JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 178.105.4.138

178.105.4.138 was found in our database!

This IP was reported 176 times. Confidence of Abuse is 100%: ?

100%

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Hostname(s)	static.138.4.105.178.clients.your-server.de
Domain Name	hetzner.com
Country	🇩🇪 Germany
City	Falkenstein, Saxony

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 178.105.4.138

Whois 178.105.4.138

IP Abuse Reports for 178.105.4.138:

This IP address has been reported a total of 176 times from 137 distinct sources. 178.105.4.138 was first reported on May 20th 2026, and the most recent report was 12 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Catalin Negru	2026-06-05 06:46:52 (12 hours ago)	2026-05-24 02:46:45,451 fail2ban.actions [671]: NOTICE [web-scanner] Ban 178.105.4.138 2026- ... show more 2026-05-24 02:46:45,451 fail2ban.actions [671]: NOTICE [web-scanner] Ban 178.105.4.138 2026-05-24 02:46:45,498 fail2ban.actions [671]: NOTICE [laravel-auth] Ban 178.105.4.138 2026-05-24 02:46:45,741 fail2ban.actions [671]: NOTICE [laravel-env] Ban 178.105.4.138 2026-05-24 02:46:45,906 fail2ban.actions [671]: NOTICE [apache-dirscan] Ban 178.105.4.138 2026-05-24 02:46:45,909 fail2ban.actions [671]: NOTICE [apache-404] Ban 178.105.4.138 ... show less	Brute-Force Web App Attack
Anonymous	2026-06-04 05:54:00 (1 day ago)	Flood url /.env	Bad Web Bot Web App Attack Hacking
Anonymous	2026-06-03 13:26:52 (2 days ago)	IP banned by Fail2Ban	Brute-Force SSH
🇳🇱 JCB	2026-06-03 08:58:00 (2 days ago)	178.105.4.138 - - [02/Jun/2026:20:46:54 +0300] "GET /twilio/api/.env HTTP/1.1" 403 239 "-" "Mozilla/ ... show more 178.105.4.138 - - [02/Jun/2026:20:46:54 +0300] "GET /twilio/api/.env HTTP/1.1" 403 239 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36" 178.105.4.138 - - [02/Jun/2026:20:46:54 +0300] "GET /twilio/app/.env HTTP/1.1" 403 239 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" ... show less	Web App Attack Hacking
🇫🇷 HerrWolf	2026-06-02 20:00:03 (2 days ago)	CrowdSec Detection: crowdsecurity/http-probing	Web App Attack
🇫🇷 Coco Bongo	2026-06-02 16:57:10 (3 days ago)	178.105.4.138 [redacted] (--- United Kingdom -) - - [02/Jun/2026:18:56:54 +0200] "GET /.env HTTP/1.1 ... show more 178.105.4.138 [redacted] (--- United Kingdom -) - - [02/Jun/2026:18:56:54 +0200] "GET /.env HTTP/1.1" 404 146 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36" 178.105.4.138 ... show less	Bad Web Bot Web App Attack
🇫🇮 geot	2026-06-02 14:23:00 (3 days ago)	89 requests, including : GET /.env.sample HTTP/1.1 GET /twilio/.env HTTP/1.1 GET /home/ec2-user/aws ... show more 89 requests, including : GET /.env.sample HTTP/1.1 GET /twilio/.env HTTP/1.1 GET /home/ec2-user/aws/bin/.env HTTP/1.1 GET /sendgrid/api/.env HTTP/1.1 GET /twilio/backend/.env HTTP/1.1 GET /sendgrid/.env HTTP/1.1 GET /sendgrid/app/.env HTTP/1.1 GET /home/ec2-user/bin/.env HTTP/1.1 GET /home/ec2-user/.local/bin/.env HTTP/1.1 GET /site/.env HTTP/1.1 GET /twilio/config/.env HTTP/1.1 GET /home/ec2-user/.aws/credentials/.env HTTP/1.1 GET /assets/.env HTTP/1.1 GET /.env.development HTTP/1.1 GET /cronlab/.env HTTP/1.1 GET /.env.test HTTP/1.1 show less	Hacking Web App Attack
🇩🇪 markawes	2026-06-02 12:41:32 (3 days ago)	[markis] Auto banned by Fail2Ban. Reason: Malicious web scan / attempted access to sensitive paths. ... show more [markis] Auto banned by Fail2Ban. Reason: Malicious web scan / attempted access to sensitive paths. Evidence: 178.105.4.138 - - [02/Jun/2026:13:41:29 +0100] "GET /.env HTTP/1.1" 404 455 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" 178.105.4.138 - - [02/Jun/2026:13:41:30 +0100] "GET /.env.local HTTP/1.1" 404 455 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" 178.105.4.138 - - [02/Jun/2026:13:41:30 +0100] "GET /.env.development HTTP/1.1" 404 455 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36" show less	Port Scan Hacking Web App Attack
🇫🇷 masterguru	2026-06-02 10:56:08 (3 days ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-201)	Hacking Bad Web Bot
🇺🇸 masterguru	2026-06-02 09:28:05 (3 days ago)	Host header is a numeric IP address. Pattern match "^ (920350-163)	Hacking Bad Web Bot
🇩🇪 tentwentyfour	2026-06-02 09:16:33 (3 days ago)	Blocked for probing for sensitive web application components	Brute-Force Web App Attack
🇫🇮 oh.mg	2026-06-02 08:45:21 (3 days ago)	[Tue Jun 02 10:45:21.095241 2026] [security2:error] [pid 786897:tid 786929] [client 178.105.4.138:64 ... show more [Tue Jun 02 10:45:21.095241 2026] [security2:error] [pid 786897:tid 786929] [client 178.105.4.138:64981] [client 178.105.4.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [ver "OWASP_CRS/4.10.0-dev"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "95.216.72.247"] [uri "/.env"] [unique_id "ah6YIQ6tDPUdhYmSCD7nggAAAcE"] [Tue Jun 02 10:45:21.176919 2026] [security2:error] [pid 787414:tid 787424] [client 178.105.4.138:63204] [client 178.105.4.138] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [ver "OWASP_CRS/4.10.0-dev"] [tag "anom ... show less	Web App Attack Bad Web Bot
Anonymous	2026-06-02 07:15:39 (3 days ago)	Scenarios: http-sensitive-files Total requests: 178 [02/Jun/2026:07:15:38 +0000] [Client: 178.105.4. ... show more Scenarios: http-sensitive-files Total requests: 178 [02/Jun/2026:07:15:38 +0000] [Client: 178.105.4.138] GET [301] "/.env" User-Agent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36" [02/Jun/2026:07:15:38 +0000] [Client: 178.105.4.138] GET [301] "/.env.local" User-Agent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36" [02/Jun/2026:07:15:38 +0000] [Client: 178.105.4.138] GET [301] "/.env.development" User-Agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" [02/Jun/2026:07:15:38 +0000] [Client: 178.105.4.138] GET [301] "/.env.production" User-Agent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36" [02/Jun/2026:07:15:38 +0000] [Client: 178.105.4.138] GET [301] "/.env.staging" User-Agent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36" [02/Jun/2026:07:15:38 +0000] [Client: 178.105.4.138] GET [301] "/.env.test" User-Agent: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36" show less	Web App Attack
🇨🇦 Roper123	2026-06-02 06:35:14 (3 days ago)	Web exploits	Hacking Web App Attack
Anonymous	2026-06-02 06:24:48 (3 days ago)	178.105.4.138 - - [02/Jun/2026:06:24:47 +0000] "GET /.env HTTP/1.1" 404 400 "-" "Mozilla/5.0 (Macint ... show more 178.105.4.138 - - [02/Jun/2026:06:24:47 +0000] "GET /.env HTTP/1.1" 404 400 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36" ... show less	Bad Web Bot Web App Attack

Showing 1 to 15 of 176 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 117.80.226.34

🇺🇸 104.234.19.103

🇮🇪 3.252.223.104

🇹🇷 212.16.87.65

🇧🇷 205.210.31.151

🇲🇽 201.103.214.31

🇧🇷 200.222.84.188

🇧🇷 191.241.76.128

🇧🇷 191.53.107.247

🇬🇧 185.166.42.74

🇨🇳 121.24.31.55

🇨🇳 120.231.37.47

🇺🇸 104.234.19.104

🇧🇪 104.155.29.73

🇧🇭 88.201.9.5

🇳🇱 85.121.127.134

🇿🇦 41.181.156.205

🇸🇬 8.222.181.172

🇰🇷 220.118.173.234

🇺🇸 216.24.219.135