JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 139.196.99.108

139.196.99.108 was found in our database!

This IP was reported 68 times. Confidence of Abuse is 0%: ?

ISP	Aliyun Computing Co., LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS37963
Domain Name	alibabacloud.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 139.196.99.108

Whois 139.196.99.108

IP Abuse Reports for 139.196.99.108:

This IP address has been reported a total of 68 times from 32 distinct sources. 139.196.99.108 was first reported on January 25th 2023, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-02-21 22:59:20 (4 months ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-02-20. show less	Web App Attack SSH Hacking
🇳🇱 homeshowdomain.nl	2026-02-20 22:59:32 (4 months ago)	Auto-ban: >3000 req/min op 2026-02-20	Web App Attack SSH Hacking
🇧🇪 cmbplf	2026-02-20 18:34:24 (4 months ago)	689 requests with url.path *.env	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-20 14:48:09 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 139.196.99.108 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 139.196.99.108 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 20 09:48:05.590869 2026] [security2:error] [pid 29161:tid 29161] [client 139.196.99.108:44032] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pscc.com"] [uri "/env/.env"] [unique_id "aZh0JUAhWiXVuaVMsOlsSwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-20 13:52:02 (4 months ago)	Bot / scanning and/or hacking attempts: GET /.env HTTP/1.1, GET /env/.env HTTP/1.1	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-20 13:43:16 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 139.196.99.108 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 139.196.99.108 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 20 08:43:09.261766 2026] [security2:error] [pid 2491:tid 2491] [client 139.196.99.108:41262] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "appalachianfolkmagician.com"] [uri "/.env"] [unique_id "aZhk7as4K3DIB-Qq3O-LCAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 iNetWorker	2026-02-20 13:37:14 (4 months ago)	trolling for resource vulnerabilities	Web App Attack
🇺🇸 TPI-Abuse	2026-02-20 12:56:04 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 139.196.99.108 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 139.196.99.108 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 20 07:55:56.104824 2026] [security2:error] [pid 6879:tid 6891] [client 139.196.99.108:33622] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rosicrucian.net"] [uri "/env/.env"] [unique_id "aZhZ3LALwqGgyOXuc9WJFQAAAIo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-20 11:52:27 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 139.196.99.108 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 139.196.99.108 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 20 06:52:24.349938 2026] [security2:error] [pid 27579:tid 27579] [client 139.196.99.108:46414] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "n6nz.net"] [uri "/env/.env"] [unique_id "aZhK-NwDY-gleefR5HndCAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-20 11:20:16 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 139.196.99.108 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 139.196.99.108 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 20 06:20:09.871880 2026] [security2:error] [pid 13718:tid 13718] [client 139.196.99.108:57484] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.237"] [uri "/env/.env"] [unique_id "aZhDaeiQwwdQhRQoAbmKVgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-20 10:49:01 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 139.196.99.108 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 139.196.99.108 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 20 05:48:55.534196 2026] [security2:error] [pid 24353:tid 24353] [client 139.196.99.108:57980] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "designsbyyvonne.net"] [uri "/.env"] [unique_id "aZg8F3p2S0IJ0IZ0NwfcowAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Hydra-Shield.fr	2026-02-20 10:47:10 (4 months ago)	Directory Traversal on: /env/.env	Web App Attack
🇺🇸 TPI-Abuse	2026-02-20 10:30:22 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 139.196.99.108 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 139.196.99.108 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 20 05:30:17.202113 2026] [security2:error] [pid 27311:tid 27311] [client 139.196.99.108:47170] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "butlerinc.net"] [uri "/env/.env"] [unique_id "aZg3udVUduvNOOPsgGg6MQAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 masterguru	2026-02-20 05:43:48 (4 months ago)	BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (110 ... show more BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:User-Agent. (1100000-122) show less	Bad Web Bot
🇨🇦 Slackin' Jack	2026-02-20 04:19:49 (4 months ago)	Unauthorized scraper/crawler on port 80/443. (139.196.99.108)	Bad Web Bot

Showing 1 to 15 of 68 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 66.132.195.27

🇺🇸 65.49.1.189

🇧🇪 34.156.128.217

🇮🇳 20.244.18.126

🇺🇸 20.64.104.132

🇰🇷 14.32.231.200

🇬🇧 2a06:4880:2000::40

🇬🇧 2a06:4880:2000::37

🇩🇪 202.71.141.170

🇳🇱 195.178.110.30

🇩🇪 194.31.223.71

🇻🇳 104.218.166.62

🇺🇸 67.207.93.64

🇺🇸 65.49.1.82

🇳🇱 45.148.10.157

🇰🇪 41.89.96.242

🇫🇷 185.177.72.11

🇺🇸 172.59.138.198

🇮🇳 165.101.250.39

🇫🇷 146.70.194.228