JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 31.220.79.216

31.220.79.216 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 100%: ?

100%

ISP	Contabo GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS51167
Hostname(s)	vmi3338816.contaboserver.net
Domain Name	contabo.com
Country	🇫🇷 France
City	Lauterbourg, Grand Est

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 31.220.79.216

Whois 31.220.79.216

IP Abuse Reports for 31.220.79.216:

This IP address has been reported a total of 31 times from 25 distinct sources. 31.220.79.216 was first reported on June 15th 2026, and the most recent report was 11 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 boxed-it	2026-06-17 03:38:26 (11 hours ago)	GET /.env (Tarpitted for 1d15h8m33s, wasted 8.06MB)	Web App Attack
🇬🇧 andypiper	2026-06-16 01:01:08 (1 day ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇺🇸 mnsf	2026-06-16 00:15:42 (1 day ago)	Abuse Detected (9)	Brute-Force Web App Attack
🇮🇩 sockominfo	2026-06-15 22:00:53 (1 day ago)	Access to sensitive configuration files detected., Access to sensitive files detected w/ specific bo ... show more Access to sensitive configuration files detected., Access to sensitive files detected w/ specific boundary.. Threat Score: 5.6/10 (MEDIUM). Confidence: 40%. CVSS v3.1: 2.9/10 (Low). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Bayesian Probability: 68%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-15 21:00:09 (1 day ago)	Access to sensitive configuration files detected.. Threat Score: 6.9/10 (MEDIUM). Reported by Tanger ... show more Access to sensitive configuration files detected.. Threat Score: 6.9/10 (MEDIUM). Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇩🇪 ghostwarriors	2026-06-15 20:20:16 (1 day ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇩🇪 4server	2026-06-15 19:08:36 (1 day ago)	[MonJun1521:08:30.9111372026][security2:error][pid72772:tid72901][client31.220.79.216:0]ModSecurity: ... show more [MonJun1521:08:30.9111372026][security2:error][pid72772:tid72901][client31.220.79.216:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\\|passwd\\|group$\\|www_\?acl\)\\|global\\\\\\\\.asa\\|httpd\\\\\\\\.conf\\|boot\\\\\\\\.ini\\|web.config\)\\\\\\\\b\\|$\\|\^\\|\\\\\\\\.\\\\\\\\.$/etc/\\|/\\\\\\\\.$\?:history\\|bash_history\\|sh_history\\|env$\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"traslocaresubito.ch\"][uri\"/api/.env\"][unique_id\"ajBNrjVzCSaofMNQw-JkGgAAAMM\"] show less	Port Scan Brute-Force Web App Attack
🇨🇭 4server	2026-06-15 18:31:56 (1 day ago)	[MonJun1520:31:52.8882202026][security2:error][pid256120:tid256292][client31.220.79.216:0]ModSecurit ... show more [MonJun1520:31:52.8882202026][security2:error][pid256120:tid256292][client31.220.79.216:0]ModSecurity:Accessdeniedwithcode403$phase1$.Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"aeapcl.ch\"][uri\"/.env\"][unique_id\"ajBFGL4_KQHHJajv0kqB9AAAAII\"] show less	Hacking Web App Attack
🇧🇪 cmbplf	2026-06-15 17:46:15 (1 day ago)	3.606 requests with url.path *.env	Brute-Force Bad Web Bot
🇺🇸 xxkodedxx	2026-06-15 17:44:42 (1 day ago)	[Zorvexus edge-defense] GET .env / WordPress honeypot probe Trigger: 1× honeypot-get in 10m window. ... show more [Zorvexus edge-defense] GET .env / WordPress honeypot probe Trigger: 1× honeypot-get in 10m window. Active: 17:44:07→17:44:08 UTC Volume: 6 honeypot probe(s) Bait taken: /api/.env, /.env, /functions/.env UA: "Go-http-client/1.1" Auto-banned 30d. zorvexus-banner. show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 17:15:50 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 31.220.79.216 (vmi3338816.contaboserver.net): 1 ... show more (mod_security) mod_security (id:210492) triggered by 31.220.79.216 (vmi3338816.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 13:15:46.578732 2026] [security2:error] [pid 14999:tid 15020] [client 31.220.79.216:41536] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "re52s.com"] [uri "/.env"] [unique_id "ajAzQpsxgEJ_VaBoa8sohgAAAI8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-15 17:11:04 (1 day ago)	Bot / scanning and/or hacking attempts: GET /.env HTTP/1.1, GET /api/.env HTTP/1.1, GET /functions/. ... show more Bot / scanning and/or hacking attempts: GET /.env HTTP/1.1, GET /api/.env HTTP/1.1, GET /functions/.env HTTP/1.1 show less	Hacking Web App Attack
🇷🇺 Mga Admin	2026-06-15 16:47:28 (1 day ago)	31.220.79.216 - - [15/Jun/2026:23:47:28 +0700] "GET /api/.env HTTP/1.1" 404 69 "-" "Go-http-client/1 ... show more 31.220.79.216 - - [15/Jun/2026:23:47:28 +0700] "GET /api/.env HTTP/1.1" 404 69 "-" "Go-http-client/1.1" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 16:43:39 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 31.220.79.216 (vmi3338816.contaboserver.net): 1 ... show more (mod_security) mod_security (id:210492) triggered by 31.220.79.216 (vmi3338816.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:43:29.893723 2026] [security2:error] [pid 15991:tid 15991] [client 31.220.79.216:54138] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fundingworkingcapital.com"] [uri "/functions/.env"] [unique_id "ajArsYTCoQute8wkQTKHywAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-15 15:00:03 (2 days ago)	suspicious request in access.log	Web App Attack

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 222.247.32.186

🇮🇷 213.176.122.32

🇺🇸 152.232.101.135

🇨🇳 117.62.22.127

🇻🇳 117.6.44.221

🇭🇰 101.36.112.101

🇨🇳 47.93.82.70

🇺🇸 193.3.53.5

🇺🇸 152.32.150.26

🇨🇳 118.81.202.224

🇨🇳 117.50.51.198

🇨🇳 115.63.48.156

🇬🇧 95.141.17.63

🇧🇬 79.124.58.106

🇺🇸 65.49.1.69

🇨🇳 58.242.190.39

🇭🇰 45.249.247.165

🇱🇹 45.227.254.170

🇳🇱 45.148.10.157

🇿🇲 41.63.62.103