JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 5.231.70.98

5.231.70.98 was found in our database!

This IP was reported 144 times. Confidence of Abuse is 100%: ?

100%

ISP	Myps
Usage Type	Data Center/Web Hosting/Transit
ASN	AS58212
Hostname(s)	98.0-255.70.231.5.in-addr.arpa brain.university.de.com
Domain Name	myprepaid-server.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 5.231.70.98

Whois 5.231.70.98

IP Abuse Reports for 5.231.70.98:

This IP address has been reported a total of 144 times from 119 distinct sources. 5.231.70.98 was first reported on June 17th 2026, and the most recent report was 11 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 myintarweb	2026-06-18 12:00:55 (11 minutes ago)	5.231.70.98 - - [18/Jun/2026:13:00:54 +0100] 443 "GET /.env HTTP/1.1" 301 6923 "-" "Mozilla/5.0 (Mac ... show more 5.231.70.98 - - [18/Jun/2026:13:00:54 +0100] 443 "GET /.env HTTP/1.1" 301 6923 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_5_8; en-US) AppleWebKit/532.8 (KHTML, like Gecko) Chrome/4.0.302.2 Safari/532.8" ... show less	Hacking Bad Web Bot Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-18 08:08:02 (4 hours ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [ice02]	Hacking Brute-Force Bad Web Bot Web App Attack
🇺🇸 SodaAudit.app	2026-06-18 07:24:05 (4 hours ago)	[sodaaudit.app] Web app attack. Timestamp: 2026-06-18T03:10:14.000Z. 1 probe events, 1 distinct path ... show more [sodaaudit.app] Web app attack. Timestamp: 2026-06-18T03:10:14.000Z. 1 probe events, 1 distinct path(s). Paths (payload): /.env show less	Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-18 07:06:02 (5 hours ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [ice01,wa01,wa02]	Hacking Brute-Force Bad Web Bot Web App Attack
🇨🇦 smithoo4	2026-06-18 06:28:41 (5 hours ago)	5.231.70.98 - - [18/Jun/2026:02:28:39 -0400] "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Linux; And ... show more 5.231.70.98 - - [18/Jun/2026:02:28:39 -0400] "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Linux; Android 7.0; LGUS997 Build/NRD90U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.125 Mobile Safari/537.36" 5.231.70.98 - - [18/Jun/2026:02:28:40 -0400] "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Linux; Android 7.1.1; Moto E (4) Plus) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.111 Mobile Safari/537.36" ... show less	Port Scan Bad Web Bot
Anonymous	2026-06-18 06:23:08 (5 hours ago)	Fail2ban jail=webexploits banned IP=5.231.70.98 after 1 hits. Reason=web probing.	Brute-Force Web App Attack
🇪🇸 matatunos	2026-06-18 06:00:05 (6 hours ago)	Honeypot favala.es: 1 peticiones web a rutas de ataque (/wp-login, /.env, etc.) en 24h. Reporte auto ... show more Honeypot favala.es: 1 peticiones web a rutas de ataque (/wp-login, /.env, etc.) en 24h. Reporte automático. show less	Web App Attack Bad Web Bot
🇵🇾 armandosaucedo.me	2026-06-18 05:50:49 (6 hours ago)	Threat Intelligence via ARMTI, Web Attack: GET /.env	Web App Attack
Anonymous	2026-06-18 05:45:53 (6 hours ago)	(mod_security) mod_security triggered on hostname [redacted] 5.231.70.98 (DE/Germany/brain.universit ... show more (mod_security) mod_security triggered on hostname [redacted] 5.231.70.98 (DE/Germany/brain.university.de.com) show less	SQL Injection
🇨🇦 lakered	2026-06-18 05:31:32 (6 hours ago)	Detectors: [NGINX] \| Reasons: Nginx Honeypot: Sensitive configuration file search \| Tech Evidence: J ... show more Detectors: [NGINX] \| Reasons: Nginx Honeypot: Sensitive configuration file search \| Tech Evidence: JA4H: bef5a013b094cad828df6f731761e52d, Incomplete-Browser-Profile (Missing: Accept, Accept-Language), Fake-Chrome-Desktop (No-CH), TLS-JA4-Spoofing-Detected (UA claims Browser but JA4 reports No-HTTP/2: t13d190900), JA4: t13d190900 \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36 \| ASN: 58212 (dataforest GmbH) show less	Hacking Web App Attack
🇫🇷 MatStef132	2026-06-18 05:27:19 (6 hours ago)	MatShield L7: blocked on mathost.eu (suspicious behaviour)	DDoS Attack
🇺🇸 SLSLLC	2026-06-18 05:19:29 (6 hours ago)	5.231.70.98 - - [18/Jun/2026:05:19:28 +0000] "GET /.env HTTP/2.0" 404 401 "-" "Mozilla/5.0 (iPhone; ... show more 5.231.70.98 - - [18/Jun/2026:05:19:28 +0000] "GET /.env HTTP/2.0" 404 401 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) GSA/80.0.262003652 Mobile/16G77 Safari/604.1" ... show less	Brute-Force Web App Attack
Anonymous	2026-06-18 05:15:04 (6 hours ago)	IP banned by Fail2Ban in jail nginx-abusive-ips	Web App Attack Brute-Force Bad Web Bot
🇬🇧 openstrike.co.uk	2026-06-18 05:14:35 (6 hours ago)	5 attacks on env grabbing URLs: GET /.env HTTP/1.1	Hacking
🇺🇸 Takesh	2026-06-18 05:05:26 (7 hours ago)	Numbase auto-report: sensitive_honeypot:/.env	Bad Web Bot

Showing 1 to 15 of 144 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇿 197.202.197.188

🇫🇮 147.185.133.157

🇺🇸 107.180.88.176

🇰🇪 102.210.149.105

🇩🇪 85.214.60.164

🇷🇴 80.94.92.186

🇺🇸 74.7.227.37

🇪🇸 62.93.179.163

🇫🇷 51.103.46.9

🇸🇬 47.82.14.246

🇨🇦 45.88.190.11

🇺🇸 3.130.168.2

🇮🇳 182.73.109.194

🇺🇸 173.255.247.156

🇺🇸 173.254.213.217

🇨🇳 120.243.125.25

🇺🇸 108.181.4.175

🇱🇾 102.203.197.6

🇳🇱 91.92.40.37

🇰🇷 61.76.136.25