JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 209.38.85.212

209.38.85.212 was found in our database!

This IP was reported 44 times. Confidence of Abuse is 0%: ?

ISP	DigitalOcean, LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14061
Hostname(s)	scale-down-test-1769636360383-e17f8407.mongo.ondigitalocean.com
Domain Name	digitalocean.com
Country	🇦🇺 Australia
City	Sydney, New South Wales

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 209.38.85.212

Whois 209.38.85.212

IP Abuse Reports for 209.38.85.212:

This IP address has been reported a total of 44 times from 39 distinct sources. 209.38.85.212 was first reported on March 8th 2026, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 thetomtaylor.co.uk	2026-05-05 01:09:13 (1 month ago)	Fail2Ban - [SSH]Brute-force login attempts on sshd ... [mx01,mx03]	Brute-Force SSH
🇵🇱 IROK	2026-03-11 21:52:21 (3 months ago)	Firewall Blocked - Unauthorized Port Scanning ...	Port Scan
🇦🇺 2000cn.com.au	2026-03-11 20:45:48 (3 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/CVE-2017-9841	Web App Attack
🇳🇱 homeshowdomain.nl	2026-03-10 23:01:33 (3 months ago)	Auto-ban: >3000 req/min op 2026-03-10	Web App Attack SSH Hacking
Anonymous	2026-03-10 21:56:00 (3 months ago)	"GET /.env HTTP/2.0"	Hacking Web App Attack
🇧🇪 cmbplf	2026-03-10 21:12:58 (3 months ago)	303 requests with url.path /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 295 requests with u ... show more 303 requests with url.path /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php 295 requests with url.path */.git/config show less	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-03-10 18:45:24 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 209.38.85.212 (scale-down-test-1769636360383-e1 ... show more (mod_security) mod_security (id:210492) triggered by 209.38.85.212 (scale-down-test-1769636360383-e17f8407.mongo.ondigitalocean.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 10 14:45:13.988767 2026] [security2:error] [pid 17186:tid 17186] [client 209.38.85.212:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hondabvi.com"] [uri "/.env"] [unique_id "abBmubTCwYxRzdI3XNUXPgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Live Home Cams	2026-03-10 17:46:40 (3 months ago)	WebApp brute force attack detected. Multiple file scanning attempts from 209.38.85.212. Detected by ... show more WebApp brute force attack detected. Multiple file scanning attempts from 209.38.85.212. Detected by fail2ban. show less	Web App Attack Brute-Force
🇲🇾 Rizzy	2026-03-10 17:10:12 (3 months ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-03-10 16:40:08 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 209.38.85.212 (scale-down-test-1769636360383-e1 ... show more (mod_security) mod_security (id:210492) triggered by 209.38.85.212 (scale-down-test-1769636360383-e17f8407.mongo.ondigitalocean.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 10 12:39:58.447834 2026] [security2:error] [pid 15213:tid 15213] [client 209.38.85.212:16332] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "homeschoolwv.com"] [uri "/.env"] [unique_id "abBJXn9RVGPURj1WFZe8XAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2026-03-10 16:31:32 (3 months ago)	Blocking for trying to access an exploit file: /.env	Hacking
🇫🇮 as211431.net	2026-03-10 16:20:27 (3 months ago)	Triggered Cloudflare WAF (firewallCustom) from AU. Action taken: MANAGED_CHALLENGE Protocol: HTTP/2 ... show more Triggered Cloudflare WAF (firewallCustom) from AU. Action taken: MANAGED_CHALLENGE Protocol: HTTP/2 (POST method) Endpoint: /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇪🇸 Security@Home	2026-03-10 15:25:36 (3 months ago)	209.38.85.212 - - [10/Mar/2026:16:25:35 +0100] "GET /.env HTTP/2.0" 404 61 "https://homenetworksecur ... show more 209.38.85.212 - - [10/Mar/2026:16:25:35 +0100] "GET /.env HTTP/2.0" 404 61 "https://homenetworksecurity.eu/.env" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" 209.38.85.212 - - [10/Mar/2026:16:25:35 +0100] "GET /wp HTTP/2.0" 404 61 "https://homenetworksecurity.eu/wp" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" 209.38.85.212 - - [10/Mar/2026:16:25:35 +0100] "GET /wordpress HTTP/2.0" 404 61 "https://homenetworksecurity.eu/wordpress" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-03-10 15:25:27 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 209.38.85.212 (scale-down-test-1769636360383-e1 ... show more (mod_security) mod_security (id:210492) triggered by 209.38.85.212 (scale-down-test-1769636360383-e17f8407.mongo.ondigitalocean.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 10 11:25:20.018143 2026] [security2:error] [pid 17032:tid 17032] [client 209.38.85.212:15474] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "homenetserv.com"] [uri "/.env"] [unique_id "abA34KVUwpj8_Iv2LYKxowAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇯🇵 S.O.B.A. Dev.	2026-03-10 15:24:53 (3 months ago)	Web vulnerability scanning	Brute-Force Web Spam Web App Attack

Showing 1 to 15 of 44 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 222.110.147.56

🇺🇸 216.218.206.68

🇲🇽 201.149.53.243

🇩🇪 193.233.86.212

🇫🇮 178.20.210.208

🇫🇷 173.212.228.191

🇺🇸 150.107.36.186

🇻🇳 103.163.214.78

🇨🇳 101.23.162.210

🇺🇸 73.153.3.166

🇺🇸 64.62.197.76

🇳🇱 45.148.10.183

🇩🇪 45.135.141.7

🇯🇵 43.165.185.71

🇩🇪 34.141.126.199

🇩🇪 213.209.159.231

🇰🇷 211.62.111.247

🇺🇸 205.210.31.47

🇺🇸 198.11.179.228

🇬🇧 195.206.182.195