JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.215.211.21

172.215.211.21 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 45%: ?

45%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Cheyenne, Wyoming

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.215.211.21

Whois 172.215.211.21

IP Abuse Reports for 172.215.211.21:

This IP address has been reported a total of 17 times from 12 distinct sources. 172.215.211.21 was first reported on October 27th 2025, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-14 09:12:41 (2 weeks ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-06-14 01:14:31 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 172.215.211.21 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.215.211.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 21:14:26.163619 2026] [security2:error] [pid 10983:tid 10999] [client 172.215.211.21:35635] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.124"] [uri "/.git/HEAD"] [unique_id "ai4ActIjgH3cuDkWZAlexgAAAI4"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Admins@FBN	2026-06-14 01:14:10 (2 weeks ago)	FW-PortScan: Traffic Blocked srcport=35625 dstport=2087	Port Scan
🇺🇸 TPI-Abuse	2026-06-14 00:32:03 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 172.215.211.21 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.215.211.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 20:31:55.694711 2026] [security2:error] [pid 9415:tid 9415] [client 172.215.211.21:35630] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.121"] [uri "/.git/HEAD"] [unique_id "ai32ew2qbqFclKUynNfaqwAAAFE"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇸 Scan	2026-06-13 23:59:23 (2 weeks ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 MPL	2026-06-13 23:03:46 (2 weeks ago)	tcp port scan (9 or more attempts)	Port Scan
🇺🇸 TPI-Abuse	2026-06-13 22:37:04 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 172.215.211.21 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.215.211.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 18:36:58.476689 2026] [security2:error] [pid 7918:tid 7918] [client 172.215.211.21:36558] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.165"] [uri "/.git/HEAD"] [unique_id "ai3bihBboe-dIk1yK9VXjgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 22:00:23 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 172.215.211.21 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 172.215.211.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 18:00:19.076711 2026] [security2:error] [pid 27304:tid 27304] [client 172.215.211.21:35734] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|192.64.150.216\|F\|2"] [data ".env.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "192.64.150.216"] [uri "/.env.backup"] [unique_id "ai3S82791vKvpQZhLuijRgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-13 20:43:19 (2 weeks ago)	Sensitive file access attempt	Hacking
🇰🇷 enp0s1	2026-06-13 20:34:21 (2 weeks ago)	Auto-reported by Fail2Ban (UFW Block, Port Scan)	Port Scan
🇩🇪 kkeyser	2026-06-13 19:49:14 (2 weeks ago)	GET /.env HTTP/1.1	Web App Attack
🇭🇰 i553041	2026-06-13 19:37:36 (2 weeks ago)	172.215.211.21 - - [14/Jun/2026:03:37:21 +0800] "GET /.git/HEAD HTTP/1.1" 404 125 "-" "Mozilla/5.0 ( ... show more 172.215.211.21 - - [14/Jun/2026:03:37:21 +0800] "GET /.git/HEAD HTTP/1.1" 404 125 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" 172.215.211.21 - - [14/Jun/2026:03:37:22 +0800] "GET /.git/config HTTP/1.1" 404 125 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15" 172.215.211.21 - - [14/Jun/2026:03:37:22 +0800] "GET /.env HTTP/1.1" 404 187 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" 172.215.211.21 - - [14/Jun/2026:03:37:23 +0800] "GET /.env.local HTTP/1.1" 404 187 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 172.215.211.21 - - [14/Jun/2026:03:37:23 +0800] "GET /.env.production HTTP/1.1" 404 187 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 172 ... show less	Brute-Force SSH
🇮🇩 sockominfo	2026-01-20 19:00:06 (5 months ago)	Suspicious user agent detected Python/3.9 aiohttp/3.10.6. Threat Score: 3.8/10 (LOW). CVSS: 2.7/10 ( ... show more Suspicious user agent detected Python/3.9 aiohttp/3.10.6. Threat Score: 3.8/10 (LOW). CVSS: 2.7/10 (Low). Bayesian: 40%. MITRE: T1016. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-01-20 17:00:05 (5 months ago)	Suspicious user agent detected Python/3.9 aiohttp/3.10.6. Threat Score: 3.8/10 (LOW). CVSS: 2.7/10 ( ... show more Suspicious user agent detected Python/3.9 aiohttp/3.10.6. Threat Score: 3.8/10 (LOW). CVSS: 2.7/10 (Low). Bayesian: 38%. MITRE: T1016. Reported by TangerangKota-CSIRT show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-01-20 16:00:22 (5 months ago)	Suspicious user agent detected Python/3.9 aiohttp/3.10.6. Threat Score: 0/10 (INFORMATIONAL). Report ... show more Suspicious user agent detected Python/3.9 aiohttp/3.10.6. Threat Score: 0/10 (INFORMATIONAL). Reported by TangerangKota-CSIRT show less	Hacking Web App Attack

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.253.37.225

🇩🇪 185.207.107.77

🇮🇳 152.59.96.80

🇺🇸 91.230.168.123

🇷🇺 87.250.224.15

🇺🇸 65.49.20.100

🇺🇸 50.17.44.224

🇺🇸 45.148.233.34

🇳🇱 45.148.10.147

🇨🇿 185.28.100.109

🇮🇩 163.7.4.169

🇰🇷 113.59.150.123

🇫🇷 104.28.243.186

🇸🇬 101.47.158.56

🇧🇬 79.124.58.74

🇧🇷 45.172.162.153

🇺🇸 4.246.117.137

🇵🇹 2001:8a0:6f18:aa00:b222:7aff:fee3:5b23

🇬🇧 194.50.235.147

🇺🇸 188.213.202.66