JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 91.239.78.118

91.239.78.118 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 31%: ?

31%

ISP	SOLLUTIUM EU Sp z.o.o.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS6698
Hostname(s)	dedicated.vsys.host
Domain Name	sollutium.com
Country	🇺🇦 Ukraine
City	Kyiv, Kyiv City

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 91.239.78.118

Whois 91.239.78.118

IP Abuse Reports for 91.239.78.118:

This IP address has been reported a total of 10 times from 6 distinct sources. 91.239.78.118 was first reported on May 19th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-05-20 22:04:00 (2 weeks ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-19. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-20 17:13:08 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 91.239.78.118 (dedicated.vsys.host): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 91.239.78.118 (dedicated.vsys.host): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 13:13:04.225654 2026] [security2:error] [pid 19706:tid 19706] [client 91.239.78.118:44059] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.thomaschemical.com"] [uri "/.env"] [unique_id "ag3roPyHerQSFW9rDrus0QAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 CK_beats	2026-05-20 16:10:04 (2 weeks ago)	Blocked by os-abuseipdb on OPNsense firewall KN-FW01; 45 hits, proto=tcp, ports=443	Port Scan Hacking
🇨🇭 4server	2026-05-20 14:05:17 (2 weeks ago)	[WedMay2016:05:14.5507382026][security2:error][pid3013808:tid3013833][client91.239.78.118:0]ModSecur ... show more [WedMay2016:05:14.5507382026][security2:error][pid3013808:tid3013833][client91.239.78.118:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"aurumgioielleria.ch.81-17-25-250.cpanel.site\"][uri\"/.env\"][unique_id\"ag2_mnOqMJfMvrdgpdTvvwAAARc\"] show less	Hacking Web App Attack
Anonymous	2026-05-20 05:06:35 (2 weeks ago)	(caddyscan) Scanner path probe from 91.239.78.118 (UA/Ukraine/dedicated.vsys.host): 5 in the last 36 ... show more (caddyscan) Scanner path probe from 91.239.78.118 (UA/Ukraine/dedicated.vsys.host): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 91.239.78.118 - - [20/May/2026:05:05:40 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 91.239.78.118 - - [20/May/2026:05:05:53 +0000] "GET /.env.local HTTP/1.1" [REDACTED] 200 2627 91.239.78.118 - - [20/May/2026:05:06:08 +0000] "GET /.env.production HTTP/1.1" [REDACTED] 200 2627 91.239.78.118 - - [20/May/2026:05:06:22 +0000] "GET /.env.development HTTP/1.1" [REDACTED] 200 2627 91.239.78.118 - - [20/May/2026:05:06:34 +0000] "GET /.env.staging HTTP/1.1" show less	Port Scan
Anonymous	2026-05-19 22:55:52 (2 weeks ago)	(caddyscan) Scanner path probe from 91.239.78.118 (UA/Ukraine/dedicated.vsys.host): 5 in the last 36 ... show more (caddyscan) Scanner path probe from 91.239.78.118 (UA/Ukraine/dedicated.vsys.host): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 91.239.78.118 - - [19/May/2026:22:54:57 +0000] "GET /.env.production HTTP/1.1" [REDACTED] 200 2627 91.239.78.118 - - [19/May/2026:22:55:09 +0000] "GET /.env.development HTTP/1.1" [REDACTED] 200 2627 91.239.78.118 - - [19/May/2026:22:55:23 +0000] "GET /.env.staging HTTP/1.1" [REDACTED] 200 2627 91.239.78.118 - - [19/May/2026:22:55:35 +0000] "GET /.env.backup HTTP/1.1" [REDACTED] 200 2627 91.239.78.118 - - [19/May/2026:22:55:49 +0000] "GET /.env.bak HTTP/1.1" show less	Port Scan
Anonymous	2026-05-19 21:27:51 (2 weeks ago)	(caddyscan) Scanner path probe from 91.239.78.118 (UA/Ukraine/dedicated.vsys.host): 5 in the last 36 ... show more (caddyscan) Scanner path probe from 91.239.78.118 (UA/Ukraine/dedicated.vsys.host): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 91.239.78.118 - - [19/May/2026:21:26:55 +0000] "GET /.env.production HTTP/1.1" [REDACTED] 200 2627 91.239.78.118 - - [19/May/2026:21:27:08 +0000] "GET /.env.development HTTP/1.1" [REDACTED] 200 2627 91.239.78.118 - - [19/May/2026:21:27:20 +0000] "GET /.env.staging HTTP/1.1" [REDACTED] 200 2627 91.239.78.118 - - [19/May/2026:21:27:34 +0000] "GET /.env.backup HTTP/1.1" [REDACTED] 200 2627 91.239.78.118 - - [19/May/2026:21:27:47 +0000] "GET /.env.bak HTTP/1.1" show less	Port Scan
🇫🇮 cleverest.eu	2026-05-19 20:40:40 (2 weeks ago)	MimirWAF has 21 incidents from 1 distinct domain => {"bad_request_uri / env_probe","blacklisted_acce ... show more MimirWAF has 21 incidents from 1 distinct domain => {"bad_request_uri / env_probe","blacklisted_access / definite_repeat_offender"} show less	Brute-Force Web App Attack
🇫🇮 cleverest.eu	2026-05-19 20:40:40 (2 weeks ago)	MimirWAF has 22 incidents from 1 distinct domain => {"bad_request_uri / env_probe","blacklisted_acce ... show more MimirWAF has 22 incidents from 1 distinct domain => {"bad_request_uri / env_probe","blacklisted_access / definite_repeat_offender"} show less	Brute-Force Web App Attack
🇫🇮 cleverest.eu	2026-05-19 20:40:40 (2 weeks ago)	MimirWAF has 1 incident from 1 distinct domain => {"blacklisted_access / possible_repeat_offender"}	Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 147.185.132.171

🇬🇧 35.203.211.126

🇫🇷 83.202.228.72

🇷🇺 78.138.168.46

🇷🇺 46.165.56.242

🇳🇱 45.156.87.13

🇺🇸 13.219.193.6

🇺🇸 208.84.101.127

🇧🇪 198.235.24.230

🇬🇧 195.96.139.221

🇨🇳 180.76.172.156

🇺🇸 165.154.172.151

🇺🇸 162.216.150.17

🇻🇳 113.174.175.161

🇸🇬 103.187.146.107

🇺🇦 85.238.97.20

🇨🇦 199.167.105.236

🇬🇧 193.163.125.95

🇮🇳 165.140.164.99

🇻🇳 113.182.198.109