JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 64.71.161.154

64.71.161.154 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 85%: ?

85%

ISP	Yottaa, Inc
Usage Type	Data Center/Web Hosting/Transit
ASN	AS401742
Hostname(s)	154.0-24.161.71.64.in-addr.arpa
Domain Name	yottaa.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 64.71.161.154

Whois 64.71.161.154

IP Abuse Reports for 64.71.161.154:

This IP address has been reported a total of 24 times from 16 distinct sources. 64.71.161.154 was first reported on June 25th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 Peregrine	2026-06-27 03:13:56 (1 day ago)	Fail2Ban S3 Jail: tomcat-honeypot \| Evidence: - 64.71.161.154 - - [25/Jun/2026:06:43:27 -0300] "GET ... show more Fail2Ban S3 Jail: tomcat-honeypot \| Evidence: - 64.71.161.154 - - [25/Jun/2026:06:43:27 -0300] "GET /.env HTTP/1.1" 404 414 show less	Bad Web Bot
🇧🇾 lns.bz	2026-06-26 00:00:54 (2 days ago)	.env scanning [BY]	Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-25 22:08:02 (2 days ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01,ice02,mx01,mx02,m ... show more Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01,ice02,mx01,mx02,mx03] show less	Bad Web Bot Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-25 19:05:04 (2 days ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [wa01,wa02]	Hacking Brute-Force Bad Web Bot Web App Attack
🇳🇱 debestelapp	2026-06-25 17:08:24 (2 days ago)		Web App Attack
🇩🇪 maxpower	2026-06-25 16:34:29 (2 days ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 64.71.161.154 (US/United States/-): 2 in ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 64.71.161.154 (US/United States/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 64.71.161.154 - - [25/Jun/2026:18:34:24 +0200] "GET /.env HTTP/1.1" 403 146 "-" "python-requests/2.34.2" "-" host=51.77.95.119 64.71.161.154 - - [25/Jun/2026:18:34:25 +0200] "GET /.env HTTP/1.1" 403 146 "-" "python-requests/2.34.2" "-" host=51.77.95.119 show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-25 15:48:47 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 64.71.161.154 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 64.71.161.154 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 11:48:43.487102 2026] [security2:error] [pid 8389:tid 8389] [client 64.71.161.154:52684] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.16"] [uri "/.env"] [unique_id "aj1N2yn3w1URQwjYldQGJAAAADA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 15:21:22 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 64.71.161.154 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 64.71.161.154 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 11:21:16.340401 2026] [security2:error] [pid 22940:tid 22957] [client 64.71.161.154:62857] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.18"] [uri "/.env"] [unique_id "aj1HbB7G0dB2Z88UmO1IdwAAAI4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-25 15:09:16 (2 days ago)	Unauthorised traffic to honeypot	Port Scan
🇫🇷 dynamix	2026-06-25 14:23:29 (2 days ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 13:23:01 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 64.71.161.154 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 64.71.161.154 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 09:22:54.333765 2026] [security2:error] [pid 10917:tid 10917] [client 64.71.161.154:61257] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.109"] [uri "/.env"] [unique_id "aj0rriwafBiaVTQ3Qj1LugAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 NXTwoThou	2026-06-25 12:38:03 (3 days ago)	/.env	Web App Attack
🇩🇪 Yachiyo Runami	2026-06-25 12:05:07 (3 days ago)	Port Scan on Honeypot \| Ports: 80/HTTP \| Proto: TCP(1) \| Flags: all SYN \| TTL: 108 \| Len: 52B \| Win: ... show more Port Scan on Honeypot \| Ports: 80/HTTP \| Proto: TCP(1) \| Flags: all SYN \| TTL: 108 \| Len: 52B \| Win: 65535(1) \| rDNS: 154.0-24.161.71.64.in-addr.arpa \| F2B/ufw-honeypot@2026-06-25T12:05:07Z show less	Port Scan Hacking
🇧🇷 diego	2026-06-25 11:25:20 (3 days ago)	[probe-44-49] 2026-06-25 11:10:02, Client: 64.71.161.154, Protocol: 6, Unauthorized activity to HTTP ... show more [probe-44-49] 2026-06-25 11:10:02, Client: 64.71.161.154, Protocol: 6, Unauthorized activity to HTTP: GET /.env show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 11:06:56 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 64.71.161.154 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 64.71.161.154 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 07:06:52.280376 2026] [security2:error] [pid 10341:tid 10341] [client 64.71.161.154:56282] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.139"] [uri "/.env"] [unique_id "aj0LzFtgId7DW9LsjBMrjQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.163.125.88

🇺🇸 184.105.247.254

🇺🇸 141.11.88.7

🇨🇳 117.79.226.11

🇧🇩 103.154.158.70

🇺🇸 50.114.172.201

🇮🇳 49.207.40.162

🇺🇸 20.80.72.204

🇺🇸 18.221.210.229

🇨🇳 222.73.29.109

🇸🇳 196.207.227.254

🇺🇸 66.132.195.91

🇺🇸 35.233.171.222

🇺🇸 34.230.172.146

🇨🇴 201.182.248.78

🇺🇸 192.178.65.24

🇺🇸 191.101.188.66

🇮🇹 172.253.13.153

🇺🇸 64.62.156.102

🇸🇮 31.57.184.247