JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 91.239.78.120

91.239.78.120 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 50%: ?

50%

ISP	SOLLUTIUM EU Sp z.o.o.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS6698
Hostname(s)	dedicated.vsys.host
Domain Name	sollutium.com
Country	🇺🇦 Ukraine
City	Kyiv, Kyiv City

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 91.239.78.120

Whois 91.239.78.120

IP Abuse Reports for 91.239.78.120:

This IP address has been reported a total of 18 times from 11 distinct sources. 91.239.78.120 was first reported on May 20th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 SpaceHost-Server	2026-05-22 22:33:40 (1 week ago)		Brute-Force Web App Attack
🇺🇸 LotPhantom	2026-05-22 10:15:26 (2 weeks ago)	91.239.78.120 - - [22/May/2026:10:14:32 +0000] "POST / HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows N ... show more 91.239.78.120 - - [22/May/2026:10:14:32 +0000] "POST / HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" "0" ... show less	Web App Attack
🇫🇷 SpaceHost-Server	2026-05-21 22:32:30 (2 weeks ago)		Brute-Force Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-21 22:01:17 (2 weeks ago)	Auto-ban: >3000 req/min op 2026-05-21	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-21 20:30:44 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 91.239.78.120 (dedicated.vsys.host): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 91.239.78.120 (dedicated.vsys.host): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 16:30:37.731323 2026] [security2:error] [pid 17687:tid 17687] [client 91.239.78.120:45627] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "britanniapilates.com.systemcapacityoptimization.com"] [uri "/.env"] [unique_id "ag9rbVqS0Op6zrIpYN0-EAAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 Origon	2026-05-21 19:58:17 (2 weeks ago)	http-sensitive-files - IP: 91.239.78.120 - time="2026-05-21T21:58:17+02:00" level=info msg="(555f66 ... show more http-sensitive-files - IP: 91.239.78.120 - time="2026-05-21T21:58:17+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-sensitive-files by ip 91.239.78.120 (UA/6698) : 4h ban on Ip 91.239.78.120" module=db show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 17:40:52 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 91.239.78.120 (dedicated.vsys.host): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 91.239.78.120 (dedicated.vsys.host): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 13:40:45.092897 2026] [security2:error] [pid 7598:tid 7598] [client 91.239.78.120:51891] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bogartphotography.sisix.net"] [uri "/.env"] [unique_id "ag9DnecopynRoFcrR2fEuwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 macrob	2026-05-21 12:20:56 (2 weeks ago)	2026/05/21 12:20:53 [error] 3028040#3028040: 245400922 access forbidden by rule, client: 91.239.78. ... show more 2026/05/21 12:20:53 [error] 3028040#3028040: 245400922 access forbidden by rule, client: 91.239.78.120, server: binixo.ro, request: "GET /.env HTTP/2.0", host: "binixo.ro" 2026/05/21 12:20:53 [error] 3028042#3028042: 245403580 access forbidden by rule, client: 91.239.78.120, server: binixo.ro, request: "GET /.env.local HTTP/2.0", host: "binixo.ro" 2026/05/21 12:20:53 [error] 3028039#3028039: 245401537 access forbidden by rule, client: 91.239.78.120, server: binixo.ro, request: "GET /.env.production HTTP/2.0", host: "binixo.ro" ... show less	Web App Attack
Anonymous	2026-05-21 08:18:14 (2 weeks ago)	(caddyscan) Scanner path probe from 91.239.78.120 (UA/Ukraine/dedicated.vsys.host): 5 in the last 36 ... show more (caddyscan) Scanner path probe from 91.239.78.120 (UA/Ukraine/dedicated.vsys.host): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 91.239.78.120 - - [21/May/2026:08:18:11 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 91.239.78.120 - - [21/May/2026:08:18:11 +0000] "GET /.env.local HTTP/1.1" [REDACTED] 200 2627 91.239.78.120 - - [21/May/2026:08:18:11 +0000] "GET /.env.production HTTP/1.1" [REDACTED] 200 2627 91.239.78.120 - - [21/May/2026:08:18:12 +0000] "GET /.env.development HTTP/1.1" [REDACTED] 200 2627 91.239.78.120 - - [21/May/2026:08:18:12 +0000] "GET /.env.staging HTTP/1.1" show less	Port Scan
🇳🇱 e.fierstra	2026-05-21 08:07:33 (2 weeks ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-05-21 08:01:39 (2 weeks ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-197)	Hacking Web App Attack
🇫🇷 masterguru	2026-05-21 05:30:37 (2 weeks ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-195)	Hacking Web App Attack
🇧🇪 cmbplf	2026-05-21 03:29:24 (2 weeks ago)	156 requests with url.path *.env	Brute-Force Bad Web Bot
Anonymous	2026-05-20 22:22:24 (2 weeks ago)	(caddyscan) Scanner path probe from 91.239.78.120 (UA/Ukraine/dedicated.vsys.host): 5 in the last 36 ... show more (caddyscan) Scanner path probe from 91.239.78.120 (UA/Ukraine/dedicated.vsys.host): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 91.239.78.120 - - [20/May/2026:22:22:23 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 91.239.78.120 - - [20/May/2026:22:22:23 +0000] "GET /.env.local HTTP/1.1" [REDACTED] 200 2627 91.239.78.120 - - [20/May/2026:22:22:23 +0000] "GET /.env.production HTTP/1.1" [REDACTED] 200 2627 91.239.78.120 - - [20/May/2026:22:22:23 +0000] "GET /.env.development HTTP/1.1" [REDACTED] 200 2627 91.239.78.120 - - [20/May/2026:22:22:24 +0000] "GET /.env.staging HTTP/1.1" show less	Port Scan
🇳🇱 homeshowdomain.nl	2026-05-20 22:04:36 (2 weeks ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-19. show less	Web App Attack SSH Hacking

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 147.185.132.171

🇬🇧 35.203.211.126

🇫🇷 83.202.228.72

🇷🇺 78.138.168.46

🇷🇺 46.165.56.242

🇳🇱 45.156.87.13

🇺🇸 13.219.193.6

🇺🇸 208.84.101.127

🇧🇪 198.235.24.230

🇬🇧 195.96.139.221

🇨🇳 180.76.172.156

🇺🇸 165.154.172.151

🇺🇸 162.216.150.17

🇻🇳 113.174.175.161

🇸🇬 103.187.146.107

🇺🇦 85.238.97.20

🇨🇦 199.167.105.236

🇬🇧 193.163.125.95

🇮🇳 165.140.164.99

🇻🇳 113.182.198.109