JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 142.248.80.104

142.248.80.104 was found in our database!

This IP was reported 4,088 times. Confidence of Abuse is 100%: ?

100%

ISP	Advin Services LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS22295
Domain Name	advinservers.com
Country	🇺🇸 United States of America
City	Kansas City, Missouri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 142.248.80.104

Whois 142.248.80.104

IP Abuse Reports for 142.248.80.104:

This IP address has been reported a total of 4,088 times from 377 distinct sources. 142.248.80.104 was first reported on April 4th 2026, and the most recent report was 21 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 FeG Deutschland	2026-05-23 16:08:03 (1 week ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1247	Exploited Host Web App Attack
🇫🇮 mnazibo	2026-05-23 13:00:04 (1 week ago)	Date: 23/May/2026 15:08:00 \| Reported IP: 142.248.80.104 mod_security \| id: 930130 \| US/group.my_dom ... show more Date: 23/May/2026 15:08:00 \| Reported IP: 142.248.80.104 mod_security \| id: 930130 \| US/group.my_domain/- \| Connections: 36 \| Blocked: Permanent Block: [LF_MODSEC] \| URIs: /api/.env; /app/.env; /.aws/credentials; /backend/.env; /credentials.json; /.env~; /.env.backup; /.env.bak; /.env.copy; /.env.local~; /.env.local.backup; /.env.local.bak; /.env.local.copy; /.env.local.old; /.env.local.orig; /.env.local.save; /.env.local.swp; /.env.old; /.env.orig; /.env.production~; /.env.production.backup; /.env.production.bak; /.env.production.copy; /.env.production.old; /.env.production.orig; /.env.production.save; /.env.production.swp; /.env.save; /.env.swp; /.git/config; /.git/FETCH_HEAD; /.git/HEAD; /.git/logs/HEAD; /.git/refs/heads/main; /.git/refs/heads/master; /secrets.json \| Logs: Restricted File Access Attempt show less	SQL Injection Brute-Force Bad Web Bot
🇸🇪 vaia.cloud	2026-05-23 12:44:01 (1 week ago)	trying wp-login.php/xmlrpc.php 30 times in 1 minutes	Brute-Force Web App Attack
🇦🇺 afleventoffice.com.au	2026-05-23 10:40:31 (1 week ago)	GET /.env HTTP/1.1	Web App Attack
🇺🇸 kosada.com	2026-05-23 07:43:24 (1 week ago)	Web vulnerability probing: /.aws/credentials	Web App Attack
🇦🇺 AWW-Admin	2026-05-23 01:15:30 (1 week ago)	(mod_security) mod_security triggered on hostname [redacted] 142.248.80.104 (US/United States/-)	SQL Injection
🇬🇧 consul.to	2026-05-22 15:51:25 (1 week ago)	Web attack/malicious scanning detected	Web App Attack
🇧🇪 madeit	2026-05-22 12:03:20 (1 week ago)		Brute-Force SSH
Anonymous	2026-05-22 11:35:44 (1 week ago)	(caddyscan) Scanner path probe from 142.248.80.104 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 142.248.80.104 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 142.248.80.104 - - [22/May/2026:11:35:40 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 142.248.80.104 - - [22/May/2026:11:35:40 +0000] "GET /api/.env HTTP/1.1" [REDACTED] 200 2627 142.248.80.104 - - [22/May/2026:11:35:40 +0000] "GET /.aws/credentials HTTP/1.1" [REDACTED] 200 2627 142.248.80.104 - - [22/May/2026:11:35:40 +0000] "GET /app/.env HTTP/1.1" [REDACTED] 200 2627 142.248.80.104 - - [22/May/2026:11:35:40 +0000] "GET /.env.production HTTP/1.1" show less	Port Scan
🇧🇷 SOC PR	2026-05-22 11:32:55 (1 week ago)	IPS: Web Server Exposed Git Repository Information Disclosure.	Hacking
🇫🇷 masterguru	2026-05-22 10:03:31 (1 week ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 142.248.80.104 (US/United States/-): ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 142.248.80.104 (US/United States/-): 2 in the last 3600 secs (0-196) show less	Hacking
🇫🇷 masterguru	2026-05-22 07:29:45 (1 week ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-195)	Hacking Web App Attack
🇺🇦 URAN Publishing Service	2026-05-22 04:58:49 (1 week ago)	142.248.80.104 - - [22/May/2026:07:58:48 +0300] "GET /.env HTTP/1.1" 404 714 "-" "Mozilla/5.0 (Windo ... show more 142.248.80.104 - - [22/May/2026:07:58:48 +0300] "GET /.env HTTP/1.1" 404 714 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Edg/146.0.0.0" ... show less	Web App Attack
🇫🇷 masterguru	2026-05-22 03:55:54 (1 week ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 142.248.80.104 (US/United States/-): ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 142.248.80.104 (US/United States/-): 1 in the last 3600 secs (0-197) show less	Hacking
🇫🇷 Fasetech	2026-05-22 01:14:48 (1 week ago)	SecLedge detected suspicious activity. Score: 669.48. Sensor: T-Pot.	Brute-Force Web App Attack

Showing 61 to 75 of 4088 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2602:fb54:1400::120

🇺🇸 136.109.108.188

🇸🇬 103.189.234.96

🇺🇸 73.199.161.144

🇨🇳 36.153.54.129

🇬🇧 35.203.210.199

🇺🇸 208.109.188.137

🇲🇽 177.249.173.88

🇺🇸 172.245.102.33

🇬🇧 167.99.89.213

🇨🇦 147.182.147.33

🇹🇼 60.199.224.2

🇳🇱 45.81.23.7

🇬🇧 35.203.210.42

🇺🇸 193.36.225.118

🇯🇵 172.253.235.24

🇩🇪 150.241.78.252

🇺🇸 138.68.243.18

🇨🇳 116.149.146.114

🇩🇪 82.165.184.35