JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 212.200.238.150

212.200.238.150 was found in our database!

This IP was reported 174 times. Confidence of Abuse is 16%: ?

16%

ISP	TELEKOM SRBIJA
Usage Type	Fixed Line ISP
ASN	AS8400
Hostname(s)	212-200-238-150.static.isp.telekom.rs
Domain Name	mts.rs
Country	🇷🇸 Serbia
City	Novi Beograd, Central Serbia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 212.200.238.150

Whois 212.200.238.150

IP Abuse Reports for 212.200.238.150:

This IP address has been reported a total of 174 times from 38 distinct sources. 212.200.238.150 was first reported on April 27th 2023, and the most recent report was 12 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 todix	2026-06-19 10:50:14 (12 hours ago)	Web App Attack Exploid from 212.200.238.150	Web App Attack
🇧🇪 voormedia	2026-06-04 07:51:42 (2 weeks ago)	Accessed trap at '/.env'	Web App Attack
🇨🇭 backslash	2026-05-06 09:06:01 (1 month ago)	block ruleset Badbot using very old user-agents 5CF3CDB778C7D82564405B86B9242E612F378C68	Bad Web Bot
🇵🇱 nfsec.pl	2026-03-25 09:49:05 (2 months ago)	212.200.238.150 - - [25/Mar/2026:09:48:35 +0000] "POST //vendor/phpunit/phpunit/src/Util/PHP/eval-st ... show more 212.200.238.150 - - [25/Mar/2026:09:48:35 +0000] "POST //vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 403 376 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6" 212.200.238.150 - - [25/Mar/2026:09:48:35 +0000] "GET /.env HTTP/1.1" 403 413 "-" "Mozilla/5.0 (X11; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0" 212.200.238.150 - - [25/Mar/2026:09:48:52 +0000] "POST //vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 403 376 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6" 212.200.238.150 - - [25/Mar/2026:09:48:52 +0000] "GET /.env HTTP/1.1" 403 413 "-" "Mozilla/5.0 (X11; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0" 212.200.238.150 - - [25/Mar/2026:09:49:05 +0000] "POST /media//vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 403 376 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6" ... show less	Web App Attack Exploited Host
🇺🇸 TPI-Abuse	2026-03-25 08:47:29 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 212.200.238.150 (212-200-238-150.static.isp.tel ... show more (mod_security) mod_security (id:210492) triggered by 212.200.238.150 (212-200-238-150.static.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 25 04:47:25.318128 2026] [security2:error] [pid 30402:tid 30402] [client 212.200.238.150:52372] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tecnoconce.cl"] [uri "/.env"] [unique_id "acOhHVX0Dd_hm770nHf23AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-03-20 10:55:28 (2 months ago)	212.200.238.150 - - [20/Mar/2026:12:54:57 +0200] "GET /.env HTTP/1.1" 404 332 "-" "Mozilla/5.0 (X11; ... show more 212.200.238.150 - - [20/Mar/2026:12:54:57 +0200] "GET /.env HTTP/1.1" 404 332 "-" "Mozilla/5.0 (X11; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0" 212.200.238.150 - - [20/Mar/2026:12:55:27 +0200] "GET /issue/.env HTTP/1.1" 404 332 "-" "Mozilla/5.0 (X11; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0" ... show less	Web App Attack
🇺🇦 URAN Publishing Service	2026-03-11 10:18:32 (3 months ago)	212.200.238.150 - - [11/Mar/2026:12:17:59 +0200] "GET /.env HTTP/1.1" 404 335 "-" "Mozilla/5.0 (X11; ... show more 212.200.238.150 - - [11/Mar/2026:12:17:59 +0200] "GET /.env HTTP/1.1" 404 335 "-" "Mozilla/5.0 (X11; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0" 212.200.238.150 - - [11/Mar/2026:12:18:31 +0200] "GET /article/.env HTTP/1.1" 404 335 "-" "Mozilla/5.0 (X11; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0" ... show less	Web App Attack
🇱🇻 garmtech.com	2026-03-11 08:29:06 (3 months ago)	IM360 WAF: Laravel .env file access	Web App Attack
🇺🇦 URAN Publishing Service	2026-03-05 09:23:11 (3 months ago)	212.200.238.150 - - [05/Mar/2026:11:22:37 +0200] "GET /.env HTTP/1.1" 404 332 "-" "Mozilla/5.0 (X11; ... show more 212.200.238.150 - - [05/Mar/2026:11:22:37 +0200] "GET /.env HTTP/1.1" 404 332 "-" "Mozilla/5.0 (X11; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0" 212.200.238.150 - - [05/Mar/2026:11:23:11 +0200] "GET /issue/.env HTTP/1.1" 404 332 "-" "Mozilla/5.0 (X11; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0" ... show less	Web App Attack
🇪🇸 el-brujo	2026-02-27 08:55:41 (3 months ago)	27/Feb/2026:09:55:40.860380 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client ... show more 27/Feb/2026:09:55:40.860380 +0100Apache-Error: [file "apache2_util.c"] [line 271] [level 3] [client 212.200.238.150] ModSecurity: Multipart parsing error (init): Multipart: Boundary not found in C-T. [hostname "elhacker.info"] [uri "/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php"] [unique_id "aaFcDL8OojI4T_DAaPok4QAAApA"] ... show less	Hacking Web App Attack
🇺🇦 URAN Publishing Service	2026-02-26 10:08:57 (3 months ago)	212.200.238.150 - - [26/Feb/2026:12:08:26 +0200] "GET /.env HTTP/1.1" 404 332 "-" "Mozilla/5.0 (X11; ... show more 212.200.238.150 - - [26/Feb/2026:12:08:26 +0200] "GET /.env HTTP/1.1" 404 332 "-" "Mozilla/5.0 (X11; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0" 212.200.238.150 - - [26/Feb/2026:12:08:57 +0200] "GET /article/.env HTTP/1.1" 404 332 "-" "Mozilla/5.0 (X11; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0" ... show less	Web App Attack
🇺🇦 URAN Publishing Service	2026-02-18 09:26:05 (4 months ago)	212.200.238.150 - - [18/Feb/2026:11:25:33 +0200] "GET /.env HTTP/1.1" 404 333 "-" "Mozilla/5.0 (X11; ... show more 212.200.238.150 - - [18/Feb/2026:11:25:33 +0200] "GET /.env HTTP/1.1" 404 333 "-" "Mozilla/5.0 (X11; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0" 212.200.238.150 - - [18/Feb/2026:11:26:04 +0200] "GET /article/.env HTTP/1.1" 404 333 "-" "Mozilla/5.0 (X11; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0" ... show less	Web App Attack
🇨🇭 Origon	2026-02-18 09:15:23 (4 months ago)	CVE-2017-9841 - IP: 212.200.238.150 - time="2026-02-18T10:15:23+01:00" level=info msg="(555f66b4f6a ... show more CVE-2017-9841 - IP: 212.200.238.150 - time="2026-02-18T10:15:23+01:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/CVE-2017-9841 by ip 212.200.238.150 (RS/8400) : 4h ban on Ip 212.200.238.150" module=db show less	Web App Attack
🇵🇱 nfsec.pl	2026-02-16 10:52:47 (4 months ago)	212.200.238.150 - - [16/Feb/2026:10:52:02 +0000] "POST //vendor/phpunit/phpunit/src/Util/PHP/eval-st ... show more 212.200.238.150 - - [16/Feb/2026:10:52:02 +0000] "POST //vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 403 376 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6" 212.200.238.150 - - [16/Feb/2026:10:52:02 +0000] "GET /.env HTTP/1.1" 403 413 "-" "Mozilla/5.0 (X11; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0" 212.200.238.150 - - [16/Feb/2026:10:52:32 +0000] "POST /media//vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 403 376 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6" 212.200.238.150 - - [16/Feb/2026:10:52:32 +0000] "GET /media/.env HTTP/1.1" 403 413 "-" "Mozilla/5.0 (X11; Linux i686; rv:126.0) Gecko/20100101 Firefox/126.0" 212.200.238.150 - - [16/Feb/2026:10:52:46 +0000] "POST //vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 403 376 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6" ... show less	Exploited Host Web App Attack
🇱🇻 garmtech.com	2026-02-16 09:04:14 (4 months ago)	IM360 WAF: Laravel .env file access	Web App Attack

Showing 1 to 15 of 174 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 198.176.52.221

🇧🇷 189.51.43.54

🇬🇧 188.213.207.89

🇧🇷 186.240.174.49

🇩🇪 46.101.213.236

🇧🇷 45.234.147.28

🇮🇩 36.80.243.175

🇲🇽 187.190.35.163

🇺🇸 173.255.212.137

🇱🇸 129.232.24.17

🇨🇳 121.226.142.89

🇷🇴 80.94.92.171

🇮🇷 37.255.156.39

🇨🇳 211.149.131.113

🇧🇷 205.210.31.182

🇵🇱 194.180.49.70

🇲🇽 189.196.216.51

🇺🇸 172.202.118.19

🇺🇸 162.216.149.153

🇫🇮 147.185.133.247