AbuseIPDB » 207.154.212.27

207.154.212.27 was found in our database!

This IP was reported 3,024 times. Confidence of Abuse is 7%: ?

7%

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Domain Name	digitalocean.com
Country	Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 207.154.212.27

Whois 207.154.212.27

IP Abuse Reports for 207.154.212.27:

This IP address has been reported a total of 3,024 times from 204 distinct sources. 207.154.212.27 was first reported on January 2nd 2023, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago. It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
iNetWorker	2025-01-28 15:56:41 (1 month ago)	trying to access non-authorized port	Port Scan
mkaraki	2025-01-25 21:38:16 (2 months ago)	1737841094 # Service_probe # SIGNATURE_SEND # source_ip:207.154.212.27 # dst_port:5901 ...	Port Scan
Sawasdee	2025-01-25 21:15:18 (2 months ago)	Port Scan ...	Port Scan
Elysium Security	2025-01-25 20:56:35 (2 months ago)	Mass port scanning on a whole network	Port Scan
Study Bitcoin 🤗	2025-01-25 18:34:16 (2 months ago)	Port probe to tcp/5901 (vnc virtual network computing) [srv62]	Port Scan
JCB	2024-12-02 13:55:00 (3 months ago)	207.154.212.27 - - [01/Dec/2024:13:45:41 +0200] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin ... show more207.154.212.27 - - [01/Dec/2024:13:45:41 +0200] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36" show less	Web App Attack
subnetprotocol	2024-12-01 11:32:26 (3 months ago)	01/Dec/2024:12:32:25.075748 +0100Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client ... show more01/Dec/2024:12:32:25.075748 +0100Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 207.154.212.27] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "212.129.1.133"] [uri "/.env"] [unique_id "Z0xJSUxqGk5NsEC6S5c2uAAABFI"] 01/Dec/2024:12:32:25.134007 +0100Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 207.154.212.27] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-AT ... show less	Hacking Web App Attack
JCB	2024-11-30 13:32:00 (3 months ago)	207.154.212.27 - - [29/Nov/2024:22:55:40 +0200] "GET /.env HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Windo ... show more207.154.212.27 - - [29/Nov/2024:22:55:40 +0200] "GET /.env HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36" 207.154.212.27 - - [29/Nov/2024:22:55:40 +0200] "GET /conf/.env HTTP/1.1" 403 199 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36" ... show less	Hacking Brute-Force Web App Attack
Mr-Money	2024-11-30 13:11:43 (3 months ago)	207.154.212.27 - - [30/Nov/2024:14:11:37 +0100] "GET /.env HTTP/1.1" 404 461 "-" "Mozilla/5.0 (Windo ... show more207.154.212.27 - - [30/Nov/2024:14:11:37 +0100] "GET /.env HTTP/1.1" 404 461 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36" ... show less	Hacking SQL Injection Bad Web Bot Exploited Host Web App Attack
security.yc3a.com	2024-11-30 01:17:39 (3 months ago)	207.154.212.27 - - [30/Nov/2024:01:17:39 +0000] "GET /api/.env HTTP/1.1" 404 548 "-" "Mozilla/5.0 (W ... show more207.154.212.27 - - [30/Nov/2024:01:17:39 +0000] "GET /api/.env HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36" show less	Brute-Force Web App Attack
subnetprotocol	2024-11-29 20:49:11 (3 months ago)	29/Nov/2024:21:49:10.011902 +0100Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client ... show more29/Nov/2024:21:49:10.011902 +0100Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 207.154.212.27] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.7"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "212.129.1.133"] [uri "/.env"] [unique_id "Z0ooxg-kAY0awPrLv_evWwAAAMA"] 29/Nov/2024:21:49:10.075252 +0100Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 207.154.212.27] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-930-APPLICATION-AT ... show less	Hacking Web App Attack
rtbh.com.tr	2024-08-31 20:55:05 (6 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
rtbh.com.tr	2024-08-30 20:55:08 (6 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
kosmonot	2024-08-30 15:38:07 (6 months ago)	Aug 30 08:09:55 flappy sshd[1441484]: Invalid user vyatta from 207.154.212.27 port 44772 Aug 3 ... show moreAug 30 08:09:55 flappy sshd[1441484]: Invalid user vyatta from 207.154.212.27 port 44772 Aug 30 08:22:20 flappy sshd[1442321]: Invalid user vyatta from 207.154.212.27 port 42134 Aug 30 08:34:38 flappy sshd[1443100]: Invalid user nutanix from 207.154.212.27 port 39492 Aug 30 08:38:06 flappy sshd[1443347]: Invalid user user from 207.154.212.27 port 50836 ... show less	Port Scan Brute-Force SSH
ghostwarriors	2024-08-30 15:20:57 (6 months ago)	Unauthorized connection attempt detected, SSH Brute-Force	Port Scan Brute-Force SSH

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩