This IP address has been reported a total of 86
times from 38 distinct
sources.
128.199.194.105 was first reported on ,
and the most recent report was .
Old Reports:
The most recent abuse report for this IP address is from .
It is possible that this IP is no longer involved in abusive activities.
[WedJul2410:57:35.4633432024][security2:error][pid758252:tid758289][client128.199.194.105:0][client1 ... show more[WedJul2410:57:35.4633432024][security2:error][pid758252:tid758289][client128.199.194.105:0][client128.199.194.105]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\|passwd\|group\)\|www_\?acl\)\|global\\\\\\\\.asa\|httpd\\\\\\\\.conf\|boot\\\\\\\\.ini\|web.config\)\\\\\\\\b\|\(\|\^\|\\\\\\\\.\\\\\\\\.\)/etc/\|/\\\\\\\\.\(\?:history\|bash_history\|sh_history\|env\)\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"gagspettacolo.ch\"][uri\"/_static/.env\"][unique_id\"ZqDB_0_KoCcyuVY8t9UDDwAAAMg\"][WedJul2410:57:36.2582352024][security2:error][pid758252:tid758289][client128.199.194.105:0][client128.199.194.105]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\|passwd\|group\)\|www_\?acl\)\|global\\\\\\\\.asa\|httpd\ show less
(mod_security) mod_security (id:210492) triggered by 128.199.194.105 (SG/Singapore/-): 5 in the last ... show more(mod_security) mod_security (id:210492) triggered by 128.199.194.105 (SG/Singapore/-): 5 in the last 3600 secs show less
(mod_security) mod_security (id:210492) triggered by 128.199.194.105 (-): 1 in the last 300 secs; Po ... show more(mod_security) mod_security (id:210492) triggered by 128.199.194.105 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 24 02:50:40.784767 2024] [security2:error] [pid 20445:tid 20445] [client 128.199.194.105:39954] [client 128.199.194.105] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sirio-b.com"] [uri "/.env.www"] [unique_id "ZqCkQIZT8MdqvtaqECtP_QAAAAA"] show less
Brute-ForceBad Web BotWeb App Attack
Anonymous
Bot / scanning and/or hacking attempts: GET /.env.backup HTTP/1.1, done, streams: 0/1/1/0/0 (open/re ... show moreBot / scanning and/or hacking attempts: GET /.env.backup HTTP/1.1, done, streams: 0/1/1/0/0 (open/recv/resp/push/rst), GET /.env.old HTTP/1.1, GET /.aws/credentials HTTP/1.1, GET /_static/.env HTTP/1.1, GET /.env.bak%20 HTTP/1.1, GET /.docker/.env HTTP/1.1 show less