JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.202.102.215

172.202.102.215 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 74%: ?

74%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.202.102.215

Whois 172.202.102.215

IP Abuse Reports for 172.202.102.215:

This IP address has been reported a total of 19 times from 19 distinct sources. 172.202.102.215 was first reported on June 1st 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇭🇺 Csaba Gáspár	2026-06-16 13:37:00 (2 days ago)	HTPasswd.Access Spring.Boot.Actuator.Unauthorized.Access	Hacking
🇩🇪 Prodscape	2026-06-16 12:08:46 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 172.202.102.215 (US/United States/-): 5 in the ... show more (mod_security) mod_security (id:210492) triggered by 172.202.102.215 (US/United States/-): 5 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC show less	Port Scan
🇫🇷 dynamix	2026-06-16 11:33:12 (2 days ago)	Multiple WAF Violations	Web App Attack
🇳🇴 jad-abuse	2026-06-16 10:40:47 (2 days ago)	ThreatFeed automated detection: malicious HTTP scanning / exploit attempts. Signatures: git_exposure ... show more ThreatFeed automated detection: malicious HTTP scanning / exploit attempts. Signatures: git_exposure, env_probe, aws_creds, actuator. Observed by 1 sensor(s); 30 hits. show less	Hacking Web App Attack
🇩🇪 maxpower	2026-06-16 09:47:01 (2 days ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 172.202.102.215 (US/United States/-): 2 ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 172.202.102.215 (US/United States/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 172.202.102.215 - - [16/Jun/2026:11:46:57 +0200] "GET /wp-config.php.bak HTTP/1.1" 403 146 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "-" host=51.77.95.116 172.202.102.215 - - [16/Jun/2026:11:46:57 +0200] "GET /.aws/credentials HTTP/1.1" 404 10393 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" "-" host=51.77.95.116 show less	Port Scan
🇨🇭 Zdeněk Svancar	2026-06-16 08:42:19 (2 days ago)	172.202.102.215 - - [16/Jun/2026:08:42:05 +0000] "GET /.env HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Maci ... show more 172.202.102.215 - - [16/Jun/2026:08:42:05 +0000] "GET /.env HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 172.202.102.215 - - [16/Jun/2026:08:42:17 +0000] "GET /wp-config.php HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Port Scan Bad Web Bot Web App Attack
🇪🇸 DXC-0	2026-06-03 03:00:21 (2 weeks ago)	Multiple attacks on Honeypot servers	Web Spam Brute-Force Web App Attack Hacking
🇺🇸 xmission.com	2026-06-02 06:31:54 (2 weeks ago)	Blocked by UFW (TCP on 443) Source port: 47109 TTL: 52 Packet length: 60 TOS: 0x00 This report (for ... show more Blocked by UFW (TCP on 443) Source port: 47109 TTL: 52 Packet length: 60 TOS: 0x00 This report (for 172.202.102.215) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇹🇭 Sawasdee	2026-06-02 06:30:10 (2 weeks ago)	Unwanted checking 80 or 443 port ...	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-02 06:22:20 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 172.202.102.215 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 172.202.102.215 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 02:22:14.260243 2026] [security2:error] [pid 9905:tid 9905] [client 172.202.102.215:47152] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|192.64.150.216\|F\|2"] [data ".env.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "192.64.150.216"] [uri "/.env.backup"] [unique_id "ah52llIOsNoRj7DP0FQxGAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-02 05:13:51 (2 weeks ago)	Honeypot hit: Empty payload (likely service probe); 2087 [4], 2086 [1], 2083 [1], 2082 [1] TCP Repor ... show more Honeypot hit: Empty payload (likely service probe); 2087 [4], 2086 [1], 2083 [1], 2082 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇺🇸 kosada.com	2026-06-02 04:56:13 (2 weeks ago)	Web vulnerability probing: /.env.production (bogus vhost/SNI)	Web App Attack
🇧🇷 SOC PR	2026-06-02 04:21:55 (2 weeks ago)	IPS: Sensitive Configuration File Disclosure.	Hacking
🇬🇧 djboddington	2026-06-02 03:31:10 (2 weeks ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing	Web App Attack Hacking
🇵🇱 sefinek.net	2026-06-02 03:27:37 (2 weeks ago)	Honeypot hit: Empty payload (likely service probe); 2087 [4], 2083 [1], 2082 [1] TCP Reported by: ht ... show more Honeypot hit: Empty payload (likely service probe); 2087 [4], 2083 [1], 2082 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇺 176.97.168.185

🇺🇸 150.107.36.98

🇮🇪 130.195.213.202

🇫🇷 91.231.89.202

🇳🇱 185.242.226.71

🇮🇳 182.95.106.78

🇮🇳 159.89.161.238

🇺🇸 104.204.221.16

🇳🇱 45.198.224.5

🇷🇴 2.57.122.177

🇹🇼 198.235.24.58

🇺🇸 195.184.76.182

🇷🇺 176.97.176.174

🇭🇰 152.32.209.166

🇫🇮 147.185.133.70

🇨🇳 113.140.95.2

🇺🇸 104.200.76.65

🇺🇸 104.194.198.252

🇷🇴 80.94.92.177

🇨🇳 39.146.235.88