JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 155.2.216.4

155.2.216.4 was found in our database!

This IP was reported 54 times. Confidence of Abuse is 27%: ?

27%

ISP	VPN Consumer Tokyo, Japan
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	vpnconsumer.com
Country	🇯🇵 Japan
City	Tokyo, Tokyo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 155.2.216.4

Whois 155.2.216.4

IP Abuse Reports for 155.2.216.4:

This IP address has been reported a total of 54 times from 22 distinct sources. 155.2.216.4 was first reported on April 2nd 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇯🇵 SentinalX by uzumaru	2026-06-19 02:40:01 (2 days ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: api.ipify.org:443 show less	Open Proxy Port Scan
🇯🇵 SentinalX by uzumaru	2026-06-18 01:44:41 (3 days ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: clients3.google.com:443 show less	Open Proxy Port Scan
🇺🇸 TPI-Abuse	2026-05-15 23:19:18 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 155.2.216.4 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 155.2.216.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 19:19:14.173388 2026] [security2:error] [pid 29230:tid 29230] [client 155.2.216.4:32941] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "i4agency.com"] [uri "/.env"] [unique_id "agep8gcMly2BTd2E_Bv9xgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 A000Z	2026-05-15 16:08:31 (1 month ago)	Fail2Ban: 155.2.216.4 was banned for Aggressive Bad Bot detected by Nginx/Fail2Ban. UA: Empty/Hidden ... show more Fail2Ban: 155.2.216.4 was banned for Aggressive Bad Bot detected by Nginx/Fail2Ban. UA: Empty/Hidden User-Agent show less	Bad Web Bot
🇨🇳 ThreatBook.io	2026-05-15 00:45:46 (1 month ago)	ThreatBook Intelligence: vpn_proxy more details on http://threatbook.io/ip/155.2.216.4 2026-05-14 23 ... show more ThreatBook Intelligence: vpn_proxy more details on http://threatbook.io/ip/155.2.216.4 2026-05-14 23:15:00 /.env show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-14 10:50:22 (1 month ago)	(mod_security) mod_security (id:949110) triggered by 155.2.216.4 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:949110) triggered by 155.2.216.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 06:50:07.032864 2026] [security2:error] [pid 7777:tid 7777] [client 155.2.216.4:39909] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "toxicnation.com"] [uri "/.env"] [unique_id "agWo3ybI6x_D-BuISSPDuAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-14 10:18:07 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 155.2.216.4 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 155.2.216.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 06:18:00.490930 2026] [security2:error] [pid 11246:tid 11246] [client 155.2.216.4:38681] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "redlitephotos.com"] [uri "/.env"] [unique_id "agWhWL97mLD0XqKwnt0LzgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-14 09:55:29 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 155.2.216.4 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 155.2.216.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 05:55:23.749993 2026] [security2:error] [pid 29997:tid 30020] [client 155.2.216.4:48269] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "newyorklifecoach.com"] [uri "/.env"] [unique_id "agWcCy3yMQNded-fJxelPgAAARI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-14 03:57:41 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 155.2.216.4 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 155.2.216.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 23:57:37.293421 2026] [security2:error] [pid 32511:tid 32511] [client 155.2.216.4:40607] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "appalachianstomp.com"] [uri "/.env"] [unique_id "agVIMZsfryQb4-jqQK-e7gAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-04 04:07:31 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 155.2.216.4 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 155.2.216.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 04 00:07:25.622349 2026] [security2:error] [pid 24197:tid 24197] [client 155.2.216.4:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|uwsvita.org\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "uwsvita.org"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "afgbfaRoqKB_S-rladbFGAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Carsten	2026-05-04 04:07:26 (1 month ago)	GET [vendor/phpunit/phpunit/phpunit.xsd]	Port Scan
🇩🇪 FeG Deutschland	2026-05-02 17:45:44 (1 month ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-05-02 15:39:39 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 155.2.216.4 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 155.2.216.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 02 11:39:33.589251 2026] [security2:error] [pid 29228:tid 29228] [client 155.2.216.4:20585] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|eurosoni.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "eurosoni.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "afYatYywnyGMigLfbZlBNgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-02 14:52:12 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 155.2.216.4 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 155.2.216.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 02 10:52:05.613062 2026] [security2:error] [pid 18378:tid 18378] [client 155.2.216.4:43627] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ineedafriend.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ineedafriend.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "afYPlRF-b8j5GvD_w_T2mgAAACk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-02 13:57:21 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 155.2.216.4 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 155.2.216.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 02 09:57:17.358409 2026] [security2:error] [pid 12881:tid 12881] [client 155.2.216.4:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ruralcommunitycare.org\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ruralcommunitycare.org"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "afYCva-mD5-vXNPcIQrmkwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 54 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 185.182.8.41

🇺🇸 165.154.162.254

🇺🇸 66.94.116.236

🇬🇧 2a06:4880:8000::98

🇺🇸 2604:a880:400:d1:0:4:9e92:a001

🇰🇷 211.223.107.86

🇺🇸 209.141.46.157

🇹🇼 101.13.4.124

🇵🇱 87.251.64.145

🇰🇷 59.11.53.94

🇨🇦 20.220.166.196

🇺🇸 20.80.105.83

🇺🇸 15.204.165.54

🇮🇩 202.145.0.18

🇳🇱 193.39.208.26

🇳🇱 176.65.149.194

🇯🇵 172.253.13.20

🇨🇳 114.132.99.120

🇺🇸 44.249.126.247

🇨🇳 8.138.104.235