AbuseIPDB » 161.35.197.238

161.35.197.238 was found in our database!

This IP was reported 91 times. Confidence of Abuse is 40%: ?

40%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 161.35.197.238

Whois 161.35.197.238

IP Abuse Reports for 161.35.197.238:

This IP address has been reported a total of 91 times from 63 distinct sources. 161.35.197.238 was first reported on November 7th 2021, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago. It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
FEWA	2025-05-14 06:13:41 (1 month ago)	Fail2Ban Ban Triggered	Hacking Bad Web Bot Web App Attack
Ba-Yu	2025-05-14 06:09:04 (1 month ago)	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
zynex	2025-05-14 06:05:46 (1 month ago)	URL Probing: /.env	Web App Attack
TPI-Abuse	2025-05-14 06:05:45 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 161.35.197.238 (-): 1 in the last 300 secs; Por ... show more(mod_security) mod_security (id:210492) triggered by 161.35.197.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 14 02:05:38.086062 2025] [security2:error] [pid 445012:tid 445012] [client 161.35.197.238:33212] [client 161.35.197.238] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.57"] [uri "/.env"] [unique_id "aCQyshY3A00nMQcYsR49fgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Major Hostility	2025-05-14 05:48:48 (1 month ago)	"GET /.env HTTP/1.1" 404 "GET /.git/config HTTP/1.1" 404	Web App Attack
TPI-Abuse	2025-05-14 05:47:58 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 161.35.197.238 (-): 1 in the last 300 secs; Por ... show more(mod_security) mod_security (id:210492) triggered by 161.35.197.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 14 01:47:50.911231 2025] [security2:error] [pid 2144008:tid 2144008] [client 161.35.197.238:52466] [client 161.35.197.238] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.67"] [uri "/.env"] [unique_id "aCQuhmXlajaTpyi7DZrCBgAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-05-14 05:45:56 (1 month ago)	161.35.197.238 - - [14/May/2025:05:45:55 +0000] "GET /.env HTTP/1.1" 404 134 "-" "Mozilla/5.0; Keydr ... show more161.35.197.238 - - [14/May/2025:05:45:55 +0000] "GET /.env HTTP/1.1" 404 134 "-" "Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);" ... show less	Hacking Web App Attack
Starburst SysOp Team	2025-05-14 05:38:53 (1 month ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-stl2-18)	Hacking Bad Web Bot
TPI-Abuse	2025-05-14 05:30:05 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 161.35.197.238 (-): 1 in the last 300 secs; Por ... show more(mod_security) mod_security (id:210492) triggered by 161.35.197.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 14 01:29:59.302887 2025] [security2:error] [pid 2891360:tid 2891360] [client 161.35.197.238:37190] [client 161.35.197.238] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.110"] [uri "/.env"] [unique_id "aCQqV9qG2-xa2e8S3Zx3IwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
ozisp.com.au	2025-05-14 05:26:48 (1 month ago)	US_DigitalOcean,_<33>1747200407 [1:2031502:4] ET INFO Request to Hidden Environment File - Inbound [ ... show moreUS_DigitalOcean,_<33>1747200407 [1:2031502:4] ET INFO Request to Hidden Environment File - Inbound [Classification: Misc activity] [Priority: 3] {TCP} 161.35.197.238:39626 show less	Hacking
Bedios GmbH	2025-05-14 05:21:11 (1 month ago)	Login credentials theft attempt	Hacking
LRNP	2025-05-14 05:17:47 (1 month ago)	_:80 161.35.197.238 - - [14/May/2025:05:17:33 +0000] "GET /.env HTTP/1.1" 404 118 "-" "Mozilla/5.0; ... show more_:80 161.35.197.238 - - [14/May/2025:05:17:33 +0000] "GET /.env HTTP/1.1" 404 118 "-" "Mozilla/5.0; Keydrop.io/1.0(onlyscans.com/about);" ... show less	Bad Web Bot Web App Attack
TPI-Abuse	2025-05-14 05:10:22 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 161.35.197.238 (-): 1 in the last 300 secs; Por ... show more(mod_security) mod_security (id:210492) triggered by 161.35.197.238 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 14 01:10:19.082918 2025] [security2:error] [pid 1219692:tid 1219692] [client 161.35.197.238:36736] [client 161.35.197.238] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.4"] [uri "/.env"] [unique_id "aCQlu_87MyKMIxTKMPwtiQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
jkhorvath.com	2025-05-14 05:09:16 (1 month ago)	Request for URL /.env	Phishing Brute-Force Web App Attack
swrlly	2025-05-14 05:07:59 (1 month ago)	attempt to exploit known webserver vulnerabilities	Web App Attack

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩