JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 91.239.78.97

91.239.78.97 was found in our database!

This IP was reported 37 times. Confidence of Abuse is 66%: ?

66%

ISP	SOLLUTIUM EU Sp z.o.o.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS6698
Hostname(s)	dedicated.vsys.host
Domain Name	sollutium.com
Country	🇺🇦 Ukraine
City	Kyiv, Kyiv City

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 91.239.78.97

Whois 91.239.78.97

IP Abuse Reports for 91.239.78.97:

This IP address has been reported a total of 37 times from 18 distinct sources. 91.239.78.97 was first reported on May 19th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-05-22 22:01:18 (2 weeks ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-21. show less	Web App Attack SSH Hacking
🇺🇸 Matthew Ping	2026-05-22 08:45:01 (2 weeks ago)	ModSecurity rule 949110 triggered on wp2. Web application attack blocked by CSF/LFD.	Web App Attack Hacking
🇩🇪 IVski	2026-05-22 04:04:47 (2 weeks ago)	IVski WAF \| Sensitive file probe detected - looking for .env	Port Scan Brute-Force Web App Attack
🇩🇪 CK_beats	2026-05-22 00:45:05 (2 weeks ago)	Blocked by os-abuseipdb on OPNsense firewall KN-FW01; 91 hits, proto=tcp, ports=443	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-05-21 23:59:50 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 91.239.78.97 (dedicated.vsys.host): 1 in the la ... show more (mod_security) mod_security (id:210492) triggered by 91.239.78.97 (dedicated.vsys.host): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 19:59:42.958755 2026] [security2:error] [pid 27098:tid 27098] [client 91.239.78.97:51991] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.chipnado.fractalsky.com"] [uri "/.env.development"] [unique_id "ag-cbkBBgR7x0x8s0OB45AAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-21 22:02:19 (2 weeks ago)	Auto-ban: >3000 req/min op 2026-05-21	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-21 20:27:15 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 91.239.78.97 (dedicated.vsys.host): 1 in the la ... show more (mod_security) mod_security (id:210492) triggered by 91.239.78.97 (dedicated.vsys.host): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 16:27:10.984768 2026] [security2:error] [pid 31032:tid 31032] [client 91.239.78.97:34735] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.bridgeofheartscaregivers.com.jbcllcnet.com"] [uri "/.env"] [unique_id "ag9qnmn9VEPKJcYWJs_nIgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 18:29:15 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 91.239.78.97 (dedicated.vsys.host): 1 in the la ... show more (mod_security) mod_security (id:210492) triggered by 91.239.78.97 (dedicated.vsys.host): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 14:29:08.861496 2026] [security2:error] [pid 4318:tid 4333] [client 91.239.78.97:49707] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.billgiegold.uoexpanse.com"] [uri "/.env"] [unique_id "ag9O9K9jKudokDTt-tVgoAAAAEo"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-05-21 16:39:55 (2 weeks ago)	493 requests with url.path *.env	Brute-Force Bad Web Bot
🇧🇷 dominioz	2026-05-21 16:29:11 (2 weeks ago)	2026-05-21 16:28:38 GET /.env - - 91.239.78.97 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+Ap ... show more 2026-05-21 16:28:38 GET /.env - - 91.239.78.97 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36 - 404 34424 2026-05-21 16:28:39 GET /.env.local - - 91.239.78.97 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36 - 404 34424 2026-05-21 16:28:40 GET /.env.production - - 91.239.78.97 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36 - 404 34424 2026-05-21 16:28:41 GET /.env.development - - 91.239.78.97 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+AppleWebKit/537.36 - 404 34424 ... show less	Web App Attack
🇪🇸 pipeline.es	2026-05-21 15:47:22 (2 weeks ago)	Web scanning / probing for vulnerable paths \| URL: /app/.env \| Evidence: avesviagens.pt 91.239.78.97 ... show more Web scanning / probing for vulnerable paths \| URL: /app/.env \| Evidence: avesviagens.pt 91.239.78.97 - - [21/May/2026:17:45:49 +0200] \"GET /app/.env HTTP/1.1\" 404 20902 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36\" GEOIP_COUNTRY_CODE=UA \| ASN: Virtual Systems LLC \| Country: UA show less	Port Scan Web App Attack
🇩🇪 grassau.com	2026-05-21 12:50:26 (2 weeks ago)	(mod_security) mod_security triggered on hostname [redacted] 91.239.78.97 (UA/Ukraine/Kyiv City/Kyiv ... show more (mod_security) mod_security triggered on hostname [redacted] 91.239.78.97 (UA/Ukraine/Kyiv City/Kyiv/dedicated.vsys.host) show less	SQL Injection
🇩🇪 Savvii	2026-05-21 11:33:28 (2 weeks ago)	20 attempts against mh-misbehave-ban on bush	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 11:15:15 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 91.239.78.97 (dedicated.vsys.host): 1 in the la ... show more (mod_security) mod_security (id:210492) triggered by 91.239.78.97 (dedicated.vsys.host): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 07:15:08.928923 2026] [security2:error] [pid 15676:tid 15676] [client 91.239.78.97:39163] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.alfredintelligence.com.kerbros.com"] [uri "/.env"] [unique_id "ag7pPOa8jf9ty-f2zkOuaAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-05-21 11:10:51 (2 weeks ago)	Multiple WAF Violations	Web App Attack

Showing 1 to 15 of 37 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇺 185.42.24.228

🇨🇳 111.61.87.70

🇮🇳 103.253.148.154

🇮🇷 84.47.209.39

🇺🇸 23.95.191.250

🇰🇷 223.130.140.86

🇩🇪 213.209.159.236

🇺🇸 172.174.72.225

🇫🇷 161.97.77.98

🇯🇵 124.99.133.45

🇺🇸 64.94.156.226

🇸🇬 47.128.54.63

🇬🇧 35.203.210.44

🇰🇷 222.232.176.7

🇵🇭 222.127.251.23

🇧🇪 207.175.2.26

🇺🇸 207.90.244.17

🇺🇸 172.185.24.228

🇪🇬 154.182.249.191

🇺🇸 143.198.238.87