JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 139.59.105.253

139.59.105.253 was found in our database!

This IP was reported 37 times. Confidence of Abuse is 0%: ?

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 139.59.105.253

Whois 139.59.105.253

IP Abuse Reports for 139.59.105.253:

This IP address has been reported a total of 37 times from 14 distinct sources. 139.59.105.253 was first reported on January 25th 2024, and the most recent report was 2 years ago.

Old Reports: The most recent abuse report for this IP address is from 2 years ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2024-02-01 09:31:05 (2 years ago)	Fail2Ban apache-noscript	Bad Web Bot
Anonymous	2024-01-31 17:35:44 (2 years ago)	139.59.105.253 (SG/Singapore/-), more than 5 Apache 403 hits	Hacking
🇨🇭 zynex	2024-01-31 08:09:46 (2 years ago)	URL Probing: /1.php	Web App Attack
🇩🇪 ghostwarriors	2024-01-31 02:20:03 (2 years ago)	Attempts against non-existent wp-login	Brute-Force Web App Attack
🇩🇪 Ba-Yu	2024-01-30 06:37:23 (2 years ago)	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇳🇱 Savvii	2024-01-29 14:12:42 (2 years ago)	15 attempts against mh-modsecurity-ban on neon	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-01-29 13:10:15 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 139.59.105.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 139.59.105.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 29 08:10:11.862564 2024] [security2:error] [pid 6398] [client 139.59.105.253:64607] [client 139.59.105.253] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|fruitinthedesert.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "fruitinthedesert.com"] [uri "/site/default/settings.php.BAK"] [unique_id "Zbejs_71mxM_5w2-AIRshwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-01-29 11:41:38 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 139.59.105.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 139.59.105.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 29 06:41:31.615150 2024] [security2:error] [pid 8484] [client 139.59.105.253:57288] [client 139.59.105.253] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|drrw.net\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "drrw.net"] [uri "/site/default/settings.php.BAK"] [unique_id "ZbeO655VN48a87xvQAmD5AAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Carsten	2024-01-29 09:25:40 (2 years ago)	GET [about.php]	Port Scan
🇭🇺 Adorjan Daczo	2024-01-29 06:56:30 (2 years ago)	Probe for vulnerabilities. Path attempted: /wp-admin/css/colors/blue/CasperExV1.php	Web App Attack
🇺🇸 TPI-Abuse	2024-01-29 05:47:35 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 139.59.105.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 139.59.105.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 29 00:47:29.273946 2024] [security2:error] [pid 14225] [client 139.59.105.253:65403] [client 139.59.105.253] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|xirin.net\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "xirin.net"] [uri "/site/default/settings.php.BAK"] [unique_id "Zbc78fc3mM-6gRfFmX2-kQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-01-29 05:10:49 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 139.59.105.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 139.59.105.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 29 00:10:43.403460 2024] [security2:error] [pid 15697] [client 139.59.105.253:51936] [client 139.59.105.253] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.michael-beasley.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.michael-beasley.com"] [uri "/site/default/settings.php.BAK"] [unique_id "ZbczUzhD2YPmQdhn0xIhwAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-01-29 02:04:33 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 139.59.105.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 139.59.105.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 28 21:04:29.407799 2024] [security2:error] [pid 20328] [client 139.59.105.253:49384] [client 139.59.105.253] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|gildemello.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gildemello.com"] [uri "/site/default/settings.php.BAK"] [unique_id "ZbcHrS-_HwTc7agpanbQOAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Apache	2024-01-28 23:30:49 (2 years ago)	(mod_security) mod_security (id:20000010) triggered by 139.59.105.253 (SG/Singapore/-): 5 in the las ... show more (mod_security) mod_security (id:20000010) triggered by 139.59.105.253 (SG/Singapore/-): 5 in the last 300 secs show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-01-28 23:01:35 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 139.59.105.253 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 139.59.105.253 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 28 18:01:27.606822 2024] [security2:error] [pid 1758180] [client 139.59.105.253:63008] [client 139.59.105.253] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|albertawaterjet.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "albertawaterjet.com"] [uri "/site/default/settings.php.BAK"] [unique_id "ZbbcxyFNSEETjrpNWR-YNQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 37 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.154

🇹🇼 198.235.24.14

🇳🇱 183.81.169.76

🇨🇳 180.153.91.15

🇺🇬 102.203.209.48

🇺🇸 64.62.197.107

🇺🇸 64.62.156.131

🇷🇺 46.39.254.221

🇰🇷 43.155.214.159

🇬🇧 35.203.210.110

🇺🇸 147.185.132.58

🇺🇸 143.110.239.2

🇹🇼 110.25.112.151

🇺🇸 97.96.242.178

🇲🇾 49.124.152.34

🇫🇷 31.57.109.72

🇺🇸 20.102.105.170

🇺🇸 18.189.74.1

🇲🇽 189.203.163.10

🇺🇸 147.185.132.207