JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 135.232.224.122

135.232.224.122 was found in our database!

This IP was reported 248 times. Confidence of Abuse is 62%: ?

62%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 135.232.224.122

Whois 135.232.224.122

IP Abuse Reports for 135.232.224.122:

This IP address has been reported a total of 248 times from 176 distinct sources. 135.232.224.122 was first reported on December 31st 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇵🇱 Wepted	2026-06-10 02:47:23 (2 days ago)	Port scan detected by honeypot	Port Scan Hacking
🇺🇸 MPL	2026-06-10 02:30:25 (2 days ago)	tcp port scan (8 or more attempts)	Port Scan
🇷🇸 Scan	2026-06-10 00:21:10 (2 days ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-09 23:07:39 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 135.232.224.122 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 135.232.224.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 19:07:33.287336 2026] [security2:error] [pid 25713:tid 25713] [client 135.232.224.122:40795] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.61"] [uri "/.git/config"] [unique_id "aiictevajkyZ7y7wX8A_JAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Som1ght3n	2026-06-09 22:31:20 (2 days ago)	Attempted to access sensitive application files (`/.git/HEAD`) on a web server, indicating a web app ... show more Attempted to access sensitive application files (`/.git/HEAD`) on a web server, indicating a web application probe. show less	Web App Attack
🇺🇸 kosada.com	2026-06-09 22:26:22 (2 days ago)	Web vulnerability probing: /.env.backup (bogus vhost/SNI)	Web App Attack
Anonymous	2026-05-27 12:46:06 (2 weeks ago)	(caddyscan) Scanner path probe from 135.232.224.122 (US/United States/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 135.232.224.122 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 135.232.224.122 - - [27/May/2026:12:46:03 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 135.232.224.122 - - [27/May/2026:12:46:03 +0000] "GET /config/.env HTTP/1.1" [REDACTED] 200 2627 135.232.224.122 - - [27/May/2026:12:46:03 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 135.232.224.122 - - [27/May/2026:12:46:04 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 135.232.224.122 - - [27/May/2026:12:46:04 +0000] "GET /.env HTTP/1.1" show less	Port Scan
🇫🇮 indev.fi	2026-05-27 12:13:05 (2 weeks ago)	pendoliino.peltopiri.com 135.232.224.122 - - [27/May/2026:15:12:04 +0300] "GET /.env HTTP/2.0" 444 0 ... show more pendoliino.peltopiri.com 135.232.224.122 - - [27/May/2026:15:12:04 +0300] "GET /.env HTTP/2.0" 444 0 "https://www.reddit.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/117.0.0.0" pendoliino.peltopiri.com 135.232.224.122 - - [27/May/2026:15:12:05 +0300] "GET /.env HTTP/2.0" 444 0 "https://www.reddit.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/117.0.0.0" pendoliino.peltopiri.com 135.232.224.122 - - [27/May/2026:15:12:05 +0300] "GET /.env HTTP/2.0" 444 0 "https://www.reddit.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 OPR/117.0.0.0" ... show less	Port Scan Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 11:11:57 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 135.232.224.122 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 135.232.224.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 07:11:51.995618 2026] [security2:error] [pid 4000:tid 4000] [client 135.232.224.122:47831] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "coast22.net"] [uri "/.env"] [unique_id "ahbRd89JJdB-ZgH2nIB3kwAAAAE"], referer: https://github.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-05-27 10:46:57 (2 weeks ago)	[WedMay2712:46:50.3613752026][security2:error][pid2689575:tid2690126][client135.232.224.122:0]ModSec ... show more [WedMay2712:46:50.3613752026][security2:error][pid2689575:tid2690126][client135.232.224.122:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"filarmonicaagno.ch\"][uri\"/.env\"][unique_id\"ahbLmoQRRqh5MeUFvfmpUQAAAEE\"]\,referer:https://mail.google.com/ show less	Hacking Web App Attack
Anonymous	2026-05-27 10:45:09 (2 weeks ago)	(caddyscan) Scanner path probe from 135.232.224.122 (US/United States/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 135.232.224.122 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 135.232.224.122 - - [27/May/2026:10:45:03 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 135.232.224.122 - - [27/May/2026:10:45:03 +0000] "GET /config/.env HTTP/1.1" [REDACTED] 200 2627 135.232.224.122 - - [27/May/2026:10:45:04 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 135.232.224.122 - - [27/May/2026:10:45:04 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 135.232.224.122 - - [27/May/2026:10:45:04 +0000] "GET /.env HTTP/1.1" show less	Port Scan
🇮🇹 VHosting	2026-05-27 09:20:03 (2 weeks ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 09:17:17 (2 weeks ago)	(mod_security) mod_security (id:949110) triggered by 135.232.224.122 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:949110) triggered by 135.232.224.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 05:17:13.972549 2026] [security2:error] [pid 29686:tid 29686] [client 135.232.224.122:46233] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "chuckwagon.org"] [uri "/.env"] [unique_id "aha2meydhFJl8Z0zaTh9tQAAAFc"] show less	Brute-Force Bad Web Bot Web App Attack
🇯🇵 demonsword	2026-05-14 19:08:54 (4 weeks ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: cloudflare.com:443 show less	Open Proxy Port Scan
🇫🇷 gooko	2026-05-11 13:54:27 (1 month ago)	SSH brute-force attack detected by fail2ban jail 'sshd'	Brute-Force SSH

Showing 1 to 15 of 248 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇦 196.92.7.247

🇩🇪 69.5.169.249

🇺🇸 43.166.171.246

🇩🇪 213.209.159.56

🇧🇴 190.129.122.12

🇸🇬 159.223.95.120

🇹🇼 111.70.1.128

🇺🇸 66.132.186.243

🇬🇧 35.203.211.35

🇬🇧 31.14.254.23

🇰🇷 223.222.227.98

🇧🇪 198.235.24.220

🇩🇪 161.35.74.94

🇺🇸 98.159.233.64

🇫🇷 91.231.89.6

🇺🇸 45.42.88.54

🇺🇸 40.76.125.17

🇺🇸 2602:80d:1007::17

🇲🇦 196.92.7.249

🇺🇸 195.184.76.137