This IP address has been reported a total of
14
times from
14 distinct
sources.
8.228.20.44 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
{"level":"info","ts":1781364635.825813,"logger":"http.log.access.log1","msg":"handled request","requ ...
show more{"level":"info","ts":1781364635.825813,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"8.228.20.44","remote_port":"36350","client_ip":"8.228.20.44","proto":"HTTP/1.1","method":"GET","host":"jilkjidcbahgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io","uri":"/.env.local","headers":{"User-Agent":["Mozilla/5.0 (Linux; Android 7.1.1; BBB100-1 Build/NMF26F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.125 Mobile Safari/537.36"],"Accept-Charset":["utf-8"],"Accept-Encoding":["gzip"],"Connection":["close"]}},"bytes_read":0,"user_id":"","duration":0.000117805,"size":0,"status":308,"resp_headers":{"Location":["https://jilkjidcbahgc7402a95-6fc9-4756-b4e6-fa6c7eeb29c6.random.159.89.98.98.nip.io/.env.local"],"Content-Type":[],"Server":["Caddy"],"Connection":["close"]}}
{"level":"info","ts":1781364635.9142015,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"8.228.20.44","remote_port":"36374","client_ip":"8.228.
...
show less
[SatJun1317:06:25.4044052026][security2:error][pid1731603:tid1732818][client8.228.20.44:0]ModSecurit ...
show more[SatJun1317:06:25.4044052026][security2:error][pid1731603:tid1732818][client8.228.20.44:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"www.privilege-service.ch.81-17-25-250.cpanel.site\"][uri\"/api/.env.backup\"][unique_id\"ai1x8aNV5iccDT41glCsOAAAANY\"]
show less
Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-195)
Hacking
Web App Attack
Anonymous
Bot / scanning and/or hacking attempts: GET /deploy/.env HTTP/1.1, GET /api/backend/.env HTTP/1.1, G ...
show moreBot / scanning and/or hacking attempts: GET /deploy/.env HTTP/1.1, GET /api/backend/.env HTTP/1.1, GET /web/.env HTTP/1.1, GET /src/.env HTTP/1.1, GET /uploads/.env HTTP/1.1, GET /admin/.env.backup HTTP/1.1, GET /frontend/.env.local HTTP/1.1, GET /.env.live HTTP/1.1, GET /frontend/.env.backup HTTP/1.1, GET /docker/.env HTTP/1.1, GET /build/.env HTTP/1.1, GET /app/.env.prod HTTP/1.1, GET /data/.env HTTP/1.1, GET /api/.env.dev HTTP/1.1, GET /apps/backend/.env HTTP/1.1, GET /src/.env.production HTTP/1.1, GET /.env.old HTTP/1.1, GET /services/.env HTTP/1.1, GET /symfony/.env HTTP/1.1, GET /services/auth/.env HTTP/1.1, GET /apps/api/.env HTTP/1.1, GET /.env.development HTTP/1.1, GET /private/.env HTTP/1.1, GET /server/.env.production HTTP/1.1, GET /laravel/.env HTTP/1.1, GET /server/.env.backup HTTP/1.1, GET /.env.copy HTTP/1.1, GET /packages/api/.env HTTP/1.1
show less