SKIPREPORTER - AbuseIPDB User Profile

JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

User SKIPREPORTER joined AbuseIPDB in September 2025 and has reported 111 IP addresses.

Standing (weight) is good.

ACTIVE USER

IP	Date	Comment	Categories
🇺🇸 157.254.221.199	02 Jun 2026	Malicious scanner probing for exposed configuration/secrets files. The same IP requested suspicio ... show more Malicious scanner probing for exposed configuration/secrets files. The same IP requested suspicious sensitive paths within seconds while rotating fake crawler user agents: * `/application.yml` * `/secrets.yml` User agents used: * `Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ChatGPT-User/1.0; +https://openai.com/bot` * `Mozilla/5.0 (compatible; Applebot/0.1; +http://www.apple.com/go/applebot)` The bot identity was not verified and appears spoofed. This looks like automated reconnaissance for leaked YAML configuration files, secrets, credentials, or application settings. show less	Web Spam Hacking Bad Web Bot
🇬🇧 217.194.215.46	03 May 2026	Automated scan. WAF triggered	Port Scan Bad Web Bot Web App Attack
🇺🇸 107.175.32.196	03 May 2026	Automated web application attack / sensitive file probing. The IP requested /.env.production, a high ... show more Automated web application attack / sensitive file probing. The IP requested /.env.production, a high-risk environment configuration file path commonly targeted to steal production secrets such as database credentials, API keys, SMTP passwords, tokens, and app keys. This was not legitimate visitor traffic. Request was blocked by WAF show less	Port Scan Hacking Web App Attack
🇳🇱 2a0b:8bc0:2:807c::1	03 May 2026	Automated web application scan / probing for exposed environment files. The IP requested /.env.local ... show more Automated web application scan / probing for exposed environment files. The IP requested /.env.local, a high-risk sensitive configuration file path commonly targeted to steal secrets such as database credentials, API keys, SMTP passwords, and application tokens. This was not normal user traffic. Request was blocked by WAF show less	Port Scan Hacking Web App Attack
🇬🇧 217.194.215.46	02 May 2026	Scanning endpoints as well as critical entry points. WAF triggered.	Hacking Bad Web Bot Web App Attack
🇺🇸 44.248.33.252	21 Apr 2026	Repetitive WAF violation	Hacking Bad Web Bot Web App Attack
🇳🇱 195.178.110.104	21 Apr 2026	Multiple WAF violation	Hacking Bad Web Bot
🇺🇸 103.168.66.141	21 Apr 2026	Multiples WAF violations	Hacking Bad Web Bot Web App Attack
🇺🇸 103.215.74.213	21 Apr 2026	Multiple WAF Violations	Hacking Exploited Host Web App Attack
🇺🇸 195.184.76.40	13 Apr 2026	Repeated probing of Joomla API endpoint /api/index.php/v1/config/application?public=true. This endpo ... show more Repeated probing of Joomla API endpoint /api/index.php/v1/config/application?public=true. This endpoint is commonly targeted to detect exposed application configuration. Pattern matches automated vulnerability scanning across multiple IPs. show less	Hacking Bad Web Bot Web App Attack
🇺🇸 195.184.76.44	13 Apr 2026	Repeated probing of Joomla API endpoint /api/index.php/v1/config/application?public=true. This endpo ... show more Repeated probing of Joomla API endpoint /api/index.php/v1/config/application?public=true. This endpoint is commonly targeted to detect exposed application configuration. Pattern matches automated vulnerability scanning across multiple IPs. show less	Hacking Bad Web Bot Web App Attack
🇺🇸 158.101.15.41	13 Apr 2026	Automated probing for authentication endpoints. Requests include /admin, /login, /register, /user/lo ... show more Automated probing for authentication endpoints. Requests include /admin, /login, /register, /user/login, /administrator/. Multiple inconsistent user agents (Android, iPhone, iPad, Linux, Mac) within seconds indicate spoofing. Pattern consistent with automated scanning for exposed login panels. show less	Hacking Bad Web Bot Web App Attack
🇺🇸 195.184.76.45	13 Apr 2026	Repeated probing of Joomla API endpoint /api/index.php/v1/config/application?public=true across mult ... show more Repeated probing of Joomla API endpoint /api/index.php/v1/config/application?public=true across multiple IPs. This endpoint is commonly targeted to detect exposed application configuration. Pattern indicates automated vulnerability scanning for misconfigured web applications. show less	Hacking Bad Web Bot Web App Attack
🇺🇸 195.184.76.253	13 Apr 2026	Repeated probing of Joomla API endpoint /api/index.php/v1/config/application?public=true across mult ... show more Repeated probing of Joomla API endpoint /api/index.php/v1/config/application?public=true across multiple IPs. This endpoint is commonly targeted to detect exposed application configuration. Pattern indicates automated vulnerability scanning for misconfigured web applications. show less	Hacking Bad Web Bot Web App Attack
🇺🇸 195.184.76.43	13 Apr 2026	Repeated probing of Joomla API endpoint /api/index.php/v1/config/application?public=true across mult ... show more Repeated probing of Joomla API endpoint /api/index.php/v1/config/application?public=true across multiple IPs. This endpoint is commonly targeted to detect exposed application configuration. Pattern indicates automated vulnerability scanning for misconfigured web applications. show less	Hacking Bad Web Bot Web App Attack
🇺🇸 195.184.76.42	13 Apr 2026	Repeated probing of Joomla API endpoint /api/index.php/v1/config/application?public=true across mult ... show more Repeated probing of Joomla API endpoint /api/index.php/v1/config/application?public=true across multiple IPs. This endpoint is commonly targeted to detect exposed application configuration. Pattern indicates automated vulnerability scanning for misconfigured web applications. show less	Hacking Bad Web Bot Web App Attack
🇺🇸 195.184.76.248	13 Apr 2026	Repeated probing of Joomla API endpoint /api/index.php/v1/config/application?public=true across mult ... show more Repeated probing of Joomla API endpoint /api/index.php/v1/config/application?public=true across multiple IPs. This endpoint is commonly targeted to detect exposed application configuration. Pattern indicates automated vulnerability scanning for misconfigured web applications. show less	Hacking Bad Web Bot Web App Attack
🇺🇸 195.184.76.254	13 Apr 2026	Repeated probing of Joomla API endpoint /api/index.php/v1/config/application?public=true across mult ... show more Repeated probing of Joomla API endpoint /api/index.php/v1/config/application?public=true across multiple IPs. This endpoint is commonly targeted to detect exposed application configuration. Pattern indicates automated vulnerability scanning for misconfigured web applications. show less	Hacking Bad Web Bot Web App Attack
🇺🇸 129.153.94.60	13 Apr 2026	Automated probing for authentication endpoints. Requests include /admin, /administrator/, /user/logi ... show more Automated probing for authentication endpoints. Requests include /admin, /administrator/, /user/login, /register following initial homepage access. Multiple inconsistent user agents (Android, iPhone, Linux, Mac) within seconds indicate spoofing. Pattern consistent with reconnaissance for CMS login panels. show less	Hacking Bad Web Bot Web App Attack
🇸🇬 213.35.119.176	13 Apr 2026	Automated probing for admin/login endpoints. Requests include /admin, /login, /user/login, /administ ... show more Automated probing for admin/login endpoints. Requests include /admin, /login, /user/login, /administrator/ and malformed path /-/-/-/-/-/-/-/-/-/-/. Multiple different user agents (Linux, iPad, Android) within seconds indicate UA spoofing. Pattern consistent with malicious scanning for authentication panels. show less	Hacking Bad Web Bot Web App Attack
🇳🇱 45.153.34.151	13 Apr 2026	Automated HTTP probing for sensitive files on website. Same source IP requested /docker-compose.yml, ... show more Automated HTTP probing for sensitive files on website. Same source IP requested /docker-compose.yml, /.env.bak, /db.php, /composer.json, and /settings.php within the same second. User-Agent strings varied across Windows/Mac/Linux Firefox 133 at identical timestamps, indicating likely spoofing/automation. This activity matches malicious reconnaissance for exposed configuration/secrets and web application probing. No legitimate access expected. show less	Hacking Bad Web Bot Web App Attack
🇺🇸 129.153.94.60	09 Apr 2026	Automated scanning activity detected. The IP performed rapid sequential requests targeting sensit ... show more Automated scanning activity detected. The IP performed rapid sequential requests targeting sensitive endpoints: - /admin - /administrator/ - /user/login - /register User-Agent strings were rotated between requests (Android, iPhone, Linux, Mac, iPad), indicating spoofing. Request frequency and behavior are consistent with automated vulnerability scanning and credential harvesting attempts. No legitimate browsing pattern observed. show less	Brute-Force Web App Attack
🇫🇷 91.196.152.255	08 Apr 2026	Automated probing for Joomla API configuration endpoint. Request to /api/index.php/v1/config/applica ... show more Automated probing for Joomla API configuration endpoint. Request to /api/index.php/v1/config/application?public=true on a non-Joomla site. Likely reconnaissance scanning for exposed configuration data. No legitimate user behavior. show less	Hacking Bad Web Bot Web App Attack
🇩🇪 45.135.193.131	08 Apr 2026	Automated malicious probing against website. Source IP 45.135.193.131 requested /backend/.env and us ... show more Automated malicious probing against website. Source IP 45.135.193.131 requested /backend/.env and used multiple spoofed Firefox 1.0.2 user-agent strings. This appears to be reconnaissance for exposed environment/config files and not legitimate browser traffic. show less	Hacking Bad Web Bot Web App Attack
🇪🇸 51.92.41.71	07 Apr 2026	Suspicious automated behavior targeting web application logic. Triggered a custom verification endpo ... show more Suspicious automated behavior targeting web application logic. Triggered a custom verification endpoint multiple times in rapid succession. show less	Bad Web Bot