JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 103.47.52.222

103.47.52.222 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 0%: ?

ISP	trafficforce, UAB
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	trafficforce.lt
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 103.47.52.222

Whois 103.47.52.222

IP Abuse Reports for 103.47.52.222:

This IP address has been reported a total of 15 times from 8 distinct sources. 103.47.52.222 was first reported on August 31st 2023, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-27 03:19:47 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 103.47.52.222 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 103.47.52.222 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 22:19:40.083103 2026] [security2:error] [pid 25623:tid 25628] [client 103.47.52.222:49719] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.com\|F\|2"] [data ".com.db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.com"] [uri "/kettlehill.com.db"] [unique_id "aXguzEnFQpvwgxC6L2HtxAAAAYI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 05:20:54 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 103.47.52.222 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 103.47.52.222 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 00:20:50.757934 2026] [security2:error] [pid 11602:tid 11602] [client 103.47.52.222:51649] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/events../.git/config"] [unique_id "aWscMs_DAPbqWfBCq2NCegAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 21:57:25 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 103.47.52.222 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 103.47.52.222 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 16:57:20.397636 2025] [security2:error] [pid 30062:tid 30062] [client 103.47.52.222:58183] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.farmers123.com"] [uri "/.htaccess"] [unique_id "aS9gwEcmBMahgclZYvV-6gAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-28 21:19:19 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 103.47.52.222 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 103.47.52.222 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 17:19:16.196941 2025] [security2:error] [pid 3512:tid 3512] [client 103.47.52.222:33047] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.nbcnewsradio.com\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nbcnewsradio.com"] [uri "/ssl/localhost.key"] [unique_id "aQEzVNLxYNwKOjKsdVPOsAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-26 23:09:38 (10 months ago)	(mod_security) mod_security (id:221260) triggered by 103.47.52.222 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:221260) triggered by 103.47.52.222 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 19:08:20.513148 2025] [security2:error] [pid 28940:tid 28955] [client 103.47.52.222:41197] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|webdisk.kettlehill.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.kettlehill.com"] [uri "/cgi-bin/status"] [unique_id "aIVf5BkWs7qQTYmgnsCgWQAAAAQ"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-07-23 08:39:28 (10 months ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-05-29 22:36:50 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 103.47.52.222 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 103.47.52.222 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 18:36:46.615319 2025] [security2:error] [pid 3671927:tid 3671927] [client 103.47.52.222:51607] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.farmers123.com"] [uri "/.env.www"] [unique_id "aDjhfjN_pxWCcT5ofc6i5QAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇿 lp	2025-05-29 12:21:23 (1 year ago)	Unauthorized VPN login attempts: 1 attempts were recorded from 103.47.52.222 2025-05-29T14:14:12+02: ... show more Unauthorized VPN login attempts: 1 attempts were recorded from 103.47.52.222 2025-05-29T14:14:12+02:00 vpn Access-Reject 'xduba00' station: 103.47.52.222 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less	Brute-Force Web App Attack
🇨🇿 lp	2025-05-29 04:50:09 (1 year ago)	Unauthorized VPN login attempts: 2 attempts were recorded from 103.47.52.222 2025-05-29T05:59:43+02: ... show more Unauthorized VPN login attempts: 2 attempts were recorded from 103.47.52.222 2025-05-29T05:59:43+02:00 vpn Access-Reject 'xprum20' station: 103.47.52.222 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' 2025-05-29T06:14:28+02:00 vpn Access-Reject 'xmard25' station: 103.47.52.222 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less	Brute-Force Web App Attack
🇨🇦 wil.com	2025-05-28 21:43:05 (1 year ago)	GlobalProtect login attempts with user 002.	VPN IP Brute-Force
🇺🇸 TPI-Abuse	2025-04-19 03:15:03 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 103.47.52.222 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 103.47.52.222 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 18 23:14:59.362982 2025] [security2:error] [pid 21920:tid 22019] [client 103.47.52.222:49143] [client 103.47.52.222] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|blog.spinningdesigns.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "blog.spinningdesigns.com"] [uri "/logs/error.log"] [unique_id "aAMVMxuYowtSVCxTM-GzawAAAgw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-25 09:10:32 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
🇦🇺 MAGIC	2023-08-31 20:24:26 (2 years ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 oncord	2023-08-31 03:12:37 (2 years ago)	Form spam	Web Spam
🇺🇸 nowyouknow	2023-08-31 01:15:35 (2 years ago)	(From [email protected]) JP Corsi with Exit Node Corp. I hope that you are having a good day. I a ... show more (From [email protected]) JP Corsi with Exit Node Corp. I hope that you are having a good day. I am doing a bit of outreach to owner of companies similar to yours as we are seeing increased sales with a number of our clients in the past few months. We have a core focus in helping companies increase online inbound and outreach sales and sell out capacity with incredibly effective and economical strategies. Let me know if increasing online sales is a priority right now and if I can get on your calendar for a short introduction in the next week or two? --- JP Corsi +1 954-833-5563 https://exitnode.co 2339 Glades Pkwy, Weston FL show less	Phishing Web Spam

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 173.255.221.6

🇺🇸 135.119.97.71

🇧🇬 79.124.62.230

🇰🇪 197.248.207.139

🇰🇷 175.198.62.180

🇨🇳 175.43.163.211

🇺🇸 165.154.218.143

🇺🇸 162.216.149.185

🇮🇳 143.110.177.177

🇭🇰 101.36.111.86

🇧🇬 79.124.49.70

🇺🇸 65.49.1.29

🇬🇧 35.203.211.87

🇺🇸 34.123.134.194

🇩🇪 213.176.77.244

🇷🇺 212.22.93.244

🇭🇰 118.193.44.112

🇳🇱 45.148.10.141

🇺🇸 38.72.131.163

🇫🇷 37.59.249.5