This IP address has been reported a total of
1,007
times from
384 distinct
sources.
5.255.122.197 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files
Web App Attack
Hacking
Anonymous
Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: NL, Attack patterns: Back ...
show moreBlocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: NL, Attack patterns: Backup file probing, Cloud secrets probing
show less
Bad Web Bot
Web App Attack
Anonymous
5.255.122.197 - - [09/May/2026:11:54:53 +0200] "GET /wp-config.php.bak HTTP/1.0" 404 116263 "-" "Moz ...
show more5.255.122.197 - - [09/May/2026:11:54:53 +0200] "GET /wp-config.php.bak HTTP/1.0" 404 116263 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36"
5.255.122.197 - - [09/May/2026:11:54:54 +0200] "GET /wp-config.php.bak HTTP/1.1" 404 20104 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36"
5.255.122.197 - - [09/May/2026:11:54:53 +0200] "GET /wp-config.php.old HTTP/1.0" 404 116263 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36"
5.255.122.197 - - [09/May/2026:11:54:55 +0200] "GET /wp-config.php.old HTTP/1.1" 404 20103 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36"
5.255.122.197 - - [09/May/2026:11:54:53 +0200] "GET /wp-config.php.save HTTP/1.0" 404 116271 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKi
...
show less
Brute-Force
Web App Attack
Anonymous
(caddyscan) Scanner path probe from 5.255.122.197 (NL/The Netherlands/-): 5 in the last 3600 secs; P ...
show more(caddyscan) Scanner path probe from 5.255.122.197 (NL/The Netherlands/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 5.255.122.197 - - [09/May/2026:09:12:19 +0000] "GET /.env HTTP/1.1"
[REDACTED] 200 2627 5.255.122.197 - - [09/May/2026:09:12:19 +0000] "GET /.env.local HTTP/1.1"
[REDACTED] 200 2627 5.255.122.197 - - [09/May/2026:09:12:19 +0000] "GET /.env.production HTTP/1.1"
[REDACTED] 200 2627 5.255.122.197 - - [09/May/2026:09:12:19 +0000] "GET /app/.env HTTP/1.1"
[REDACTED] 200 2627 5.255.122.197 - - [09/May/2026:09:12:19 +0000] "GET /backend/.env HTTP/1.1"
show less
5.255.122.197 ***.*** - [09/May/2026:09:15:33 +0200] "GET /secrets.json HTTP/1.1" 302 211 "-" "Mozil ...
show more5.255.122.197 ***.*** - [09/May/2026:09:15:33 +0200] "GET /secrets.json HTTP/1.1" 302 211 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:150.0) Gecko/20100101 Firefox/150.0"
AND :
GET /.env.local HTTP/1.1
GET /.env.production HTTP/1.1
GET /serviceAccountKey.json HTTP/1.1
GET /credentials.json HTTP/1.1
show less