JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.248.207.12

104.248.207.12 was found in our database!

This IP was reported 327 times. Confidence of Abuse is 75%: ?

75%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.248.207.12

Whois 104.248.207.12

IP Abuse Reports for 104.248.207.12:

This IP address has been reported a total of 327 times from 194 distinct sources. 104.248.207.12 was first reported on November 4th 2022, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇳 evicky2002	2026-05-14 06:00:00 (4 weeks ago)	Confirmed malicious by STILWaters CTI platform (score=100, sources=1)	Hacking Brute-Force SSH
🇬🇧 openstrike.co.uk	2026-05-11 05:13:13 (1 month ago)	17 attacks on password grabbing URLs, env grabbing URLs, config grabbing URLs (type 2): GET /.aws/cr ... show more 17 attacks on password grabbing URLs, env grabbing URLs, config grabbing URLs (type 2): GET /.aws/credentials HTTP/1.1 GET /backend/.env HTTP/1.1 GET /secrets.json HTTP/1.1 show less	Hacking
🇲🇽 octageeks.com	2026-05-11 04:06:02 (1 month ago)	Wordpress malicious attack:[octablocked]	Web App Attack
🇺🇸 TPI-Abuse	2026-05-10 21:32:54 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.248.207.12 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.248.207.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 10 17:32:47.371673 2026] [security2:error] [pid 2273:tid 2273] [client 104.248.207.12:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nextmoon.com"] [uri "/.env.production"] [unique_id "agD5f6OsmaJMIl1hzu54vwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 juutis	2026-05-10 18:29:29 (1 month ago)	Multiple WAF abuses - IP blocked	Hacking Brute-Force Web App Attack
🇩🇪 gadix	2026-05-10 17:23:32 (1 month ago)	[10/May/2026:19:23:28.906856 +0200] agC_ENcozTTo40Sdi-L8lQAAAIE 104.248.207.12 47716 127.0.0.1 7081 ... show more [10/May/2026:19:23:28.906856 +0200] agC_ENcozTTo40Sdi-L8lQAAAIE 104.248.207.12 47716 127.0.0.1 7081 [10/May/2026:19:23:31.579699 +0200] agC_E4WYFdKBLS2d738ogQAAAMk 104.248.207.12 36082 127.0.0.1 7081 [10/May/2026:19:23:31.714970 +0200] agC_E4WYFdKBLS2d738oggAAANY 104.248.207.12 36084 127.0.0.1 7081 ... show less	Web App Attack
🇩🇪 raph	2026-05-10 15:59:50 (1 month ago)	[DOT FILES] crawler .env, .git, .config, etc.	Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-05-10 11:55:45 (1 month ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 127	Exploited Host Web App Attack
🇺🇦 URAN Publishing Service	2026-05-10 11:08:18 (1 month ago)	104.248.207.12 - - [10/May/2026:14:08:16 +0300] "GET /api/.env HTTP/1.1" 404 768 "-" "Mozilla/5.0 (X ... show more 104.248.207.12 - - [10/May/2026:14:08:16 +0300] "GET /api/.env HTTP/1.1" 404 768 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:150.0) Gecko/20100101 Firefox/150.0" ... show less	Web App Attack
🇺🇸 kosada.com	2026-05-10 11:02:36 (1 month ago)	Web vulnerability probing: /backend/.env	Web App Attack
🇩🇪 webanyone	2026-05-10 10:00:07 (1 month ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇺🇸 TPI-Abuse	2026-05-10 09:49:44 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.248.207.12 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.248.207.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 10 05:49:41.072202 2026] [security2:error] [pid 12862:tid 12862] [client 104.248.207.12:45318] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pintoresdecasascdmx.com"] [uri "/backend/.env"] [unique_id "agBUtcfxVO5V1zFIzfKkegAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-10 09:21:00 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.248.207.12 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.248.207.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 10 05:20:53.236774 2026] [security2:error] [pid 25291:tid 25291] [client 104.248.207.12:62782] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "grabagame.com"] [uri "/app/.env"] [unique_id "agBN9U3D8FuTd1uj3kij2AAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 BlueWire Hosting	2026-05-10 09:05:12 (1 month ago)	Probing websites for vulnerabilities	Web App Attack SQL Injection
🇺🇸 TPI-Abuse	2026-05-10 09:01:03 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 104.248.207.12 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 104.248.207.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 10 05:00:58.612693 2026] [security2:error] [pid 755:tid 755] [client 104.248.207.12:49710] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "accentspecialties.com"] [uri "/.env"] [unique_id "agBJSvUKjyGjWDc7dma0awAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 327 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇦🇷 200.32.52.150

🇳🇱 45.148.10.151

🇹🇼 198.235.24.104

🇬🇧 188.240.59.50

🇺🇸 159.89.190.217

🇺🇸 147.185.132.93

🇳🇬 102.88.137.213

🇸🇪 90.230.226.175

🇭🇰 45.192.97.6

🇧🇷 45.164.121.80

🇭🇰 43.161.246.189

🇰🇷 218.150.184.241

🇰🇷 211.106.133.202

🇻🇪 190.121.239.197

🇺🇸 162.216.149.222

🇺🇸 162.216.149.86

🇪🇸 154.70.207.29

🇧🇷 136.248.121.226

🇺🇸 66.132.186.217

🇰🇷 58.224.62.29