This IP address has been reported a total of
35
times from
23 distinct
sources.
104.198.115.139 was first reported on
, and the most recent report was
.
Old Reports:
The most recent abuse report for this IP address is from
. It is possible that this IP is no longer involved in abusive activities.
[ThuJun1101:59:00.5096842026][security2:error][pid408099:tid408374][client104.198.115.139:0]ModSecur ...
show more[ThuJun1101:59:00.5096842026][security2:error][pid408099:tid408374][client104.198.115.139:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"hostingsvizzera.ch.inserzioniticino.ch\"][uri\"/admin/.env.local\"][unique_id\"ain6RCH_HmtSXts9pXtUaQAAARE\"]
show less
{"level":"info","ts":1781112038.096643,"logger":"http.log.access.log1","msg":"handled request","requ ...
show more{"level":"info","ts":1781112038.096643,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"104.198.115.139","remote_port":"42760","client_ip":"104.198.115.139","proto":"HTTP/1.1","method":"GET","host":"update.wvutupdate.lknmlkjihgjihgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io","uri":"/.env.bak","headers":{"User-Agent":["Mozilla/5.0 (Linux; Android 5.1.1; vivo Y31L.RastaModโข_Version) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36"],"Accept-Charset":["utf-8"],"Accept-Encoding":["gzip"],"Connection":["close"]}},"bytes_read":0,"user_id":"","duration":0.000033964,"size":0,"status":308,"resp_headers":{"Location":["https://update.wvutupdate.lknmlkjihgjihgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io/.env.bak"],"Content-Type":[],"Server":["Caddy"],"Connection":["close"]}}
{"level":"info","ts":1781112038.2170393,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"10
...
show less
[WedJun1006:29:00.1893742026][security2:error][pid3973969:tid3974103][client104.198.115.139:0]ModSec ...
show more[WedJun1006:29:00.1893742026][security2:error][pid3973969:tid3974103][client104.198.115.139:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Stringmatchwithin\".asa/.asax/.ascx/.backup/.bak/.bat/.cdx/.cer/.cfg/.cmd/.com/.config/.conf/.cs/.csproj/.csr/.dat/.db/.dbf/.dll/.dos/.htr/.htw/.ida/.idc/.idq/.inc/.ini/.key/.licx/.lnk/.log/.mdb/.old/.pass/.pdb/.pol/.printer/.pwd/.rdb/.resources/.resx/.sql/.swp/.sys/.vb/.vbs/.vbproj/.vsdisco/.webinfo/.xsx/\"atTX:extension.[file\"/etc/apache2/conf.d/modsec_rules/00_asl_zz_strict.conf\"][line\"91\"][id\"390716\"][rev\"2\"][msg\"Atomicorp.comWAFRules:URLfileextensionisrestrictedbypolicy\"][data\".backup\"][severity\"ERROR\"][hostname\"www.esengineering.ch.136-243-54-122.cpanel.site\"][uri\"/.env.backup\"][unique_id\"aijoDGD6EGuN3-0vZrxMjwAAARc\"]
show less
Bot / scanning and/or hacking attempts: GET /src/api/.env HTTP/1.1, GET /src/.env.local HTTP/1.1, GE ...
show moreBot / scanning and/or hacking attempts: GET /src/api/.env HTTP/1.1, GET /src/.env.local HTTP/1.1, GET /.env.orig HTTP/1.1, GET /.env.uat HTTP/1.1, GET /services/.env.production HTTP/1.1, GET /frontend/.env.backup HTTP/1.1, GET /backend/.env.old HTTP/1.1, GET /stage/.env HTTP/1.1, GET /.env.sample HTTP/1.1, GET /services/.env HTTP/1.1, GET /env.backup HTTP/1.1, GET /.env.production HTTP/1.1, GET /frontend/.env HTTP/1.1, GET /.env.bak HTTP/1.1, GET /api/.env.backup HTTP/1.1, GET /app/.env.production HTTP/1.1, GET /backend/.env.local HTTP/1.1, GET /test/.env HTTP/1.1, GET /app/.env.backup HTTP/1.1, GET /frontend/.env.staging HTTP/1.1, GET /app/.env.old HTTP/1.1, GET /config/.env.production HTTP/1.1, GET /app/.env.bak HTTP/1.1, GET /.env.save HTTP/1.1, GET /docker/.env HTTP/1.1
show less
Hacking
Web App Attack
Showing 1 to
15
of 35 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ