JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 155.2.216.5

155.2.216.5 was found in our database!

This IP was reported 61 times. Confidence of Abuse is 43%: ?

43%

ISP	VPN Consumer Tokyo, Japan
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	vpnconsumer.com
Country	🇯🇵 Japan
City	Tokyo, Tokyo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 155.2.216.5

Whois 155.2.216.5

IP Abuse Reports for 155.2.216.5:

This IP address has been reported a total of 61 times from 30 distinct sources. 155.2.216.5 was first reported on April 7th 2025, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇸🇪 EmK530	2026-06-06 09:55:24 (3 days ago)	URL flagged by RegEx: /vendor/phpunit/phpunit/phpunit.xsd	Web App Attack
🇺🇸 rwgomes	2026-06-05 22:58:29 (3 days ago)	Automated report from Intelligence Finance Tools. IP probed malicious path: /vendor/phpunit/phpunit/ ... show more Automated report from Intelligence Finance Tools. IP probed malicious path: /vendor/phpunit/phpunit/phpunit.xsd. No such resource exists on this server. show less	Web App Attack Hacking
Anonymous	2026-05-24 15:58:26 (2 weeks ago)	155.2.216.5 - - [24/May/2026:23:58:26 +0800] "GET /.env HTTP/1.1" 301 239 "-" "python-requests/2.26. ... show more 155.2.216.5 - - [24/May/2026:23:58:26 +0800] "GET /.env HTTP/1.1" 301 239 "-" "python-requests/2.26.0" ... show less	Bad Web Bot Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-05-24 13:07:02 (2 weeks ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01,wa01,wa02]	Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-05-24 12:21:19 (2 weeks ago)	IM360 WAF: Direct access to sensitive file or dotfile MV:/.env	Web App Attack
🇩🇪 evilrave	2026-05-20 12:07:37 (2 weeks ago)	155.2.216.5 - - [20/May/2026:12:07:37 +0000] "GET /.env HTTP/1.1" 444 0 Host="[REDACTED_IP]" SNI="-" ... show more 155.2.216.5 - - [20/May/2026:12:07:37 +0000] "GET /.env HTTP/1.1" 444 0 Host="[REDACTED_IP]" SNI="-" ... show less	Bad Web Bot
🇱🇻 garmtech.com	2026-05-15 04:07:06 (3 weeks ago)	IM360 WAF: Direct access to sensitive file or dotfile MV:/.env	Web App Attack
🇺🇸 TPI-Abuse	2026-05-14 11:18:48 (3 weeks ago)	(mod_security) mod_security (id:949110) triggered by 155.2.216.5 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:949110) triggered by 155.2.216.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 07:18:41.836860 2026] [security2:error] [pid 27119:tid 27119] [client 155.2.216.5:43519] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "euro-theatre.com"] [uri "/.env"] [unique_id "agWvkZDqVRgtHU-H017EPQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 tutaim.com	2026-05-06 08:00:14 (1 month ago)	⛔ [06/05/26] This IP has been detected performing multiple attacks on websites (3 attempts blocked). ... show more ⛔ [06/05/26] This IP has been detected performing multiple attacks on websites (3 attempts blocked). Potential malicious activity. show less	Brute-Force SSH Web App Attack FTP Brute-Force
🇵🇾 armandosaucedo.me	2026-05-04 04:40:22 (1 month ago)	Threat Intelligence via ARMTI, Web Attack: GET /vendor/phpunit/phpunit/phpunit.xsd	Web App Attack
🇩🇪 Carsten	2026-05-04 04:23:14 (1 month ago)	GET [vendor/phpunit/phpunit/phpunit.xsd]	Port Scan
🇺🇸 TPI-Abuse	2026-05-03 12:26:03 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 155.2.216.5 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 155.2.216.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 03 08:25:56.236377 2026] [security2:error] [pid 26230:tid 26230] [client 155.2.216.5:60377] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|dixieaire.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dixieaire.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "afc-1DXDRSm8UWOREe8C0gAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 thilo	2026-05-03 01:36:28 (1 month ago)	Probe for vulnerabilities. Path attempted: /vendor/phpunit/phpunit/phpunit.xsd	Web App Attack
🇺🇸 TPI-Abuse	2026-05-02 16:20:57 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 155.2.216.5 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 155.2.216.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 02 12:20:50.051353 2026] [security2:error] [pid 27935:tid 27935] [client 155.2.216.5:43383] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.domainexecs.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.domainexecs.com"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "afYkYuH3xpUWtyyPs4YxkwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-02 15:43:58 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 155.2.216.5 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 155.2.216.5 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 02 11:43:52.044448 2026] [security2:error] [pid 23238:tid 23238] [client 155.2.216.5:41659] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.solidthought.com\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.solidthought.com"] [uri "/rockerdan/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "afYbuOjCmshBqGlSzMJ8iAAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 61 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 172.71.235.33

🇧🇷 172.69.138.68

🇧🇷 172.68.18.131

🇧🇷 104.22.10.61

🇧🇷 104.22.10.60

🇫🇷 91.196.152.180

🇱🇹 45.227.254.170

🇹🇼 35.229.211.27

🇹🇼 198.235.24.108

🇬🇧 185.247.137.170

🇱🇰 175.157.71.49

🇧🇷 172.71.238.85

🇧🇷 172.71.238.84

🇧🇷 172.69.138.69

🇧🇷 172.69.39.122

🇧🇷 172.69.11.252

🇧🇷 172.68.18.130

🇺🇸 146.190.119.189

🇨🇦 137.184.163.20

🇧🇷 104.23.254.63