JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 155.2.216.26

155.2.216.26 was found in our database!

This IP was reported 48 times. Confidence of Abuse is 39%: ?

39%

ISP	VPN Consumer Tokyo, Japan
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	vpnconsumer.com
Country	🇯🇵 Japan
City	Tokyo, Tokyo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 155.2.216.26

Whois 155.2.216.26

IP Abuse Reports for 155.2.216.26:

This IP address has been reported a total of 48 times from 23 distinct sources. 155.2.216.26 was first reported on April 4th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇯🇵 SentinalX by uzumaru	2026-06-23 04:44:12 (1 day ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: connectivitycheck.gstatic.com:443 show less	Open Proxy Port Scan
🇺🇸 TPI-Abuse	2026-06-21 22:17:33 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 155.2.216.26 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 155.2.216.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 18:17:26.403504 2026] [security2:error] [pid 26648:tid 26648] [client 155.2.216.26:25933] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|theradarshop.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "theradarshop.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "ajhi9qntqfPDFVz16_463wAAAGk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-06-21 16:17:54 (3 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 xserverx.ru	2026-06-05 22:58:00 (2 weeks ago)	Honeypot triggered: IP: 155.2.216.26 Request to: https://xserverx.ru/vendor/phpunit/phpunit/phpunit. ... show more Honeypot triggered: IP: 155.2.216.26 Request to: https://xserverx.ru/vendor/phpunit/phpunit/phpunit.xsd Method: GET Host: xserverx.ru User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 Referer: Direct Country: JP ASN: Unknown Triggered rules: /phpunit\.xsd, /vendor/, (X-Requested-With:\s*XMLHttpRequest) Timestamp: 2026-06-05T22:57:59.107Z show less	Hacking Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-05-24 13:50:02 (1 month ago)	IM360 WAF: Direct access to sensitive file or dotfile MV:/.env	Web App Attack
🇱🇻 garmtech.com	2026-05-21 06:47:52 (1 month ago)	IM360 WAF: Laravel Apps Leaking Secrets exploit attempt MV:androxgh0st	Web App Attack
🇱🇻 garmtech.com	2026-05-21 06:47:52 (1 month ago)	IM360 WAF: Direct access to sensitive file or dotfile MV:/.env	Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 11:52:45 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 155.2.216.26 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 155.2.216.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 07:52:40.869060 2026] [security2:error] [pid 1263:tid 1263] [client 155.2.216.26:53629] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "teapartytaxes.com"] [uri "/.env"] [unique_id "agcJCFdoP1lyKjoZCffZmQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-05-15 10:27:45 (1 month ago)	IM360 WAF: Direct access to sensitive file or dotfile MV:/.env	Web App Attack
🇺🇸 TPI-Abuse	2026-05-14 09:22:34 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 155.2.216.26 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 155.2.216.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 05:22:28.375619 2026] [security2:error] [pid 14467:tid 14467] [client 155.2.216.26:61121] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "justwantedtosay.com"] [uri "/.env"] [unique_id "agWUVOp_HOhAzNwCR9tJwAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 DZBOT	2026-05-14 07:42:58 (1 month ago)	DZBOT: Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇩🇪 todix	2026-05-14 03:01:18 (1 month ago)	Web App Attack Exploid from 155.2.216.26	Web App Attack
🇫🇮 as211431.net	2026-05-04 13:41:31 (1 month ago)	Triggered Cloudflare WAF (firewallCustom) from JP. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from JP. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /vendor/phpunit/phpunit/phpunit.xsd UA: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇩🇪 Carsten	2026-05-04 04:24:21 (1 month ago)	GET [vendor/phpunit/phpunit/phpunit.xsd]	Port Scan
🇺🇸 TPI-Abuse	2026-05-02 17:09:22 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 155.2.216.26 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 155.2.216.26 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 02 13:09:18.191192 2026] [security2:error] [pid 20417:tid 20417] [client 155.2.216.26:39127] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|andreas-villa.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "andreas-villa.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "afYvvq5YHRzMSv-nshVBMAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 48 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 187.190.35.163

🇰🇷 211.228.97.97

🇺🇸 205.210.31.9

🇬🇧 195.96.139.175

🇷🇺 194.85.69.22

🇺🇸 172.191.157.64

🇩🇪 167.94.145.24

🇨🇳 124.167.20.113

🇳🇬 102.221.237.6

🇬🇧 78.153.140.127

🇺🇸 72.212.176.37

🇳🇱 45.198.224.5

🇨🇳 14.103.107.229

🇨🇳 222.214.141.12

🇺🇸 184.105.247.254

🇵🇹 148.63.94.8

🇺🇦 95.158.39.201

🇧🇬 93.94.141.115

🇺🇸 66.132.186.241

🇺🇸 45.156.131.12