JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 128.199.80.47

128.199.80.47 was found in our database!

This IP was reported 37 times. Confidence of Abuse is 84%: ?

84%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 128.199.80.47

Whois 128.199.80.47

IP Abuse Reports for 128.199.80.47:

This IP address has been reported a total of 37 times from 15 distinct sources. 128.199.80.47 was first reported on June 11th 2026, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 voormedia	2026-06-16 13:56:15 (8 hours ago)	Accessed trap at '/.env'	Web App Attack
🇧🇾 lns.bz	2026-06-16 12:28:59 (10 hours ago)	.env scanning [BY]	Web App Attack
🇮🇹 Inartis	2026-06-16 08:51:27 (13 hours ago)	128.199.80.47 - - [16/Jun/2026:10:51:25 +0200] "GET /.env HTTP/1.1" 404 363 "-" "Mozilla/5.0 (Window ... show more 128.199.80.47 - - [16/Jun/2026:10:51:25 +0200] "GET /.env HTTP/1.1" 404 363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36 Edg/138.0.0.0" ... show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 07:27:47 (15 hours ago)	(mod_security) mod_security (id:210492) triggered by 128.199.80.47 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 128.199.80.47 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 03:27:40.218730 2026] [security2:error] [pid 3283:tid 3283] [client 128.199.80.47:37364] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.kanata.ws"] [uri "/.env"] [unique_id "ajD67PlJVJDR0xjIyB7cqwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-16 02:34:30 (20 hours ago)	(mod_security) mod_security triggered on hostname [redacted] 128.199.80.47 (SG/Singapore/-)	SQL Injection
🇺🇸 TPI-Abuse	2026-06-15 21:57:49 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 128.199.80.47 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 128.199.80.47 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 17:57:45.514431 2026] [security2:error] [pid 10220:tid 10220] [client 128.199.80.47:41806] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.notimallinckrodt.com.ar"] [uri "/.env"] [unique_id "ajB1WVbI6g0QlRTwYFImUwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 19:45:08 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 128.199.80.47 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 128.199.80.47 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 15:44:57.370700 2026] [security2:error] [pid 7794:tid 7794] [client 128.199.80.47:58856] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.manoli.cl"] [uri "/.env"] [unique_id "ajBWOYlJRtSC1ki0RAvVPAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 sdos.es	2026-06-15 18:08:12 (1 day ago)	"Restricted File Access Attempt - Matched Data: /.env found within REQUEST_FILENAME: /.env"	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 06:46:23 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 128.199.80.47 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 128.199.80.47 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 02:46:14.908441 2026] [security2:error] [pid 26676:tid 26676] [client 128.199.80.47:37586] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.wwts.io"] [uri "/.env"] [unique_id "ai-ftumkki-dSRg6-ow-gQAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇾 lns.bz	2026-06-15 04:33:41 (1 day ago)	.env scanning [BY]	Web App Attack
Anonymous	2026-06-15 01:51:17 (1 day ago)	[Mon Jun 15 03:51:16.794706 2026] [access_compat:error] [pid 1750467:tid 1750467] [client 128.199.80 ... show more [Mon Jun 15 03:51:16.794706 2026] [access_compat:error] [pid 1750467:tid 1750467] [client 128.199.80.47:53440] AH01797: client denied by server configuration: /var/www/html/users [Mon Jun 15 03:51:17.204208 2026] [access_compat:error] [pid 1750467:tid 1750467] [client 128.199.80.47:53440] AH01797: client denied by server configuration: /var/www/html/.env ... show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 23:33:34 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 128.199.80.47 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 128.199.80.47 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 19:33:29.661911 2026] [security2:error] [pid 16594:tid 16594] [client 128.199.80.47:52362] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.myemail.navy"] [uri "/.env"] [unique_id "ai86Sc7NPINNuetk58xaKwAAACg"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-14 22:04:24 (2 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-13. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-06-14 21:21:45 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 128.199.80.47 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 128.199.80.47 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 17:21:40.379374 2026] [security2:error] [pid 19571:tid 19571] [client 128.199.80.47:52144] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "understory.us"] [uri "/.env"] [unique_id "ai8bZEug2EiMgTOgnS-d5AAAAF8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 20:56:19 (2 days ago)	(mod_security) mod_security (id:949110) triggered by 128.199.80.47 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:949110) triggered by 128.199.80.47 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 16:56:11.628627 2026] [security2:error] [pid 1626:tid 1626] [client 128.199.80.47:55148] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "trophiesetc.us"] [uri "/.env"] [unique_id "ai8Vay05qz5dLgTV8qjfBAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 37 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 185.226.197.47

🇺🇸 170.254.178.254

🇺🇸 170.254.178.247

🇺🇸 170.254.178.219

🇺🇸 170.254.178.210

🇧🇷 138.122.83.181

🇨🇳 39.154.3.154

🇨🇳 14.116.172.24

🇺🇸 209.50.165.23

🇧🇷 205.210.31.146

🇨🇴 200.189.27.74

🇺🇸 170.254.178.204

🇺🇸 170.254.178.174

🇺🇸 170.254.178.157

🇺🇸 170.254.178.139

🇺🇸 162.216.149.207

🇺🇸 152.32.235.227

🇮🇩 103.189.119.234

🇬🇧 81.19.219.240

🇺🇸 43.159.143.139