JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 132.243.236.36

132.243.236.36 was found in our database!

This IP was reported 43 times. Confidence of Abuse is 38%: ?

38%

ISP	Baxet Group Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS26383
Domain Name	baxet.com
Country	🇫🇷 France
City	Paris, Ile-de-France

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 132.243.236.36

Whois 132.243.236.36

IP Abuse Reports for 132.243.236.36:

This IP address has been reported a total of 43 times from 19 distinct sources. 132.243.236.36 was first reported on May 15th 2026, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-05-17 04:39:07 (1 month ago)	Remote Command Execution: Windows Command Injection. Pattern match "(?i)(?: (932370-201)	Hacking
🇫🇷 masterguru	2026-05-17 03:12:17 (1 month ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 132.243.236.36 (FR/France/-): 1 in the last 36 ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 132.243.236.36 (FR/France/-): 1 in the last 3600 secs (0-193) show less	Hacking
🇺🇸 TPI-Abuse	2026-05-17 01:18:33 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 132.243.236.36 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 132.243.236.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 21:18:25.076563 2026] [security2:error] [pid 7756:tid 7756] [client 132.243.236.36:42316] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|yukitex.net\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "yukitex.net"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\windows\\\\win.ini"] [unique_id "agkXYXln-1X31o8JG-2kZgAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 conrad10781	2026-05-17 01:02:31 (1 month ago)	nginx-4xx	Web App Attack
🇺🇸 TPI-Abuse	2026-05-17 00:09:16 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 132.243.236.36 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 132.243.236.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 20:09:10.599446 2026] [security2:error] [pid 26114:tid 26257] [client 132.243.236.36:60196] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|starlinksales.net\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "starlinksales.net"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\windows\\\\win.ini"] [unique_id "agkHJpRUqlqe2bc0buVESAAAAYY"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 DZBOT	2026-05-16 23:57:00 (1 month ago)	DZBOT: Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇳🇱 Savvii	2026-05-16 23:11:55 (1 month ago)	20 attempts against mh-misbehave-ban on redirect	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-16 22:33:09 (1 month ago)	(mod_security) mod_security (id:211190) triggered by 132.243.236.36 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:211190) triggered by 132.243.236.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 18:33:04.849599 2026] [security2:error] [pid 7939:tid 7939] [client 132.243.236.36:53670] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|jimlawless.net\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /maint/modules/home/index.php?lang=english\|cat%20/etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jimlawless.net"] [uri "/maint/modules/home/index.php"] [unique_id "agjwoJbPQUj4YeQ8NyalpAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-16 21:32:08 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 132.243.236.36 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 132.243.236.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 17:32:00.526601 2026] [security2:error] [pid 7746:tid 7746] [client 132.243.236.36:60748] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|jfhglobal.net\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jfhglobal.net"] [uri "/..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\windows\\\\win.ini"] [unique_id "agjiUNc9lk3tIORimU2iUQAAADE"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-05-16 20:08:11 (1 month ago)	OS File Access Attempt. Matched phrase "etc/passwd" at ARGS:name. (930120-131)	Hacking
🇩🇪 bescared	2026-05-16 19:22:11 (1 month ago)	F2B - Malicious activity detected. URL Probing. -8ff06ede-	Hacking Web App Attack
🇫🇷 Octopuce	2026-05-16 18:28:41 (1 month ago)	Aggressive web search of vulnerable pages: /latest/meta-data/ /computeMetadata/v1/project/ /mailsms/ ... show more Aggressive web search of vulnerable pages: /latest/meta-data/ /computeMetadata/v1/project/ /mailsms/s?func=ADMIN:appState&dumpConfig=/ /wp-cont ... show less	Web App Attack
Anonymous	2026-05-16 18:05:10 (1 month ago)	Blocked: Reason='Vulnerability probing — PHP scan detected (39/60 min)'; Requests=39	Port Scan
Anonymous	2026-05-16 15:42:27 (1 month ago)	Unauthorized access (tcp/443/https)	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-05-16 10:03:35 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 132.243.236.36 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 132.243.236.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 06:03:29.503055 2026] [security2:error] [pid 27577:tid 27577] [client 132.243.236.36:48978] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "wingblade.net"] [uri "/.env.production.local"] [unique_id "aghA8SAs5aHC4bnANAAQtwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 43 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 218.78.60.105

🇰🇷 211.178.247.182

🇨🇴 200.10.29.234

🇻🇳 116.99.168.247

🇳🇱 102.129.200.117

🇺🇸 69.142.129.185

🇱🇺 64.89.161.115

🇺🇸 45.132.115.105

🇳🇱 31.151.163.250

🇨🇳 221.1.224.251

🇯🇵 103.163.220.33

🇧🇾 81.30.98.142

🇲🇹 77.71.166.47

🇺🇸 76.175.99.54

🇱🇺 64.89.161.114

🇹🇼 198.235.24.40

🇺🇾 190.133.169.25

🇨🇳 180.76.235.157

🇸🇾 91.144.21.210

🇰🇷 61.76.112.4