JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 212.1.211.241

212.1.211.241 was found in our database!

This IP was reported 42 times. Confidence of Abuse is 100%: ?

100%

ISP	VPS Servers
Usage Type	Data Center/Web Hosting/Transit
ASN	AS47583
Domain Name	hostinger.com
Country	🇺🇸 United States of America
City	Asheville, North Carolina

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 212.1.211.241

Whois 212.1.211.241

IP Abuse Reports for 212.1.211.241:

This IP address has been reported a total of 42 times from 31 distinct sources. 212.1.211.241 was first reported on June 6th 2026, and the most recent report was 45 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 Apache	2026-06-07 13:07:16 (45 minutes ago)	(mod_security) mod_security (id:210492) triggered by 212.1.211.241 (US/United States/-): 5 in the la ... show more (mod_security) mod_security (id:210492) triggered by 212.1.211.241 (US/United States/-): 5 in the last 300 secs (CF_ENABLE) show less	Brute-Force Web App Attack
🇺🇸 antlac1	2026-06-07 12:52:28 (1 hour ago)	crowdsecurity/http-probing	Brute-Force Web App Attack
🇬🇧 Aetherweb Ark	2026-06-07 12:31:39 (1 hour ago)	(mod_security) mod_security (id:949110) triggered by 212.1.211.241 (US/United States/-): N in the la ... show more (mod_security) mod_security (id:949110) triggered by 212.1.211.241 (US/United States/-): N in the last X secs show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 09:48:02 (4 hours ago)	(mod_security) mod_security (id:210492) triggered by 212.1.211.241 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.1.211.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 05:47:55.378164 2026] [security2:error] [pid 2378:tid 2378] [client 212.1.211.241:35370] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "3rdplanetguide.net"] [uri "/backend/.env"] [unique_id "aiU-SwOJ-wlrbNNImi7UXgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 NetShield-DE	2026-06-07 09:07:52 (4 hours ago)	Auto-report via Fail2Ban aggregation. IP observed in jails: abuseipdb. Events: 1. First: 2026-06-07T ... show more Auto-report via Fail2Ban aggregation. IP observed in jails: abuseipdb. Events: 1. First: 2026-06-07T11:07:01+0200. Last: 2026-06-07T11:07:01+0200. Samples: - 2026-06-07 05:34:18,717 fail2ban.actions [1405153]: NOTICE [abuseipdb] Ban 212.1.211.241 show less	Web App Attack
🇨🇭 TheCoon	2026-06-07 07:45:01 (6 hours ago)	Automated: Credential theft attempt - JSON bomb served	Web App Attack Hacking
🇺🇸 Matthew Ping	2026-06-07 07:15:01 (6 hours ago)	ModSecurity rule 949110 triggered on wp1. Web application attack blocked by CSF/LFD.	Web App Attack Hacking
🇩🇪 paissangroup	2026-06-07 06:58:58 (6 hours ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 06:44:18 (7 hours ago)	(mod_security) mod_security (id:210492) triggered by 212.1.211.241 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.1.211.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 02:44:10.911693 2026] [security2:error] [pid 1905:tid 1905] [client 212.1.211.241:59444] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "clayrivers.com"] [uri "/admin/.env"] [unique_id "aiUTOvWq1k-Q7Ay0ABUHuwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Major Hostility	2026-06-07 06:10:58 (7 hours ago)	"GET /laravel/.env HTTP/1.1" 404 "GET /dev/.env HTTP/1.1" 404 "GET /app/.env HTTP/1.1" 404 "GET /api ... show more "GET /laravel/.env HTTP/1.1" 404 "GET /dev/.env HTTP/1.1" 404 "GET /app/.env HTTP/1.1" 404 "GET /api/.env.save HTTP/1.1" 404 "GET /backend/.env HTTP/1.1" 404 "GET /core/.env.save HTTP/1.1" 404 "GET /core/.env HTTP/1.1" 404 "GET /members/.env HTTP/1.1" 404 "GET /api/.env HTTP/1.1" 404 "GET /.env HTTP/1.1" 404 "GET /.env.save HTTP/1.1" 404 "GET /admin/.env HTTP/1.1" 404 "GET /core/.env.save HTTP/1.1" 404 "GET /.env.save HTTP/1.1" 404 "GET /api/.env.save HTTP/1.1" 404 "GET /.env HTTP/1.1" 404 "GET /api/.env HTTP/1.1" 404 show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 05:35:27 (8 hours ago)	(mod_security) mod_security (id:210492) triggered by 212.1.211.241 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.1.211.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 01:35:21.643613 2026] [security2:error] [pid 11230:tid 11230] [client 212.1.211.241:17186] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "polydorou.eu"] [uri "/admin/.env"] [unique_id "aiUDGcKQ5U1mRml7sIbLwgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 04:11:32 (9 hours ago)	(mod_security) mod_security (id:210492) triggered by 212.1.211.241 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 212.1.211.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 00:11:26.399579 2026] [security2:error] [pid 16145:tid 16145] [client 212.1.211.241:20916] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "linzylyne.com"] [uri "/api/.env"] [unique_id "aiTvbuH9xyqYTNU-8m1P2AAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 NetShield-DE	2026-06-07 04:07:51 (9 hours ago)	Auto-report via Fail2Ban aggregation. IP observed in jails: abuseipdb. Events: 1. First: 2026-06-07T ... show more Auto-report via Fail2Ban aggregation. IP observed in jails: abuseipdb. Events: 1. First: 2026-06-07T06:07:01+0200. Last: 2026-06-07T06:07:01+0200. Samples: - 2026-06-07 05:34:18,717 fail2ban.actions [1405153]: NOTICE [abuseipdb] Ban 212.1.211.241 show less	Web App Attack
🇩🇪 NewGastroline	2026-06-07 04:06:05 (9 hours ago)	Malicious request blocked by CrowdSec on gastro-prod1.boreus.de	Bad Web Bot Web App Attack
Anonymous	2026-06-07 03:16:41 (10 hours ago)	212.1.211.241 - - [07/Jun/2026:11:16:39 +0800] "GET /api/.env.save HTTP/1.1" 404 396 "-" "Mozilla/5. ... show more 212.1.211.241 - - [07/Jun/2026:11:16:39 +0800] "GET /api/.env.save HTTP/1.1" 404 396 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" 212.1.211.241 - - [07/Jun/2026:11:16:39 +0800] "GET /backend/.env HTTP/1.1" 404 396 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" 212.1.211.241 - - [07/Jun/2026:11:16:39 +0800] "GET /app/.env HTTP/1.1" 404 396 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" 212.1.211.241 - - [07/Jun/2026:11:16:39 +0800] "GET /core/.env.save HTTP/1.1" 404 396 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" 212.1.211.241 - - [07/Jun/2026:11:16:39 +0800] "GET /members/.env HTTP/1.1" 404 396 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537. ... show less	Web App Attack

Showing 1 to 15 of 42 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.228.218.47

🇮🇩 103.191.14.243

🇺🇸 64.62.197.21

🇮🇳 20.193.250.198

🇺🇸 2607:f8b0:4003:c07::124

🇨🇦 192.95.10.204

🇵🇱 185.241.208.120

🇭🇰 165.154.45.135

🇺🇸 159.89.53.54

🇻🇳 123.20.24.205

🇨🇳 112.253.117.78

🇺🇸 107.150.104.176

🇳🇬 102.90.101.159

🇱🇹 81.30.98.44

🇨🇳 36.135.92.36

🇬🇧 31.14.254.41

🇺🇸 18.205.91.101

🇺🇸 2604:a880:400:d1:0:4:8c02:2001

🇩🇪 213.209.159.231

🇺🇸 207.90.244.26