JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 212.42.199.216

212.42.199.216 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 27%: ?

27%

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS395954
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 212.42.199.216

Whois 212.42.199.216

IP Abuse Reports for 212.42.199.216:

This IP address has been reported a total of 15 times from 5 distinct sources. 212.42.199.216 was first reported on January 26th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-05-28 22:02:00 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-27. show less	Web App Attack SSH Hacking
🇳🇱 homeshowdomain.nl	2026-05-27 21:59:47 (1 week ago)	Auto-ban: >3000 req/min op 2026-05-27	Web App Attack SSH Hacking
🇩🇪 Roper123	2026-05-27 18:03:07 (1 week ago)	Web exploits	Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 15:47:28 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 11:47:22.054625 2026] [security2:error] [pid 11341:tid 11341] [client 212.42.199.216:33523] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "documents.progressivefileshare.org"] [uri "/.env.local"] [unique_id "ahcSCrGcoqzo7IxwjMnx2QAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 11:52:54 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 07:52:44.898196 2026] [security2:error] [pid 14479:tid 14479] [client 212.42.199.216:48453] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.wilhelminas.biz"] [uri "/wp-config.php.swp"] [unique_id "ahbbDKfjw5nrF5nUj4C_cQAAABQ"], referer: https://www.google.com/search?q=mail.wilhelminas.biz show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Mendip_Defender	2026-05-27 00:34:15 (1 week ago)	[27/May/2026:01:33:31.034341 +0100] ahY728fEp1rS3cvD8d2SmAAAAAs 212.42.199.216 36086 188.246.206.60 ... show more [27/May/2026:01:33:31.034341 +0100] ahY728fEp1rS3cvD8d2SmAAAAAs 212.42.199.216 36086 188.246.206.60 7081 [27/May/2026:01:34:13.496594 +0100] ahY8BcfEp1rS3cvD8d2SoQAAAA8 212.42.199.216 38952 188.246.206.60 7081 ... show less	Brute-Force
🇺🇸 TPI-Abuse	2026-05-27 00:23:50 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:23:39.631871 2026] [security2:error] [pid 5677:tid 5677] [client 212.42.199.216:50219] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kylight.net"] [uri "/.env.production"] [unique_id "ahY5i41hYljm18D9_bYr8gAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 18:11:10 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 14:11:00.922091 2026] [security2:error] [pid 1624:tid 1642] [client 212.42.199.216:49021] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "furball.co.uk"] [uri "/.env.production"] [unique_id "ahXiNN9MNizNEy_9mp5SggAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 16:49:49 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 12:49:43.551247 2026] [security2:error] [pid 660:tid 670] [client 212.42.199.216:37005] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.mjam.newtrendmag.org\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.mjam.newtrendmag.org"] [uri "/db_backup.sql"] [unique_id "ahXPJ2xj91IOfTlidfSjKAAAAEY"], referer: https://www.google.com/search?q=www.mjam.newtrendmag.org show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 07:43:48 (4 months ago)	(mod_security) mod_security (id:221260) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:221260) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 02:43:37.595185 2026] [security2:error] [pid 10577:tid 10577] [client 212.42.199.216:40001] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|cpcalendars.nbcnewsradio.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/cgi-bin/stats"] [unique_id "aWs9qV84H9iLU1D2adJz7QAAAAQ"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 19:14:33 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 14:13:55.777544 2025] [security2:error] [pid 31734:tid 31764] [client 212.42.199.216:45897] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.kettlehill.net\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.kettlehill.net"] [uri "/error.log"] [unique_id "aVLS82CDVM70TD0LIjvXCgAAAVc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 09:46:22 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 04:46:14.890022 2025] [security2:error] [pid 24726:tid 24726] [client 212.42.199.216:44687] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/lib../.git/config"] [unique_id "aRWo5slbqtwHX348GWQWKQAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 01:01:46 (10 months ago)	(mod_security) mod_security (id:212620) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:212620) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 21:01:40.062439 2025] [security2:error] [pid 404368:tid 404594] [client 212.42.199.216:40261] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|www.kettlehill.net\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /?s=</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.kettlehill.net"] [uri "/"] [unique_id "aIV6dKsKpTtRNU_PZbqR8gAAAE8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 23:53:45 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 212.42.199.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 19:53:37.307505 2025] [security2:error] [pid 3793645:tid 3793645] [client 212.42.199.216:55613] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.farmers123.com"] [uri "/images../.git/config"] [unique_id "aDjzgY6OMJrzxeQKkmiQywAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-26 08:40:25 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.36

🇲🇽 186.96.145.241

🇳🇱 185.224.128.16

🇰🇷 175.206.113.91

🇸🇬 103.187.146.131

🇸🇪 90.231.51.54

🇮🇷 37.255.239.81

🇺🇸 2607:f8b0:4004:c0b::129

🇧🇬 193.24.211.107

🇭🇰 168.76.20.229

🇭🇰 165.154.42.254

🇺🇸 162.216.149.170

🇭🇰 152.32.214.226

🇨🇳 123.119.26.33

🇳🇿 121.73.163.223

🇳🇱 89.190.156.12

🇳🇱 81.19.216.87

🇸🇬 68.183.236.1

🇮🇳 49.207.146.195

🇺🇸 2607:f8b0:4004:c23::122