JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 94.158.244.248

94.158.244.248 was found in our database!

This IP was reported 52 times. Confidence of Abuse is 86%: ?

86%

ISP	MivoCloud
Usage Type	Data Center/Web Hosting/Transit
ASN	AS39798
Hostname(s)	no-rdns.mivocloud.com
Domain Name	mivocloud.com
Country	🇺🇸 United States of America
City	Bend, Oregon

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 94.158.244.248

Whois 94.158.244.248

IP Abuse Reports for 94.158.244.248:

This IP address has been reported a total of 52 times from 20 distinct sources. 94.158.244.248 was first reported on March 18th 2022, and the most recent report was 40 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Octopuce	2026-06-18 08:53:48 (40 minutes ago)	Aggressive web search of vulnerable pages: /.env /backup.sql /dump.sql /db.sql /database.sql /wp-con ... show more Aggressive web search of vulnerable pages: /.env /backup.sql /dump.sql /db.sql /database.sql /wp-content/backup-db/ ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 23:12:17 (10 hours ago)	(mod_security) mod_security (id:210730) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in th ... show more (mod_security) mod_security (id:210730) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 19:12:12.700974 2026] [security2:error] [pid 21278:tid 21278] [client 94.158.244.248:57788] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|drbolen.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "drbolen.com"] [uri "/backup.sql"] [unique_id "ajMpzP0V0ub3zF6768atMAAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 22:32:33 (11 hours ago)	(mod_security) mod_security (id:210730) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in th ... show more (mod_security) mod_security (id:210730) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 18:32:25.951449 2026] [security2:error] [pid 2197:tid 2197] [client 94.158.244.248:54494] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|dogarttoday.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dogarttoday.com"] [uri "/backup.sql"] [unique_id "ajMgeSbh94zGLd4Y7HaejwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 antlac1	2026-06-17 06:58:28 (1 day ago)	crowdsecurity/http-sensitive-files	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 01:18:57 (1 day ago)	(mod_security) mod_security (id:210730) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in th ... show more (mod_security) mod_security (id:210730) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 21:18:52.629520 2026] [security2:error] [pid 6448:tid 6448] [client 94.158.244.248:50464] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|harwoodmechanical.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "harwoodmechanical.com"] [uri "/wp-content/debug.log"] [unique_id "ajH1_PPKF0tFU7g_uu9sUgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 23:17:37 (1 day ago)	(mod_security) mod_security (id:210730) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in th ... show more (mod_security) mod_security (id:210730) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 19:17:29.480856 2026] [security2:error] [pid 20574:tid 20574] [client 94.158.244.248:42200] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|grandriverhomes.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "grandriverhomes.com"] [uri "/backup.sql"] [unique_id "ajHZiZlsqS3pBXjOiJCTMQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 21:45:49 (1 day ago)	(mod_security) mod_security (id:210730) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in th ... show more (mod_security) mod_security (id:210730) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 17:45:45.522149 2026] [security2:error] [pid 5525:tid 5525] [client 94.158.244.248:46614] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|gilgoinn.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gilgoinn.com"] [uri "/backup.sql"] [unique_id "ajHECeQTZ-G6lBwIk-wHTgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 16:55:17 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in th ... show more (mod_security) mod_security (id:210492) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 12:55:10.606646 2026] [security2:error] [pid 393:tid 393] [client 94.158.244.248:59184] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fgrotary.org"] [uri "/.env"] [unique_id "ajF_7nz3pkiDcjR_Ucq1pAAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 omc	2026-06-16 01:19:15 (2 days ago)	GET /wp-content/debug.log [Q4].	Bad Web Bot
🇺🇸 omc	2026-06-16 01:19:15 (2 days ago)	AH01797: Unauthorized file	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-16 01:02:41 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in th ... show more (mod_security) mod_security (id:210730) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 21:02:36.451869 2026] [security2:error] [pid 17400:tid 17400] [client 94.158.244.248:47748] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|nwtree.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nwtree.com"] [uri "/wp-content/debug.log"] [unique_id "ajCgrIfeWRYpZnU8dZSYEAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 23:15:00 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in th ... show more (mod_security) mod_security (id:210730) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 19:14:55.584871 2026] [security2:error] [pid 7312:tid 7333] [client 94.158.244.248:57956] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|nimbll.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nimbll.com"] [uri "/wp-content/debug.log"] [unique_id "ajCHbznPe1g_iZ1VFPBqpgAAAU0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 nationaleventpros.com	2026-06-15 21:20:23 (2 days ago)	vulnerability scan	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 14:13:14 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in th ... show more (mod_security) mod_security (id:210730) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 10:13:10.554484 2026] [security2:error] [pid 2805:tid 2805] [client 94.158.244.248:41194] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|lukeschicago.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lukeschicago.com"] [uri "/wp-content/debug.log"] [unique_id "ajAIdu0JNZSNUKoRWkUcbAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 11:25:03 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in th ... show more (mod_security) mod_security (id:210730) triggered by 94.158.244.248 (no-rdns.mivocloud.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 07:24:56.104084 2026] [security2:error] [pid 24389:tid 24389] [client 94.158.244.248:36784] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|lemoulinavent.org\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lemoulinavent.org"] [uri "/wp-content/debug.log"] [unique_id "ai_hCD6zIVFeNaq7CdO0CgAAABs"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 52 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 223.185.54.70

🇺🇸 173.194.103.18

🇺🇸 162.216.149.80

🇨🇳 117.70.49.18

🇺🇸 109.105.209.4

🇸🇬 97.74.87.152

🇵🇰 72.255.19.76

🇰🇷 59.24.133.197

🇺🇸 40.81.6.244

🇰🇷 14.55.31.113

🇰🇷 1.235.192.214

🇹🇿 197.250.51.42

🇩🇪 130.12.182.140

🇻🇳 103.75.183.177

🇮🇩 103.47.132.85

🇨🇳 101.96.200.79

🇳🇱 91.92.40.4

🇱🇹 81.30.98.44

🇸🇬 43.173.178.30

🇭🇰 8.217.200.130