JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.68.41.12

138.68.41.12 was found in our database!

This IP was reported 39 times. Confidence of Abuse is 100%: ?

100%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	🇺🇸 United States of America
City	Santa Clara, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.68.41.12

Whois 138.68.41.12

IP Abuse Reports for 138.68.41.12:

This IP address has been reported a total of 39 times from 29 distinct sources. 138.68.41.12 was first reported on June 22nd 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇹 madaello	2026-06-24 19:34:28 (2 hours ago)	138.68.41.12 - - [24/Jun/2026:21:34:27 +0200] "GET /.env HTTP/1.1" 301 631 "-" "Mozilla/5.0 (X11; Li ... show more 138.68.41.12 - - [24/Jun/2026:21:34:27 +0200] "GET /.env HTTP/1.1" 301 631 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 138.68.41.12 - - [24/Jun/2026:21:34:28 +0200] "GET /.env HTTP/1.1" 301 631 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 138.68.41.12 - - [24/Jun/2026:21:34:28 +0200] "POST / HTTP/1.1" 301 623 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 138.68.41.12 - - [24/Jun/2026:21:34:28 +0200] "POST / HTTP/1.1" 301 623 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" ... show less	Hacking
🇨🇿 ptlab	2026-06-24 18:00:03 (3 hours ago)	Detected env_leak attack from WP-host.	Hacking Web App Attack
🇭🇺 whitehoodie	2026-06-24 17:18:57 (4 hours ago)	AUTOMATED REPORT: Tried to access .env file	Hacking Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-06-24 14:12:32 (7 hours ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 Starburst SysOp Team	2026-06-24 02:43:44 (19 hours ago)	(mod_security-custom) mod_security (id:210492) triggered by 138.68.41.12 (US/United States/Californi ... show more (mod_security-custom) mod_security (id:210492) triggered by 138.68.41.12 (US/United States/California/Santa Clara/-/[AS14061 DIGITALOCEAN-ASN]): 1 in the last 3600 secs (0-srv1) show less	Hacking
🇻🇪 LUISE	2026-06-24 02:00:08 (19 hours ago)	Vulnerability scanning for Web files on server 5-9VE.	Hacking Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-24 01:15:05 (20 hours ago)	(mod_security) mod_security (id:210492) triggered by 138.68.41.12 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 138.68.41.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 21:14:55.662026 2026] [security2:error] [pid 3227:tid 3227] [client 138.68.41.12:46710] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.25"] [uri "/.env"] [unique_id "ajsvj56lgc6CwawK9TkeUAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-24 00:36:40 (21 hours ago)	. Matched phrase "/.env" at REQUEST_URI. (210492-143)	Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 23:44:30 (22 hours ago)	(mod_security) mod_security (id:210492) triggered by 138.68.41.12 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 138.68.41.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 19:44:24.928535 2026] [security2:error] [pid 15690:tid 15690] [client 138.68.41.12:52704] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.92"] [uri "/.env"] [unique_id "ajsaWEAY2egomKgu9DBk8wAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇱 router.al	2026-06-23 21:30:16 (1 day ago)	06/23/2026-21:30:15.859878 138.68.41.12 Protocol: 6 ET SCAN Laravel Debug Mode Information Disclosur ... show more 06/23/2026-21:30:15.859878 138.68.41.12 Protocol: 6 ET SCAN Laravel Debug Mode Information Disclosure Probe Inbound show less	Port Scan
Anonymous	2026-06-23 21:16:05 (1 day ago)	Bot / scanning and/or hacking attempts: GET /.env HTTP/1.1	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 21:08:10 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 138.68.41.12 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 138.68.41.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 17:08:05.228415 2026] [security2:error] [pid 7628:tid 7628] [client 138.68.41.12:59578] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.22"] [uri "/.env"] [unique_id "ajr1tbwbbUV2oD4HM-h-SwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 zynex	2026-06-23 20:49:18 (1 day ago)	URL Probing: /.env	Web App Attack
🇪🇸 alferez	2026-06-23 20:41:22 (1 day ago)	Searching .(env\|sql\|zip\|tar\|rar) files	Hacking Exploited Host Web App Attack
🇩🇪 big-cloud.nl	2026-06-23 20:14:59 (1 day ago)	Try to access /.env	Web App Attack

Showing 1 to 15 of 39 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇴 193.32.162.84

🇧🇪 34.140.185.74

🇳🇱 195.178.110.232

🇳🇱 45.148.10.121

🇺🇸 44.141.206.182

🇨🇳 39.168.83.173

🇫🇷 2001:41d0:33a:a00::409

🇧🇷 205.210.31.231

🇩🇪 135.136.0.234

🇮🇹 79.23.239.122

🇺🇸 44.158.227.215

🇬🇧 44.61.160.255

🇨🇳 42.232.104.201

🇮🇳 182.95.228.194

🇨🇦 104.223.84.233

🇨🇦 85.217.149.42

🇨🇳 59.173.227.38

🇭🇰 47.86.47.175

🇮🇪 18.201.223.129

🇧🇷 200.155.66.2