JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 212.1.211.140

212.1.211.140 was found in our database!

This IP was reported 37 times. Confidence of Abuse is 100%: ?

100%

ISP	VPS Servers
Usage Type	Data Center/Web Hosting/Transit
ASN	AS47583
Domain Name	hostinger.com
Country	🇺🇸 United States of America
City	Asheville, North Carolina

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 212.1.211.140

Whois 212.1.211.140

IP Abuse Reports for 212.1.211.140:

This IP address has been reported a total of 37 times from 30 distinct sources. 212.1.211.140 was first reported on June 6th 2026, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 e.fierstra	2026-06-07 10:10:37 (5 hours ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇩🇪 Bedios GmbH	2026-06-07 08:43:07 (6 hours ago)	Login credentials theft attempt	Hacking
🇺🇸 TPI-Abuse	2026-06-07 08:17:28 (7 hours ago)	(mod_security) mod_security (id:210492) triggered by 212.1.211.140 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.1.211.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 04:17:22.971461 2026] [security2:error] [pid 2172:tid 2172] [client 212.1.211.140:26754] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "theurbanlogger.com"] [uri "/core/.env"] [unique_id "aiUpEle6ogeNdcpArXZvzgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-07 08:00:08 (7 hours ago)	Web App Attack, Hacking	Hacking Web App Attack
Anonymous	2026-06-07 06:09:03 (9 hours ago)	(caddyscan) Scanner path probe from 212.1.211.140 (US/United States/-): 5 in the last 3600 secs; Por ... show more (caddyscan) Scanner path probe from 212.1.211.140 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 212.1.211.140 - - [07/Jun/2026:06:09:00 +0000] "GET /core/.env HTTP/1.1" [REDACTED] 200 2627 212.1.211.140 - - [07/Jun/2026:06:09:00 +0000] "GET /laravel/.env HTTP/1.1" [REDACTED] 200 2627 212.1.211.140 - - [07/Jun/2026:06:09:00 +0000] "GET /member/.env HTTP/1.1" [REDACTED] 200 2627 212.1.211.140 - - [07/Jun/2026:06:09:00 +0000] "GET /dev/.env HTTP/1.1" [REDACTED] 200 2627 212.1.211.140 - - [07/Jun/2026:06:09:00 +0000] "GET /api/.env HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-07 05:01:08 (10 hours ago)	(mod_security) mod_security (id:210492) triggered by 212.1.211.140 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.1.211.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 01:01:02.547490 2026] [security2:error] [pid 26528:tid 26528] [client 212.1.211.140:63372] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "seacorre.com"] [uri "/.env"] [unique_id "aiT7DuV4PahYY5xRjEh8ZQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 EGP Abuse Dept	2026-06-07 04:05:48 (11 hours ago)	Scanning for web/db/file exploits on www.igrotech.nl	SQL Injection Bad Web Bot Web App Attack
🇬🇧 Apache	2026-06-07 02:39:30 (12 hours ago)	(mod_security) mod_security (id:210492) triggered by 212.1.211.140 (US/United States/-): 5 in the la ... show more (mod_security) mod_security (id:210492) triggered by 212.1.211.140 (US/United States/-): 5 in the last 300 secs (CF_ENABLE) show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 00:41:08 (14 hours ago)	(mod_security) mod_security (id:210492) triggered by 212.1.211.140 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.1.211.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 20:41:00.495825 2026] [security2:error] [pid 29083:tid 29083] [client 212.1.211.140:65474] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lighthousechristmascards.com"] [uri "/dev/.env"] [unique_id "aiS-HLQRqUk7cQgDK3TAvgAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 clapper	2026-06-06 23:17:25 (16 hours ago)	(mod_security) mod_security (id:949110) triggered by 212.1.211.140 (US/United States/-): 5 in the la ... show more (mod_security) mod_security (id:949110) triggered by 212.1.211.140 (US/United States/-): 5 in the last 600 secs; ID: rub show less	Brute-Force Bad Web Bot
🇨🇭 4server	2026-06-06 23:13:45 (16 hours ago)	[SunJun0701:13:41.3757152026][security2:error][pid191927:tid192337][client212.1.211.140:0]ModSecurit ... show more [SunJun0701:13:41.3757152026][security2:error][pid191927:tid192337][client212.1.211.140:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"privilege-service.ch\"][uri\"/app/.env\"][unique_id\"aiSppSh9k17q9npnrxoihQAAAMw\"] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 22:18:54 (17 hours ago)	(mod_security) mod_security (id:210492) triggered by 212.1.211.140 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.1.211.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 18:18:50.335077 2026] [security2:error] [pid 7805:tid 7809] [client 212.1.211.140:42000] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "linfoulk.org"] [uri "/core/.env"] [unique_id "aiScyvRZ2bcVt-YDNxi8qgAAAMI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 todix	2026-06-06 21:16:09 (18 hours ago)	Web App Attack Exploid from 212.1.211.140	Web App Attack
🇳🇱 oisecnet	2026-06-06 21:01:43 (18 hours ago)	Automated report: Unauthorized vulnerability scanning detected on 2026-06-06. 6 requests from this I ... show more Automated report: Unauthorized vulnerability scanning detected on 2026-06-06. 6 requests from this IP. show less	Brute-Force Web App Attack SSH
🇳🇱 wlt-blocker	2026-06-06 20:48:39 (18 hours ago)	Unauthorized access to webpage admin	Web App Attack

Showing 1 to 15 of 37 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇭 202.79.29.108

🇬🇧 2a02:4780:a:1757:0:2f00:5c03:1

🇺🇸 209.222.101.194

🇮🇳 115.187.39.134

🇲🇾 47.250.150.221

🇺🇸 47.42.131.93

🇦🇪 5.32.99.14

🇪🇪 213.35.128.24

🇭🇰 165.154.41.213

🇭🇰 103.96.72.91

🇷🇺 94.198.1.94

🇫🇷 83.171.226.124

🇷🇺 31.28.9.75

🇧🇷 138.122.155.161

🇭🇰 101.36.109.176

🇬🇧 81.102.18.39

🇧🇬 79.124.62.230

🇺🇸 75.102.23.159

🇮🇪 34.244.65.197

🇨🇦 20.220.34.26