JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 91.239.78.136

91.239.78.136 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 47%: ?

47%

ISP	SOLLUTIUM EU Sp z.o.o.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS6698
Hostname(s)	dedicated.vsys.host
Domain Name	sollutium.com
Country	🇺🇦 Ukraine
City	Kyiv, Kyiv City

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 91.239.78.136

Whois 91.239.78.136

IP Abuse Reports for 91.239.78.136:

This IP address has been reported a total of 17 times from 11 distinct sources. 91.239.78.136 was first reported on May 21st 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 dynamix	2026-05-22 08:44:23 (2 weeks ago)	Multiple WAF Violations	Web App Attack
🇩🇪 on-com	2026-05-22 03:22:03 (2 weeks ago)	URL scan	Brute-Force Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-21 22:01:53 (2 weeks ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-20. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-21 18:11:10 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 91.239.78.136 (dedicated.vsys.host): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 91.239.78.136 (dedicated.vsys.host): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 14:11:05.524024 2026] [security2:error] [pid 13786:tid 13786] [client 91.239.78.136:52963] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jmichaelpope.com"] [uri "/.env"] [unique_id "ag9KuVH_Fjo0nn5nGA4OZAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 16:08:42 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 91.239.78.136 (dedicated.vsys.host): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 91.239.78.136 (dedicated.vsys.host): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 12:08:35.351367 2026] [security2:error] [pid 1209:tid 1209] [client 91.239.78.136:45559] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jfhglobal.haworthconsultinggroup.com"] [uri "/.env"] [unique_id "ag8uA2xiIwTBtrY4w20S5gAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 15:30:33 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 91.239.78.136 (dedicated.vsys.host): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 91.239.78.136 (dedicated.vsys.host): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 11:30:27.846144 2026] [security2:error] [pid 26023:tid 26023] [client 91.239.78.136:60475] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jeffreyasweeney.com"] [uri "/.env"] [unique_id "ag8lE0BfVB8pmhN9lFbFYAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 LRob.fr	2026-05-21 11:15:03 (2 weeks ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 11:11:44 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 91.239.78.136 (dedicated.vsys.host): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 91.239.78.136 (dedicated.vsys.host): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 07:11:38.064644 2026] [security2:error] [pid 19269:tid 19269] [client 91.239.78.136:46083] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "irisintelligence.mx"] [uri "/.env"] [unique_id "ag7oalXJyCYhNcacEUKP-gAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-05-21 10:48:37 (2 weeks ago)	91.239.78.136 - - [21/May/2026:13:48:29 +0300] "GET /core/.env HTTP/1.1" 404 218 "-" "Mozilla/5.0 (W ... show more 91.239.78.136 - - [21/May/2026:13:48:29 +0300] "GET /core/.env HTTP/1.1" 404 218 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" 91.239.78.136 - - [21/May/2026:13:48:34 +0300] "GET /api/.env HTTP/1.1" 404 2795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" ... show less	Web App Attack
🇮🇹 ivanbiagi7	2026-05-21 10:46:33 (2 weeks ago)	(localhost/crowdsec) crowdsecurity/http-sensitive-files by ip 91.239.78.136 (UA/6698) : 4h ban on Ip ... show more (localhost/crowdsec) crowdsecurity/http-sensitive-files by ip 91.239.78.136 (UA/6698) : 4h ban on Ip 91.239.78.136 show less	Web App Attack
Anonymous	2026-05-21 10:07:20 (2 weeks ago)	Blocked: Reason='Suspicious traffic score=60 (review-based detection)'; Requests=27	Hacking
🇺🇸 TPI-Abuse	2026-05-21 06:03:30 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 91.239.78.136 (dedicated.vsys.host): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 91.239.78.136 (dedicated.vsys.host): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 02:03:24.469935 2026] [security2:error] [pid 17370:tid 17370] [client 91.239.78.136:36645] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "instantanything.com.graydortmotors.com"] [uri "/.env"] [unique_id "ag6gLNhXw4UX9I67_UzhPQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 02:50:34 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 91.239.78.136 (dedicated.vsys.host): 1 in the l ... show more (mod_security) mod_security (id:210492) triggered by 91.239.78.136 (dedicated.vsys.host): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 20 22:50:26.748835 2026] [security2:error] [pid 848:tid 848] [client 91.239.78.136:57467] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "imaginationbyme.com.swhinc.net"] [uri "/.env"] [unique_id "ag5y8txOr5tYWzTlamE9ygAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-05-21 02:27:51 (2 weeks ago)	Multiple WAF Violations	Web App Attack
Anonymous	2026-05-21 01:50:18 (2 weeks ago)	(caddyscan) Scanner path probe from 91.239.78.136 (UA/Ukraine/dedicated.vsys.host): 5 in the last 36 ... show more (caddyscan) Scanner path probe from 91.239.78.136 (UA/Ukraine/dedicated.vsys.host): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 91.239.78.136 - - [21/May/2026:01:50:13 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 91.239.78.136 - - [21/May/2026:01:50:13 +0000] "GET /.env.local HTTP/1.1" [REDACTED] 200 2627 91.239.78.136 - - [21/May/2026:01:50:14 +0000] "GET /.env.production HTTP/1.1" [REDACTED] 200 2627 91.239.78.136 - - [21/May/2026:01:50:14 +0000] "GET /.env.development HTTP/1.1" [REDACTED] 200 2627 91.239.78.136 - - [21/May/2026:01:50:14 +0000] "GET /.env.staging HTTP/1.1" show less	Port Scan

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇱🇹 2a02:4780:9:1024:0:614:eb00:1

🇺🇸 165.22.38.218

🇩🇪 150.241.123.191

🇮🇳 125.21.59.218

🇺🇸 66.132.186.130

🇮🇳 43.227.185.238

🇬🇧 35.203.211.238

🇩🇪 2a02:4780:3f:2160:0:20c6:1e07:1

🇸🇬 2404:6800:4003:c1e::122

🇲🇽 189.203.163.10

🇷🇺 178.71.9.121

🇹🇼 111.70.13.54

🇨🇳 14.18.122.98

🇺🇸 162.216.150.7

🇺🇸 65.49.1.172

🇬🇧 35.203.211.71

🇨🇳 27.18.130.100

🇷🇴 2.57.122.177

🇨🇳 223.223.199.221

🇰🇷 211.223.107.86