JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 196.64.209.93

196.64.209.93 was found in our database!

This IP was reported 63 times. Confidence of Abuse is 100%: ?

100%

ISP	Office National des Postes et Telecommunications ONPT (Maroc Telecom) / IAM
Usage Type	Fixed Line ISP
ASN	AS36903
Domain Name	iam.ma
Country	🇲🇦 Morocco
City	Kenitra, Rabat-Sale-Kenitra

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 196.64.209.93

Whois 196.64.209.93

IP Abuse Reports for 196.64.209.93:

This IP address has been reported a total of 63 times from 48 distinct sources. 196.64.209.93 was first reported on June 20th 2026, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 openstrike.co.uk	2026-06-22 05:13:44 (3 hours ago)	3 attacks on env grabbing URLs: GET /.env HTTP/1.1	Hacking
🇳🇱 homeshowdomain.nl	2026-06-21 21:59:54 (11 hours ago)	Auto-ban: >3000 req/min op 2026-06-21	Web App Attack SSH Hacking
🇩🇪 4server	2026-06-21 21:33:02 (11 hours ago)	[SunJun2123:32:57.7727982026][security2:error][pid757184:tid757207][client196.64.209.93:0]ModSecurit ... show more [SunJun2123:32:57.7727982026][security2:error][pid757184:tid757207][client196.64.209.93:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\\|passwd\\|group$\\|www_\?acl\)\\|global\\\\\\\\.asa\\|httpd\\\\\\\\.conf\\|boot\\\\\\\\.ini\\|web.config\)\\\\\\\\b\\|$\\|\^\\|\\\\\\\\.\\\\\\\\.$/etc/\\|/\\\\\\\\.$\?:history\\|bash_history\\|sh_history\\|env$\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"autodiscover.gmint.ch\"][uri\"/.env\"][unique_id\"ajhYiZxZft59LcLjE0oPNQAAAJM\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 Matthew Ping	2026-06-21 21:00:02 (12 hours ago)	ModSecurity rule 949110 triggered on dedicated. Web application attack blocked by CSF/LFD.	Web App Attack Hacking
🇱🇻 garmtech.com	2026-06-21 20:50:40 (12 hours ago)	Attempted access to sensitive endpoint (/.env) detected. Automated scan or unauthorized probing.	Web App Attack
🇩🇪 Interceptor_HQ	2026-06-21 20:43:46 (12 hours ago)	request_uri: /.env -- automatic report --	Brute-Force Hacking
🇳🇱 wlt-blocker	2026-06-21 20:42:55 (12 hours ago)	Unauthorized access to webpage admin	Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 20:40:46 (12 hours ago)	(mod_security) mod_security (id:210492) triggered by 196.64.209.93 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 196.64.209.93 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 16:40:41.568582 2026] [security2:error] [pid 15917:tid 15917] [client 196.64.209.93:64990] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nmorganist.org"] [uri "/.env"] [unique_id "ajhMSVUlryIHxdFOUZ9XCwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 mravb	2026-06-21 19:45:10 (13 hours ago)	196.64.209.93 - - [21/Jun/2026:22:45:09 +0300] "GET /.env HTTP/1.1" 404 143 "-" "-" ...	Web App Attack Hacking
Anonymous	2026-06-21 19:25:51 (13 hours ago)	"GET /.env HTTP/1.1"	Hacking Web App Attack
Anonymous	2026-06-21 19:25:10 (13 hours ago)	IP banned by Fail2Ban in jail nginx-abusive-ips	Web App Attack Brute-Force Bad Web Bot
🇺🇦 URAN Publishing Service	2026-06-21 19:21:13 (13 hours ago)	196.64.209.93 - - [21/Jun/2026:22:21:13 +0300] "GET /.env HTTP/1.1" 404 4664 "-" "-" ...	Web App Attack
🇳🇱 BlueWire Hosting	2026-06-21 19:16:22 (13 hours ago)	Probing websites for vulnerabilities	Web App Attack
🇺🇸 Rip	2026-06-21 19:01:09 (14 hours ago)	Restricted File Access Attempts	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 18:17:18 (14 hours ago)	(mod_security) mod_security (id:210492) triggered by 196.64.209.93 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 196.64.209.93 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 14:17:13.879341 2026] [security2:error] [pid 6346:tid 6364] [client 196.64.209.93:59468] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thomas.kiehnefamily.us"] [uri "/.env"] [unique_id "ajgqqfJWjGr-N9mPGVbtYAAAARA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 63 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 187.111.28.131

🇹🇭 118.194.250.31

🇷🇺 95.142.47.113

🇦🇿 212.47.133.7

🇫🇷 207.180.226.58

🇩🇪 193.124.20.250

🇧🇷 179.63.63.213

🇧🇷 179.49.92.162

🇺🇸 147.182.202.179

🇮🇳 117.247.65.196

🇳🇱 91.92.40.52

🇮🇷 85.198.19.251

🇩🇪 85.93.9.218

🇺🇸 64.62.156.122

🇺🇸 47.251.86.188

🇪🇬 41.38.96.28

🇮🇱 2.54.85.220

🇧🇷 216.28.246.71

🇺🇸 192.153.70.243

🇱🇺 185.6.233.156