JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.215.210.48

172.215.210.48 was found in our database!

This IP was reported 49 times. Confidence of Abuse is 18%: ?

18%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Cheyenne, Wyoming

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.215.210.48

Whois 172.215.210.48

IP Abuse Reports for 172.215.210.48:

This IP address has been reported a total of 49 times from 41 distinct sources. 172.215.210.48 was first reported on December 30th 2025, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇱 spd.co.il	2026-05-28 06:06:58 (4 weeks ago)	Web application attack detected	Hacking Web App Attack
🇺🇸 mnsf	2026-05-26 10:05:01 (4 weeks ago)	Too many Status 40X (11)	Brute-Force Web App Attack
🇩🇪 pscriptos	2026-05-26 08:15:28 (4 weeks ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-05-26 06:23:52 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 172.215.210.48 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.215.210.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 02:23:47.851596 2026] [security2:error] [pid 13742:tid 13742] [client 172.215.210.48:48007] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "techlinks.jacksonpropertyrentals.com"] [uri "/config/.env"] [unique_id "ahU8czYegFw5iUs0lIdW1wAAAAU"], referer: https://news.ycombinator.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 ambor	2026-04-12 11:48:59 (2 months ago)	Honeypot triggered: /.git/config on ifebridge.com. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; ... show more Honeypot triggered: /.git/config on ifebridge.com. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0. Method: GET show less	Web App Attack
🇮🇩 Burayot	2026-04-12 11:32:29 (2 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 172.215.210.48 (US/United States/-) ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 172.215.210.48 (US/United States/-): 2 in the last 3600 secs show less	Web App Attack
🇺🇸 TPI-Abuse	2026-04-12 11:13:52 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.215.210.48 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.215.210.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 12 07:13:49.204345 2026] [security2:error] [pid 4107743:tid 4107743] [client 172.215.210.48:5319] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "argcreativegroup.com"] [uri "/.git/config"] [unique_id "adt-bebzfxs7PSxmbuEQUAAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 ipoac.nl	2026-04-12 10:44:56 (2 months ago)	-:443 172.215.210.48 - - [12/Apr/2026:12:44:54 +0200] - "GET /.git/config HTTP/2.0" 404 1976 "https: ... show more -:443 172.215.210.48 - - [12/Apr/2026:12:44:54 +0200] - "GET /.git/config HTTP/2.0" 404 1976 "https://medium.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 17_1_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Mobile/15E148 Safari/604.1" show less	Bad Web Bot
🇩🇪 4server	2026-04-12 09:36:44 (2 months ago)	[SunApr1211:36:42.2324682026][security2:error][pid3326072:tid3326097][client172.215.210.48:0]ModSecu ... show more [SunApr1211:36:42.2324682026][security2:error][pid3326072:tid3326097][client172.215.210.48:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"shop.ponzellini.ch\"][uri\"/.git/config\"][unique_id\"adtnqlYQj4NvOwpNlfR2IwAAANY\"]\,referer:https://www.yahoo.com/ show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-04-12 09:32:54 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.215.210.48 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.215.210.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 12 05:32:47.477450 2026] [security2:error] [pid 2806215:tid 2806215] [client 172.215.210.48:5511] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "socialstudiesforkids.com"] [uri "/.git/config"] [unique_id "adtmv_XtOkjRKBGm3B2n7QAAABA"], referer: https://www.yahoo.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 Burayot	2026-04-12 09:12:15 (2 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 172.215.210.48 (US/United States/-) ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 172.215.210.48 (US/United States/-): 1 in the last 3600 secs show less	Web App Attack
🇳🇱 Savvii	2026-04-12 08:39:20 (2 months ago)	20 attempts against mh-misbehave-ban on ficus	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-12 07:51:51 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.215.210.48 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.215.210.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 12 03:51:45.246705 2026] [security2:error] [pid 3454285:tid 3454285] [client 172.215.210.48:5193] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dollybambi.click"] [uri "/.git/config"] [unique_id "adtPEa62WQ7lDl4ZbXPqEgAAAAM"], referer: https://twitter.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-04-12 07:35:08 (2 months ago)	171 requests with url.path */.git/config	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-04-12 07:15:28 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.215.210.48 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.215.210.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 12 03:15:24.454658 2026] [security2:error] [pid 3593258:tid 3593258] [client 172.215.210.48:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.cloudex.click"] [uri "/.git/config"] [unique_id "adtGjJ7TXz4ygSaYLs5bKgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 49 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.163.125.69

🇬🇧 134.122.111.117

🇨🇳 106.12.151.23

🇳🇱 91.92.40.13

🇺🇸 66.132.224.17

🇬🇧 35.203.210.18

🇺🇸 3.131.220.121

🇺🇸 2607:f8b0:400e:c05::12e

🇮🇩 180.243.188.193

🇫🇮 147.185.133.87

🇺🇸 141.11.88.11

🇨🇳 111.50.143.78

🇨🇳 106.12.170.135

🇺🇸 104.18.36.70

🇳🇱 91.92.42.34

🇬🇷 83.235.16.111

🇯🇲 66.9.166.251

🇺🇸 65.49.20.84

🇯🇵 43.153.185.56

🇩🇪 207.154.250.9