JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 129.212.227.251

129.212.227.251 was found in our database!

This IP was reported 205 times. Confidence of Abuse is 50%: ?

50%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 129.212.227.251

Whois 129.212.227.251

IP Abuse Reports for 129.212.227.251:

This IP address has been reported a total of 205 times from 116 distinct sources. 129.212.227.251 was first reported on March 18th 2026, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 JustMeHere	2026-05-18 22:08:37 (1 month ago)	[Mon May 18 18:08:32.774415 2026] [security2:error] [pid 54562:tid 54675] [client 129.212.227.251:38 ... show more [Mon May 18 18:08:32.774415 2026] [security2:error] [pid 54562:tid 54675] [client 129.212.227.251:38622] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.15.0"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "yorknation.com"] [uri "/.env"] [unique_id "aguN4Hst6ogsa-PZOyhLNgAAAEY"] ... show less	Web App Attack
Anonymous	2026-05-18 05:55:54 (1 month ago)	(caddyscan) Scanner path probe from 129.212.227.251 (SG/Singapore/-): 5 in the last 3600 secs; Ports ... show more (caddyscan) Scanner path probe from 129.212.227.251 (SG/Singapore/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 129.212.227.251 - - [18/May/2026:05:50:17 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 129.212.227.251 - - [18/May/2026:05:51:23 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 129.212.227.251 - - [18/May/2026:05:52:50 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 129.212.227.251 - - [18/May/2026:05:54:10 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 129.212.227.251 - - [18/May/2026:05:55:50 +0000] "GET /.env HTTP/1.1" show less	Port Scan
Anonymous	2026-05-18 05:50:17 (1 month ago)	129.212.227.251 - - [18/May/2026:05:50:16 +0000] "GET /.env HTTP/1.1" 403 5343 "-" "Mozilla/5.0 (Win ... show more 129.212.227.251 - - [18/May/2026:05:50:16 +0000] "GET /.env HTTP/1.1" 403 5343 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36" ... show less	Bad Web Bot Web App Attack
🇺🇸 octageeks.com	2026-05-18 04:07:17 (1 month ago)	Wordpress malicious attack:[octablocked]	Web App Attack
Anonymous	2026-05-17 19:53:41 (1 month ago)	(caddyscan) Scanner path probe from 129.212.227.251 (SG/Singapore/-): 5 in the last 3600 secs; Ports ... show more (caddyscan) Scanner path probe from 129.212.227.251 (SG/Singapore/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 129.212.227.251 - - [17/May/2026:19:51:20 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 129.212.227.251 - - [17/May/2026:19:51:20 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 129.212.227.251 - - [17/May/2026:19:52:48 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 129.212.227.251 - - [17/May/2026:19:53:27 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 129.212.227.251 - - [17/May/2026:19:53:40 +0000] "GET /.env HTTP/1.1" show less	Port Scan
🇩🇪 big-cloud.nl	2026-05-17 18:32:29 (1 month ago)	Try to access /.env	Web App Attack
🇦🇹 services.org.pl	2026-05-16 12:04:14 (1 month ago)	open() "/var/www/html/.env" failed (2: No such file or directory), client: 129.212.227.251, server: ... show more open() "/var/www/html/.env" failed (2: No such file or directory), client: 129.212.227.251, server: web.services.org.pl, request: "GET /.env HTTP/1.1", host: "web.services.org.pl" show less	Bad Web Bot Web App Attack
🇩🇪 Hary74656	2026-05-16 10:38:01 (1 month ago)	[Sat May 16 12:37:52.602936 2026] [core:info] [pid 97837:tid 97902] [client 129.212.227.251:42578] A ... show more [Sat May 16 12:37:52.602936 2026] [core:info] [pid 97837:tid 97902] [client 129.212.227.251:42578] AH00128: File does not exist: /home/harald/www/webmail/_profiler/phpinfo ... show less	Bad Web Bot
🇩🇪 todix	2026-05-16 07:51:59 (1 month ago)	Web App Attack Exploid from 129.212.227.251	Web App Attack
🇩🇪 Gwyneth Llewelyn	2026-05-16 07:47:19 (1 month ago)	129.212.227.251 - - [16/May/2026:08:47:16 +0100] "GET /roundcube/_profiler/phpinfo HTTP/2.0" 404 106 ... show more 129.212.227.251 - - [16/May/2026:08:47:16 +0100] "GET /roundcube/_profiler/phpinfo HTTP/2.0" 404 1064 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36" show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-16 01:45:22 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 129.212.227.251 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 129.212.227.251 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 21:45:14.847270 2026] [security2:error] [pid 23532:tid 23532] [client 129.212.227.251:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.kcdusa.com"] [uri "/.env"] [unique_id "agfMKsBZc4w0hCfBzmn9-AAAADA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-16 00:23:16 (1 month ago)	(mod_security) mod_security triggered on hostname [redacted] 129.212.227.251 (SG/Singapore/-)	SQL Injection
🇺🇸 TPI-Abuse	2026-05-15 21:00:19 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 129.212.227.251 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 129.212.227.251 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 17:00:12.697789 2026] [security2:error] [pid 10042:tid 10042] [client 129.212.227.251:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.c2cservices.com"] [uri "/.env"] [unique_id "ageJXDFt0Y5FghridMf3bgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 curiosity	2026-05-15 19:38:48 (1 month ago)	This IP was detected by CrowdSec triggering crowdsecurity/appsec-vpatch	Web App Attack
🇺🇸 vanguardm	2026-05-15 19:20:03 (1 month ago)	Automated report: 8 events detected. Types: web-attack	Web App Attack

Showing 1 to 15 of 205 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇪 217.217.245.156

🇪🇬 197.55.222.4

🇨🇦 70.79.174.24

🇲🇾 49.124.148.190

🇱🇹 45.227.254.170

🇳🇱 45.148.10.141

🇨🇷 190.113.115.50

🇺🇿 185.191.141.115

🇺🇸 162.216.150.73

🇺🇸 66.132.195.50

🇮🇶 65.20.146.109

🇳🇱 62.164.177.222

🇭🇳 181.115.7.203

🇵🇰 161.248.186.190

🇩🇪 161.35.65.86

🇮🇳 122.161.240.2

🇨🇳 111.21.38.138

🇱🇻 81.30.98.144

🇺🇸 65.49.1.50

🇷🇺 46.229.130.163