JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.215.209.65

172.215.209.65 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 40%: ?

40%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Cheyenne, Wyoming

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.215.209.65

Whois 172.215.209.65

IP Abuse Reports for 172.215.209.65:

This IP address has been reported a total of 12 times from 10 distinct sources. 172.215.209.65 was first reported on December 28th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 xmission.com	2026-06-14 21:48:02 (1 week ago)	Blocked by UFW (TCP on 80) Source port: 64585 TTL: 52 Packet length: 60 TOS: 0x00 This report (for ... show more Blocked by UFW (TCP on 80) Source port: 64585 TTL: 52 Packet length: 60 TOS: 0x00 This report (for 172.215.209.65) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 20:47:39 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 172.215.209.65 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.215.209.65 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 16:47:34.674327 2026] [security2:error] [pid 6088:tid 6088] [client 172.215.209.65:65469] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.40"] [uri "/wp-config.php.bak"] [unique_id "ai8TZiIk75t46C9VadoV2QAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 JustMeHere	2026-06-14 18:15:15 (1 week ago)	[Sun Jun 14 14:15:10.771085 2026] [security2:error] [pid 165899:tid 165935] [client 172.215.209.65:6 ... show more [Sun Jun 14 14:15:10.771085 2026] [security2:error] [pid 165899:tid 165935] [client 172.215.209.65:64947] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [ver "OWASP_CRS/4.15.0"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "73.88.79.72"] [uri "/.git/HEAD"] [unique_id "ai7vrsqG5AJQVM2gz59LlAAAAMg"] ... show less	Web App Attack
Anonymous	2026-06-02 10:41:46 (2 weeks ago)	2026-06-02T11:41:45.665400+01:00 vps kernel: [42137073.808222] [PORTSCAN DETECTED] IN=ens3 OUT= MAC= ... show more 2026-06-02T11:41:45.665400+01:00 vps kernel: [42137073.808222] [PORTSCAN DETECTED] IN=ens3 OUT= MAC=fa:16:3e:66:f6:24:02:37:19:0d:c2:f3:08:00 SRC=172.215.209.65 DST=54.37.14.118 LEN=40 TOS=0x00 PREC=0x00 TTL=229 ID=15851 PROTO=TCP SPT=46112 DPT=2 WINDOW=1024 RES=0x00 SYN URGP=0 ... show less	Port Scan Brute-Force
🇦🇹 René Hickersberger	2026-05-26 14:44:12 (3 weeks ago)	[2026-05-26T14:44:11Z] Malicious request to /.env	Hacking Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-05-26 14:33:46 (3 weeks ago)	Multiple WAF Violations	Web App Attack
Anonymous	2026-05-26 12:25:37 (3 weeks ago)	(caddyscan) Scanner path probe from 172.215.209.65 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 172.215.209.65 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 172.215.209.65 - - [26/May/2026:12:25:34 +0000] "GET /config/.env HTTP/1.1" [REDACTED] 200 2627 172.215.209.65 - - [26/May/2026:12:25:35 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.215.209.65 - - [26/May/2026:12:25:35 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 172.215.209.65 - - [26/May/2026:12:25:35 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.215.209.65 - - [26/May/2026:12:25:35 +0000] "GET /.env HTTP/1.1" show less	Port Scan
🇺🇸 mnsf	2026-05-26 12:05:10 (3 weeks ago)	Too many Status 40X (11) Scanning/Probing (11)	Brute-Force Web App Attack
🇮🇹 VHosting	2026-05-26 11:50:02 (3 weeks ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 10:42:54 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 172.215.209.65 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.215.209.65 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 06:42:47.767607 2026] [security2:error] [pid 3003:tid 3003] [client 172.215.209.65:34861] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "guavaroad.com"] [uri "/.env"] [unique_id "ahV5Jyb_PLdaRp5ptod8RwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 09:16:34 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 172.215.209.65 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.215.209.65 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 05:16:28.783769 2026] [security2:error] [pid 25968:tid 25968] [client 172.215.209.65:35072] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "johnhansonmemorial.org"] [uri "/.env"] [unique_id "ahVk7Hgd0WmcbU1vzOWCmgAAAAM"], referer: https://mail.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 BlueWire Hosting	2025-12-28 19:53:12 (5 months ago)	Bad bot ignoring robot.txt	Bad Web Bot

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2a09:bac5:6d4f:323c::501:28

🇲🇦 154.146.238.122

🇺🇸 144.172.108.237

🇷🇺 91.218.86.2

🇫🇷 85.217.140.40

🇱🇹 45.227.254.170

🇮🇳 42.106.143.91

🇩🇪 193.124.20.237

🇵🇪 186.148.196.26

🇺🇸 178.128.1.119

🇺🇸 162.216.149.232

🇩🇪 89.58.31.106

🇫🇷 85.217.140.2

🇹🇷 78.186.142.220

🇸🇬 47.128.123.196

🇺🇸 40.119.24.130

🇺🇸 37.123.193.103

🇺🇸 195.184.76.169

🇺🇸 162.216.150.15

🇩🇪 159.223.18.25