JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 155.2.216.27

155.2.216.27 was found in our database!

This IP was reported 51 times. Confidence of Abuse is 44%: ?

44%

ISP	VPN Consumer Tokyo, Japan
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	vpnconsumer.com
Country	🇯🇵 Japan
City	Tokyo, Tokyo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 155.2.216.27

Whois 155.2.216.27

IP Abuse Reports for 155.2.216.27:

This IP address has been reported a total of 51 times from 21 distinct sources. 155.2.216.27 was first reported on May 27th 2025, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-06-24 05:55:02 (8 hours ago)	Path Traversal Attack (/../). Pattern match "(?:^\| (930110-131)	Hacking
🇯🇵 demonsword	2026-06-23 10:52:37 (1 day ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: ifconfig.me:443 show less	Open Proxy Port Scan
🇯🇵 SentinalX by uzumaru	2026-06-22 03:12:16 (2 days ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: www.cloudflare.com:443 show less	Open Proxy Port Scan
🇺🇸 Mundo Bueno	2026-06-22 02:42:49 (2 days ago)	[ISILIA Protection v2.1] Tentative d'accès: /vendor/phpunit/phpunit/phpunit.xsd \| Pays: JP \| UA: Moz ... show more [ISILIA Protection v2.1] Tentative d'accès: /vendor/phpunit/phpunit/phpunit.xsd \| Pays: JP \| UA: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 09:12:13 (1 week ago)	(mod_security) mod_security (id:210580) triggered by 155.2.216.27 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210580) triggered by 155.2.216.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 05:12:07.432872 2026] [security2:error] [pid 11307:tid 11307] [client 155.2.216.27:47617] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:log_filename. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt\|\|studioarts.net\|F\|2"] [data "Matched Data: etc/passwd found within ARGS:log_filename: ../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "studioarts.net"] [uri "/wp-admin/admin-ajax.php"] [unique_id "ajETZ5Vxk951shtTwsAR3gAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 BlueWire Hosting	2026-05-24 14:38:49 (4 weeks ago)	Bad bot ignoring robot.txt	Bad Web Bot
🇯🇵 demonsword	2026-05-22 10:28:51 (1 month ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: one.one.one.one:443 show less	Open Proxy Port Scan
🇩🇪 Ba-Yu	2026-05-21 07:46:19 (1 month ago)	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇱🇻 garmtech.com	2026-05-21 00:36:32 (1 month ago)	IM360 WAF: Laravel Apps Leaking Secrets exploit attempt MV:androxgh0st	Web App Attack
🇱🇻 garmtech.com	2026-05-21 00:36:31 (1 month ago)	IM360 WAF: Direct access to sensitive file or dotfile MV:/.env	Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 08:59:36 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 155.2.216.27 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 155.2.216.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:59:30.540882 2026] [security2:error] [pid 20912:tid 20912] [client 155.2.216.27:26309] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "egrabbagsale.com"] [uri "/.env"] [unique_id "agbgcs3boEM9944ClaFNFQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-14 06:28:05 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 155.2.216.27 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 155.2.216.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 02:27:59.685291 2026] [security2:error] [pid 16067:tid 16067] [client 155.2.216.27:58665] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bryanbender.com"] [uri "/.env"] [unique_id "agVrb5_jGHehW8z1bcd_3AAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Mundo Bueno	2026-05-04 04:43:43 (1 month ago)	[ISILIA Protection v2.1] Tentative d'accès: /vendor/phpunit/phpunit/phpunit.xsd \| Pays: JP \| UA: Moz ... show more [ISILIA Protection v2.1] Tentative d'accès: /vendor/phpunit/phpunit/phpunit.xsd \| Pays: JP \| UA: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0 show less	Hacking Web App Attack
🇨🇿 akac	2026-05-03 05:00:54 (1 month ago)	Web vulnerability scanning: HTTP/1.1 GET /vendor/phpunit/phpunit/phpunit.xsd	Hacking Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-02 17:46:01 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 155.2.216.27 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 155.2.216.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 02 13:45:53.580306 2026] [security2:error] [pid 23710:tid 23710] [client 155.2.216.27:48423] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|vaxd.org\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "vaxd.org"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "afY4UWH2EhKjb6sbxH4i_AAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 51 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇪🇬 41.38.50.27

🇰🇷 183.105.107.28

🇺🇸 152.32.235.160

🇺🇸 66.132.186.232

🇸🇬 4.194.23.79

🇺🇸 172.215.239.208

🇺🇸 135.119.73.164

🇻🇳 116.111.186.22

🇷🇺 95.47.246.223

🇧🇬 79.124.40.138

🇨🇳 218.25.89.208

🇬🇧 193.163.125.13

🇺🇸 64.62.156.145

🇳🇱 45.148.10.141

🇫🇷 185.177.72.52

🇧🇷 45.4.179.4

🇺🇸 166.70.21.183

🇭🇰 154.221.28.214

🇮🇳 128.185.253.98

🇨🇳 119.29.93.87