This IP address has been reported a total of
28
times from
24 distinct
sources.
139.162.157.112 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
caddy probes: cloud-creds: GET /.aws/credentials(DROP) | env-probe: GET /.env.development(DROP), GET ...
show morecaddy probes: cloud-creds: GET /.aws/credentials(DROP) | env-probe: GET /.env.development(DROP), GET /.env.local(DROP), GET /.env.prod(DROP), GET /.env.production(DROP) | git-repo: GET /.git/config(DROP) | web: GET /.docker/config.json(DROP), GET /.gitconfig(DROP), GET /.github/workflows/*.yml(DROP), GET /.travis.yml(DROP), GET /application.yml(DROP), GET /appsettings.Development.json(DROP), GET /appsettings.json(DROP), GET /aws_config.php(DROP), GET /config.yml(DROP), GET /config/database.yml(DROP), GET /database.sql.gz(DROP), GET /database.yml(DROP), GET /db.sql(DROP), GET /db.sql.gz(DROP), GET /docker-compose.prod.yml(DROP), GET /docker-compose.yml(DROP), GET /phpinfo(DROP), GET /settings.py(DROP), GET /web.config(DROP)
show less
(modsec_5015) ModSec 5015: Suspicious User-Agent from 139.162.157.112 (DE/Germany/139-162-157-112.ip ...
show more(modsec_5015) ModSec 5015: Suspicious User-Agent from 139.162.157.112 (DE/Germany/139-162-157-112.ip.linodeusercontent.com): 1 in the last 3600 secs (0-195)
show less
CrowdSec local HTTP alert
scenario: crowdsecurity/http-probing
alert_id: 374
events: 11
created_at: ...
show moreCrowdSec local HTTP alert
scenario: crowdsecurity/http-probing
alert_id: 374
events: 11
created_at: 2026-07-04T20:31:51Z
message: Ip 139.162.157.112 performed 'crowdsecurity/http-probing' (11 events over 1.976982567s) at 2026-07-04 20:31:50.775273976 +0000 UTC
target_uri: ["/docker-compose.yml","/app.log","/wp-config.php","/Dockerfile","/_admin","/app/","/api/auth","/angular","/config.py","/debug/","/_test"]
method: ["GET"]
status: ["404"]
user_agent: ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"]
show less
Bad Web Bot
Web App Attack
Showing 1 to
15
of 28 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ