacking Brute-Force Bad Web Bot Web App Attack
🇸🇬 anotherwatcher	2026-05-30 01:47:52 (1 week ago)	bad bot	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-30 01:46:06 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 196.117.196.97 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 196.117.196.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 21:45:58.913352 2026] [security2:error] [pid 2336:tid 2336] [client 196.117.196.97:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "globetechsecurities.com"] [uri "/.env"] [unique_id "ahpBVuNBW-CAsHxvuJ6kcAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-30 01:26:30 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 196.117.196.97 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 196.117.196.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 21:26:23.381182 2026] [security2:error] [pid 25208:tid 25208] [client 196.117.196.97:58962] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "blastjet.net"] [uri "/.env"] [unique_id "aho8vxyjC2utjOczDot8ZQAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-05-30 01:07:02 (1 week ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [wa01,wa02]	Bad Web Bot Web App Attack
🇮🇩 Burayot	2026-05-30 00:55:56 (1 week ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 196.117.196.97 (MA/Morocco/-): 1 in ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 196.117.196.97 (MA/Morocco/-): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-30 00:54:16 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 196.117.196.97 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 196.117.196.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 20:54:12.018565 2026] [security2:error] [pid 11595:tid 11595] [client 196.117.196.97:54458] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dixieaire.com"] [uri "/.env"] [unique_id "aho1NDvjpx7vR2vyQv1R5AAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-05-30 00:41:52 (1 week ago)	150 requests with url.path *.env	Brute-Force Bad Web Bot
Anonymous	2026-05-30 00:40:05 (1 week ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-05-30 00:32:53 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 196.117.196.97 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 196.117.196.97 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 20:32:46.698789 2026] [security2:error] [pid 7612:tid 7612] [client 196.117.196.97:64829] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "backyardbrickoven.com"] [uri "/.env"] [unique_id "ahowLnhpwObx46wT4pfofwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-05-30 00:29:06 (1 week ago)	Multiple WAF Violations	Web App Attack
Anonymous	2026-05-30 00:20:15 (1 week ago)	196.117.196.97 - - [30/May/2026:00:20:14 +0000] "GET //.env HTTP/1.1" 302 481 "-" "Mozilla/5.0 (Win ... show more 196.117.196.97 - - [30/May/2026:00:20:14 +0000] "GET //.env HTTP/1.1" 302 481 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Bad Web Bot Web App Attack

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 2404:6800:4003:c03::12b

🇺🇦 185.190.149.225

🇻🇳 103.186.101.237

🇺🇸 74.125.80.23

🇺🇸 52.188.189.6

🇺🇸 44.204.64.190

🇪🇸 5.61.202.77

🇺🇸 3.82.52.177

🇺🇸 216.172.190.116

🇺🇸 216.25.89.101

🇬🇧 198.244.242.252

🇬🇧 198.244.242.203

🇬🇧 185.247.137.203

🇩🇪 139.162.146.13

🇧🇩 103.171.68.74

🇸🇬 103.13.207.26

🇷🇺 95.165.27.83

🇺🇸 74.7.227.50

🇨🇳 59.175.155.252

🇨🇳 58.47.137.190