JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 155.2.217.6

155.2.217.6 was found in our database!

This IP was reported 111 times. Confidence of Abuse is 3%: ?

ISP	VPN Consumer Budapest, Hungary
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	vpnconsumer.com
Country	🇭🇺 Hungary
City	Budapest, Budapest

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 155.2.217.6

Whois 155.2.217.6

IP Abuse Reports for 155.2.217.6:

This IP address has been reported a total of 111 times from 30 distinct sources. 155.2.217.6 was first reported on March 26th 2025, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 screwlooseit.com.au	2026-06-11 03:36:26 (3 days ago)	Blocked by CSF 13 firewall - Rule: XMLRPC US/United States/-	Web App Attack
🇺🇸 TPI-Abuse	2026-03-15 14:59:41 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 155.2.217.6 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 155.2.217.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 15 10:59:34.644718 2026] [security2:error] [pid 13507:tid 13507] [client 155.2.217.6:25329] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.dudleyanddudley.com"] [uri "/back/sftp-config.json"] [unique_id "abbJVmegZa_mx8q4McdzdwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-15 06:21:42 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 155.2.217.6 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 155.2.217.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 15 02:21:34.147247 2026] [security2:error] [pid 22398:tid 22398] [client 155.2.217.6:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ccamp.dev\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ccamp.dev"] [uri "/back/backup.sql"] [unique_id "abZP7klXaVl3dV-pkgEBegAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-13 16:48:23 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 155.2.217.6 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 155.2.217.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 13 12:48:14.548989 2026] [security2:error] [pid 30094:tid 30094] [client 155.2.217.6:27893] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|crypto-stamps.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "crypto-stamps.com"] [uri "/bak/www.sql"] [unique_id "abQ_zrRVdRXPs1KDvn89KQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 BlueWire Hosting	2026-03-13 05:48:18 (3 months ago)	Suspicious HTTP(s) activity without a user agent provided	Bad Web Bot
🇺🇸 TPI-Abuse	2026-03-12 10:19:39 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 155.2.217.6 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 155.2.217.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 12 06:19:36.396411 2026] [security2:error] [pid 8240:tid 8240] [client 155.2.217.6:44883] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|usbea.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "usbea.com"] [uri "/www.sql"] [unique_id "abKTOI_DhnKBmpkGISYdvAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 bescared	2026-03-10 13:57:27 (3 months ago)	F2B - Malicious activity detected. URL Probing.	Hacking Bad Web Bot Web App Attack
🇬🇧 Axel	2026-03-09 03:08:02 (3 months ago)	Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /restore/sftp ... show more Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /restore/sftp-config.json Server: UK-01 show less	Web App Attack Hacking SQL Injection
🇯🇵 Valhalla	2026-03-08 22:42:53 (3 months ago)	/back/mysql.sql	Hacking Web App Attack
🇵🇾 armandosaucedo.me	2026-03-02 11:37:35 (3 months ago)	155.2.217.6 - - [02/Mar/2026:11:37:32 +0000] "GET /back/backup.tar HTTP/1.1" 404 196 "-" "-"	Web App Attack
🇺🇸 Penny Packer	2026-03-02 03:33:16 (3 months ago)	Fail2Ban apache-tripwires	Web App Attack
🇺🇸 TPI-Abuse	2026-03-01 18:12:41 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 155.2.217.6 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210730) triggered by 155.2.217.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 01 13:12:34.066589 2026] [security2:error] [pid 12759:tid 12759] [client 155.2.217.6:51747] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|pellman-world.com\|F\|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "pellman-world.com"] [uri "/backups/wallet.dat"] [unique_id "aaSBko5C5UQwE2JMGFcN7gAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 poundawebsiteltd	2026-03-01 17:40:51 (3 months ago)	Web App Attack (ModSecurity Block). Evidence: beanietools.dev:80 155.2.217.6 - - [01/Mar/2026:17:40: ... show more Web App Attack (ModSecurity Block). Evidence: beanietools.dev:80 155.2.217.6 - - [01/Mar/2026:17:40:49 +0000] HEAD /bak/dump.sql HTTP/1.1 403 124 - - show less	Web App Attack
🇬🇧 pinguin	2026-02-07 08:57:46 (4 months ago)	Triggered Cloudflare WAF (firewallManaged) from HU. Action taken: LOG Protocol: HTTP/2 (HEAD method) ... show more Triggered Cloudflare WAF (firewallManaged) from HU. Action taken: LOG Protocol: HTTP/2 (HEAD method) Endpoint: /bak/web.zip UA: Empty string This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 Penny Packer	2026-02-04 20:13:39 (4 months ago)	Fail2Ban apache-tripwires	Web App Attack

Showing 1 to 15 of 111 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2604:a880:400:d1:0:4:9625:9001

🇧🇷 177.128.224.122

🇳🇱 103.176.90.41

🇳🇱 89.21.67.141

🇺🇸 40.121.200.75

🇨🇦 20.63.84.0

🇨🇳 14.29.227.118

🇧🇪 198.235.24.253

🇵🇪 190.223.60.209

🇺🇸 136.107.29.15

🇨🇳 119.249.100.111

🇬🇧 81.19.219.251

🇩🇪 69.5.169.192

🇻🇳 45.122.242.218

🇺🇸 45.33.110.79

🇬🇧 195.250.23.247

🇹🇷 195.33.199.59

🇰🇷 121.179.93.147

🇨🇩 102.216.240.61

🇩🇪 93.228.34.184