JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 135.232.216.64

135.232.216.64 was found in our database!

This IP was reported 90 times. Confidence of Abuse is 49%: ?

49%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 135.232.216.64

Whois 135.232.216.64

IP Abuse Reports for 135.232.216.64:

This IP address has been reported a total of 90 times from 49 distinct sources. 135.232.216.64 was first reported on August 24th 2025, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 maxpower	2026-06-02 11:07:50 (2 weeks ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 135.232.216.64 (US/United States/-): 2 i ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 135.232.216.64 (US/United States/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 135.232.216.64 - - [02/Jun/2026:13:07:41 +0200] "GET /.git/config HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Mobile Safari/537.36" "-" host=145.239.233.176 135.232.216.64 - - [02/Jun/2026:13:07:43 +0200] "GET /.env HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" "-" host=145.239.233.176 show less	Port Scan
🇺🇸 xmission.com	2026-06-02 10:17:00 (2 weeks ago)	Blocked by UFW (TCP on 2087) Source port: 65318 TTL: 52 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 2087) Source port: 65318 TTL: 52 Packet length: 60 TOS: 0x00 This report (for 135.232.216.64) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-02 10:10:25 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 135.232.216.64 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 135.232.216.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 06:10:21.916608 2026] [security2:error] [pid 14662:tid 14662] [client 135.232.216.64:65225] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.168"] [uri "/.git/HEAD"] [unique_id "ah6sDe16GNab4WPCwFVlowAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 Wepted	2026-06-02 09:40:02 (2 weeks ago)	Port scan detected by honeypot	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-02 08:23:39 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 135.232.216.64 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 135.232.216.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 04:23:35.131022 2026] [security2:error] [pid 7764:tid 7764] [client 135.232.216.64:65320] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.186"] [uri "/.git/HEAD"] [unique_id "ah6TB_AKC9N2h6XSJNe90gAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Admins@FBN	2026-06-02 08:13:41 (2 weeks ago)	FW-PortScan: Traffic Blocked srcport=65031 dstport=2086	Port Scan
🇺🇸 eber965	2026-06-02 07:59:23 (2 weeks ago)	[Tue Jun 02 03:59:16 2026] [authz_core:error] [pid 178251:tid 140065376294656] [client 135.232.216.6 ... show more [Tue Jun 02 03:59:16 2026] [authz_core:error] [pid 178251:tid 140065376294656] [client 135.232.216.64:64994] AH01630: client denied by server configuration: /var/www/html/.git [Tue Jun 02 03:59:18 2026] [authz_core:error] [pid 178250:tid 140065636337408] [client 135.232.216.64:65004] AH01630: client denied by server configuration: /var/www/html/.env [Tue Jun 02 03:59:20 2026] [authz_core:error] [pid 178411:tid 140064537417472] [client 135.232.216.64:64991] AH01630: client denied by server configuration: /var/www/html/.env.local [Tue Jun 02 03:59:21 2026] [authz_core:error] [pid 178411:tid 140065476941568] [client 135.232.216.64:65003] AH01630: client denied by server configuration: /var/www/html/.env.production [Tue Jun 02 03:59:22 2026] [authz_core:error] [pid 178251:tid 140064562595584] [client 135.232.216.64:64990] AH01630: client denied by server configuration: /var/www/html/.env.save ... show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-02 07:34:26 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 135.232.216.64 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 135.232.216.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 03:34:18.632534 2026] [security2:error] [pid 28077:tid 28077] [client 135.232.216.64:64933] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.155"] [uri "/.git/config"] [unique_id "ah6Heul8zbPYaeO4HW5bHAAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-02 07:14:13 (2 weeks ago)	git/env leak probe	Web App Attack
🇳🇱 Selckie	2026-05-23 08:14:18 (3 weeks ago)	fail2ban: NGINX unusual impact	Web App Attack
🇺🇸 kosada.com	2026-05-22 20:04:10 (3 weeks ago)	Web vulnerability probing: /@fs/.env.development	Web App Attack
Anonymous	2026-05-22 19:08:05 (3 weeks ago)	(caddyscan) Scanner path probe from 135.232.216.64 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 135.232.216.64 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 135.232.216.64 - - [22/May/2026:19:08:03 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 135.232.216.64 - - [22/May/2026:19:08:03 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 135.232.216.64 - - [22/May/2026:19:08:03 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 135.232.216.64 - - [22/May/2026:19:08:03 +0000] "GET /@fs/.env?import&raw HTTP/1.1" [REDACTED] 200 2627 135.232.216.64 - - [22/May/2026:19:08:03 +0000] "GET /@fs/.env.local?import&raw HTTP/1.1" show less	Port Scan
🇩🇪 4server	2026-05-22 14:52:11 (3 weeks ago)	[FriMay2216:52:05.4521732026][security2:error][pid3703743:tid3703890][client135.232.216.64:0]ModSecu ... show more [FriMay2216:52:05.4521732026][security2:error][pid3703743:tid3703890][client135.232.216.64:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\\|passwd\\|group$\\|www_\?acl\)\\|global\\\\\\\\.asa\\|httpd\\\\\\\\.conf\\|boot\\\\\\\\.ini\\|web.config\)\\\\\\\\b\\|$\\|\^\\|\\\\\\\\.\\\\\\\\.$/etc/\\|/\\\\\\\\.$\?:history\\|bash_history\\|sh_history\\|env$\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"b4consulting.ch\"][uri\"/config/.env\"][unique_id\"ahBtlUPmCX8Kn-B1_MdqzwAAAJU\"]\,referer:https://github.com/ show less	Port Scan Brute-Force Web App Attack
🇮🇳 evicky2002	2026-04-30 13:04:29 (1 month ago)	Confirmed malicious by STILWaters CTI platform (score=98, sources=1)	Hacking Brute-Force SSH
🇨🇳 ThreatBook.io	2026-04-12 23:42:23 (2 months ago)	ThreatBook Intelligence: Scanner,Spam more details on https://threatbook.io/ip/135.232.216.64 2026-0 ... show more ThreatBook Intelligence: Scanner,Spam more details on https://threatbook.io/ip/135.232.216.64 2026-04-12 01:12:29 ["uname -a"] 2026-04-12 00:02:28 ["grep 'model name' /proc/cpuinfo 2>/dev/null \| head -1 \| cut -d ':' -f2- \| sed 's/^ *//' \| xargs \|\| echo unknown"] 2026-04-12 01:10:15 ["ls -la /"] show less	Brute-Force

Showing 1 to 15 of 90 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇦 105.66.7.118

🇵🇹 85.240.193.104

🇪🇸 79.112.36.216

🇺🇿 213.230.118.47

🇬🇧 193.163.125.240

🇲🇾 180.74.84.64

🇦🇲 176.32.193.16

🇺🇸 162.216.149.64

🇧🇷 129.121.50.86

🇮🇪 128.251.36.118

🇨🇳 120.48.104.37

🇺🇸 104.9.60.148

🇫🇷 85.217.140.25

🇮🇷 79.175.176.177

🇺🇸 64.62.156.198

🇬🇧 2.120.228.85

🇩🇪 2a02:2479:1:9800::1

🇬🇧 198.244.168.185

🇺🇸 142.93.66.212

🇨🇳 125.112.242.10