JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 197.234.221.191

197.234.221.191 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 12%: ?

12%

ISP	MTNB_197_234_221
Usage Type	Fixed Line ISP
ASN	AS37424
Domain Name	mtn.com
Country	🇧🇯 Benin
City	Cotonou, Littoral

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 197.234.221.191

Whois 197.234.221.191

IP Abuse Reports for 197.234.221.191:

This IP address has been reported a total of 13 times from 6 distinct sources. 197.234.221.191 was first reported on August 31st 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 netclix.gr	2026-06-19 02:33:53 (1 week ago)	(bot_kill_mega) Aggressive Bot Blocked: python 197.234.221.191 (BJ/Benin/-): 1 in the last 4600 secs ... show more (bot_kill_mega) Aggressive Bot Blocked: python 197.234.221.191 (BJ/Benin/-): 1 in the last 4600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 197.234.221.191 - - [19/Jun/2026:05:33:50 +0300] "GET /webmail HTTP/2.0" 403 86 "-" "python-requests/2.32.3" show less	Port Scan
🇩🇪 netclix.gr	2026-06-16 09:28:24 (1 week ago)	(bot_kill_mega) Aggressive Bot Blocked: python 197.234.221.191 (BJ/Benin/-): 1 in the last 4600 secs ... show more (bot_kill_mega) Aggressive Bot Blocked: python 197.234.221.191 (BJ/Benin/-): 1 in the last 4600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 197.234.221.191 - - [16/Jun/2026:12:28:22 +0300] "GET /webmail HTTP/2.0" 403 86 "-" "python-requests/2.32.3" show less	Port Scan
🇮🇱 spd.co.il	2026-06-16 07:01:43 (1 week ago)	Web application attack detected	Hacking Web App Attack
🇮🇹 VHosting	2025-12-22 22:07:37 (6 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH
🇺🇸 TPI-Abuse	2025-08-19 07:16:13 (10 months ago)	(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 19 03:16:07.468106 2025] [security2:error] [pid 968575:tid 968579] [client 197.234.221.191:43895] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.howardhallis.com\|F\|4"] [data "DTS Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.howardhallis.com"] [uri "/"] [unique_id "aKQkt4NGFOZdVBh6ZeDktAAAAEI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-19 06:44:39 (10 months ago)	(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 19 02:44:32.348190 2025] [security2:error] [pid 30035:tid 30035] [client 197.234.221.191:11152] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.uppermotradingco.com\|F\|4"] [data "DTS Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.uppermotradingco.com"] [uri "/"] [unique_id "aKQdUFN8e3pOaiSnU95c2AAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-19 06:19:37 (10 months ago)	(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 19 02:19:32.027450 2025] [security2:error] [pid 21292:tid 21292] [client 197.234.221.191:21274] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|aes-nihil.com\|F\|4"] [data "DTS Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "aes-nihil.com"] [uri "/"] [unique_id "aKQXdILYiuNch4UW2AMe8AAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-19 04:21:10 (10 months ago)	(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 19 00:21:04.980166 2025] [security2:error] [pid 18863:tid 18863] [client 197.234.221.191:33176] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.studioarts.net\|F\|4"] [data "DTS Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.studioarts.net"] [uri "/"] [unique_id "aKP7sDj7w9W0FFhWLciAwAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-19 04:03:36 (10 months ago)	(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 19 00:03:28.413393 2025] [security2:error] [pid 24258:tid 24258] [client 197.234.221.191:10884] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.spacebooger.com\|F\|4"] [data "DTS Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.spacebooger.com"] [uri "/"] [unique_id "aKP3kCW_hk_hXl2keXUacAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-19 01:40:30 (10 months ago)	(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 18 21:40:27.044467 2025] [security2:error] [pid 23970:tid 23970] [client 197.234.221.191:8158] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.esware.com\|F\|4"] [data "DTS Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.esware.com"] [uri "/"] [unique_id "aKPWC9figJS9D_iZLjjpegAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-19 01:04:15 (10 months ago)	(mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210831) triggered by 197.234.221.191 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 18 21:04:07.365926 2025] [security2:error] [pid 4187:tid 4187] [client 197.234.221.191:3099] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.dmasoftlab.com\|F\|4"] [data "DTS Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.dmasoftlab.com"] [uri "/cont/home"] [unique_id "aKPNh4g2FBOSU0UoI7Y45gAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 exxos	2025-08-18 19:03:01 (10 months ago)	Attacks with Bad user agents	Hacking
🇨🇭 zynex	2024-08-31 07:01:14 (1 year ago)	URL Probing: /xmlrpc.php	Web App Attack

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 212.30.36.84

🇹🇼 198.235.24.92

🇮🇹 72.146.1.254

🇸🇬 43.172.195.162

🇬🇧 35.203.210.233

🇫🇷 34.155.66.210

🇩🇪 212.30.36.83

🇭🇰 194.187.178.231

🇺🇸 172.239.62.109

🇮🇩 163.7.3.154

🇺🇸 108.181.62.226

🇺🇸 104.232.79.58

🇦🇪 95.182.93.67

🇷🇺 95.108.213.249

🇫🇷 85.217.140.43

🇳🇴 84.208.161.43

🇺🇸 66.132.195.74

🇩🇪 45.135.194.113

🇸🇬 43.172.196.124

🇩🇪 212.30.36.82