JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 196.206.70.147

196.206.70.147 was found in our database!

This IP was reported 44 times. Confidence of Abuse is 100%: ?

100%

ISP	Office National des Postes et Telecommunications ONPT (Maroc Telecom) / IAM
Usage Type	Fixed Line ISP
ASN	AS36903
Hostname(s)	adsl196-147-70-206-196.adsl196-3.iam.net.ma
Domain Name	iam.ma
Country	🇲🇦 Morocco
City	Kenitra, Rabat-Sale-Kenitra

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 196.206.70.147

Whois 196.206.70.147

IP Abuse Reports for 196.206.70.147:

This IP address has been reported a total of 44 times from 33 distinct sources. 196.206.70.147 was first reported on June 25th 2026, and the most recent report was 24 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 FeG Deutschland	2026-06-26 09:01:44 (24 minutes ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇪🇸 NullBlue	2026-06-26 08:52:55 (33 minutes ago)	Web app attack: scanning for secrets/exploits (.env/.git/PHPUnit CVE). Captured by NullBlue67 honeyp ... show more Web app attack: scanning for secrets/exploits (.env/.git/PHPUnit CVE). Captured by NullBlue67 honeypot. show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 08:47:43 (38 minutes ago)	(mod_security) mod_security (id:210492) triggered by 196.206.70.147 (adsl196-147-70-206-196.adsl196- ... show more (mod_security) mod_security (id:210492) triggered by 196.206.70.147 (adsl196-147-70-206-196.adsl196-3.iam.net.ma): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 04:47:40.586263 2026] [security2:error] [pid 22885:tid 22885] [client 196.206.70.147:47152] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cjmconsulting.net"] [uri "/.env"] [unique_id "aj48rN3jJ1yTzrbeIAW7ugAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 EDSL	2026-06-26 08:14:53 (1 hour ago)	[mail.edsl.fr] Blocked by SysWarden Firewall (Web Attack)	Web App Attack Hacking Port Scan
🇩🇰 swrlly	2026-06-26 08:13:33 (1 hour ago)	1 unauthorized webserver connection	Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 07:43:18 (1 hour ago)	(mod_security) mod_security (id:949110) triggered by 196.206.70.147 (adsl196-147-70-206-196.adsl196- ... show more (mod_security) mod_security (id:949110) triggered by 196.206.70.147 (adsl196-147-70-206-196.adsl196-3.iam.net.ma): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 03:43:14.106833 2026] [security2:error] [pid 14741:tid 14741] [client 196.206.70.147:48466] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "delcano.org"] [uri "/.env"] [unique_id "aj4tkob2EgX6cQVX5Lf1EQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 06:19:57 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 196.206.70.147 (adsl196-147-70-206-196.adsl196- ... show more (mod_security) mod_security (id:210492) triggered by 196.206.70.147 (adsl196-147-70-206-196.adsl196-3.iam.net.ma): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 02:19:53.192177 2026] [security2:error] [pid 21539:tid 21539] [client 196.206.70.147:38180] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sawmat.com"] [uri "/.env"] [unique_id "aj4aCds5YKfFaJaK8jfytwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 louis77	2026-06-26 06:04:16 (3 hours ago)	Sensitive file access attempt - Path: /.env, Method: GET, UA:	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-06-26 06:03:31 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 196.206.70.147 (adsl196-147-70-206-196.adsl196- ... show more (mod_security) mod_security (id:210492) triggered by 196.206.70.147 (adsl196-147-70-206-196.adsl196-3.iam.net.ma): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 02:03:26.709332 2026] [security2:error] [pid 17438:tid 17438] [client 196.206.70.147:60148] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "palmatrader.com"] [uri "/.env"] [unique_id "aj4WLpAU2Rz88-v2wtheEAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 05:47:26 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 196.206.70.147 (adsl196-147-70-206-196.adsl196- ... show more (mod_security) mod_security (id:210492) triggered by 196.206.70.147 (adsl196-147-70-206-196.adsl196-3.iam.net.ma): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 01:47:19.206142 2026] [security2:error] [pid 9422:tid 9422] [client 196.206.70.147:48896] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kmashburn.com"] [uri "/.env"] [unique_id "aj4SZzGjQ_bETcBfctHzuwAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 05:31:54 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 196.206.70.147 (adsl196-147-70-206-196.adsl196- ... show more (mod_security) mod_security (id:210492) triggered by 196.206.70.147 (adsl196-147-70-206-196.adsl196-3.iam.net.ma): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 01:31:50.064676 2026] [security2:error] [pid 17905:tid 17905] [client 196.206.70.147:45708] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "laecovillage.org"] [uri "/.env"] [unique_id "aj4OxsB9n-mOLr7JekBLsQAAADk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-26 05:09:57 (4 hours ago)	<jail> banned by fail2ban	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 05:08:33 (4 hours ago)	(mod_security) mod_security (id:210492) triggered by 196.206.70.147 (adsl196-147-70-206-196.adsl196- ... show more (mod_security) mod_security (id:210492) triggered by 196.206.70.147 (adsl196-147-70-206-196.adsl196-3.iam.net.ma): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 01:08:25.760291 2026] [security2:error] [pid 15702:tid 15702] [client 196.206.70.147:42924] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.edmontonareahomes.digitalracemedia.com"] [uri "/.env"] [unique_id "aj4JSZV9EJwxo27BEAAa4AAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 04:51:00 (4 hours ago)	(mod_security) mod_security (id:210492) triggered by 196.206.70.147 (adsl196-147-70-206-196.adsl196- ... show more (mod_security) mod_security (id:210492) triggered by 196.206.70.147 (adsl196-147-70-206-196.adsl196-3.iam.net.ma): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 00:50:54.009933 2026] [security2:error] [pid 20573:tid 20596] [client 196.206.70.147:56582] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aafm.us"] [uri "/.env"] [unique_id "aj4FLhMJmdcUdCUA6dI0sAAAARU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 Yachiyo Runami	2026-06-26 04:42:02 (4 hours ago)	Web Scan (L7) \| Paths: /.env \| Codes: 444(1x) \| rDNS: adsl196-147-70-206-196.adsl196-3.iam.net.ma \| ... show more Web Scan (L7) \| Paths: /.env \| Codes: 444(1x) \| rDNS: adsl196-147-70-206-196.adsl196-3.iam.net.ma \| F2B/angie-path-trap@2026-06-26T04:42:02Z show less	Bad Web Bot Web App Attack

Showing 1 to 15 of 44 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 189.15.10.179

🇺🇸 146.88.241.150

🇪🇸 93.93.115.224

🇮🇹 93.47.117.83

🇺🇸 50.19.8.63

🇺🇸 18.217.208.51

🇻🇳 14.225.206.187

🇦🇪 5.194.185.238

🇨🇴 201.236.197.103

🇳🇱 195.178.110.227

🇳🇱 188.166.61.47

🇳🇱 172.94.9.117

🇸🇬 145.223.130.244

🇮🇳 115.241.1.85

🇸🇬 114.119.140.29

🇺🇸 107.151.204.140

🇫🇷 92.51.165.122

🇫🇷 92.51.135.140

🇳🇱 45.148.10.157

🇰🇷 36.39.206.17