JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.70.114.223

172.70.114.223 was found in our database!

This IP was reported 115 times. Confidence of Abuse is 0%: ?

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇺🇸 United States of America
City	Newark, New Jersey

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Important Note: 172.70.114.223 is an IP address from within our whitelist belonging to the subnet 172.64.0.0/13, which we identify as: "Cloudflare Reverse Proxy".

Whitelisted netblocks are typically owned by trusted entities, such as Google or Microsoft who may use them for search engine spiders. However, these same entities sometimes also provide cloud servers and mail services which are easily abused. Pay special attention when trusting or distrusting these IPs.

Report 172.70.114.223

Whois 172.70.114.223

IP Abuse Reports for 172.70.114.223:

This IP address has been reported a total of 115 times from 25 distinct sources. 172.70.114.223 was first reported on February 3rd 2022, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-16 22:04:20 (5 hours ago)	Auto-ban: >3000 req/min op 2026-06-16	Web App Attack SSH Hacking
🇬🇧 Axel	2026-05-29 03:06:01 (2 weeks ago)	Blocked by ModSecurity. Rule ID: 225170 Message: COMODO WAF: Sensitive Information Disclosure Vulner ... show more Blocked by ModSecurity. Rule ID: 225170 Message: COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|redcasiepac.com\|F\|2 Phase: 2 Severity: CRITICAL URI: /wp-json/wp/v2/users Server: UK-01 show less	Web App Attack Hacking SQL Injection
🇺🇸 TPI-Abuse	2026-03-31 12:59:46 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.114.223 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.70.114.223 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 31 08:59:40.907503 2026] [security2:error] [pid 9098:tid 9098] [client 172.70.114.223:13231] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.scrunchiebutt.com"] [uri "/.env.production.bak"] [unique_id "acvFPEux5UcpA_7z3rfXCAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-29 21:56:24 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.114.223 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.70.114.223 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 29 17:56:16.909937 2026] [security2:error] [pid 10870:tid 10870] [client 172.70.114.223:11829] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "houseofbates.net"] [uri "/root/.env"] [unique_id "acmgADLO3Bq2ekVcrRSFvwAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-20 09:02:44 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.114.223 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.70.114.223 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 20 05:02:37.308828 2026] [security2:error] [pid 31111:tid 31111] [client 172.70.114.223:13179] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.faithlines.com"] [uri "/.env.local"] [unique_id "ab0NLbMsqEJsYL2Iw7slBgAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-20 07:22:13 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.114.223 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.70.114.223 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 20 03:22:06.062824 2026] [security2:error] [pid 1125:tid 1125] [client 172.70.114.223:12647] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.serranolopezarquitectos.com"] [uri "/api/.env"] [unique_id "abz1nl-5O2254e2E17EiUQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-20 06:27:24 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.114.223 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.70.114.223 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 20 02:27:17.675706 2026] [security2:error] [pid 29838:tid 29838] [client 172.70.114.223:13945] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.catzpaw.com"] [uri "/app/.env"] [unique_id "abzoxb20ovh8cM0ZKkQaFwAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-20 04:48:03 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.114.223 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.70.114.223 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 20 00:47:56.367034 2026] [security2:error] [pid 24127:tid 24127] [client 172.70.114.223:9775] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "speakertrainerconsultantpatdavis.org"] [uri "/.env_secret"] [unique_id "abzRfIIJkb4KIRmnLwog4AAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-20 04:12:56 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.114.223 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.70.114.223 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 20 00:12:53.355331 2026] [security2:error] [pid 9567:tid 9567] [client 172.70.114.223:13578] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kooroshvaziri.com"] [uri "/.env_config"] [unique_id "abzJRXarDJ3K67ZLWXl0fwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-20 02:37:25 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.114.223 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.70.114.223 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 19 22:37:17.082493 2026] [security2:error] [pid 29116:tid 29116] [client 172.70.114.223:11110] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.saratogaequity.com"] [uri "/api/.env"] [unique_id "abyy3b9Xvz28vX5tU9InkAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 acadeova	2026-03-10 09:40:17 (3 months ago)	🚨 Recon detected (nft drop) SRC=172.70.114.223 Observed=TCP dpt=80 in=enp0s6 ttl=57 Time=recent(jour ... show more 🚨 Recon detected (nft drop) SRC=172.70.114.223 Observed=TCP dpt=80 in=enp0s6 ttl=57 Time=recent(journalctl: 10 minutes ago) Assessment=Generic scanning / reconnaissance (PORT_SCAN) show less	Port Scan
🇩🇪 acadeova	2026-02-10 01:17:41 (4 months ago)	🚨 Recon detected (nft drop) SRC=172.70.114.223 Observed=TCP dpt=80 in=enp0s6 ttl=57 Time=recent(jour ... show more 🚨 Recon detected (nft drop) SRC=172.70.114.223 Observed=TCP dpt=80 in=enp0s6 ttl=57 Time=recent(journalctl: 10 minutes ago) Assessment=Generic scanning / reconnaissance (PORT_SCAN) show less	Port Scan
🇺🇸 mawan	2025-10-30 10:59:21 (7 months ago)	Suspected of having performed illicit activity on LAX server.	Web App Attack
Anonymous	2025-10-25 05:52:47 (7 months ago)	[Sat Oct 25 07:52:43.693303 2025] [authz_core:error] [pid 19179] [client 172.70.114.223:9767] AH0163 ... show more [Sat Oct 25 07:52:43.693303 2025] [authz_core:error] [pid 19179] [client 172.70.114.223:9767] AH01630: client denied by server configuration: /etc/httpd/htdocs [Sat Oct 25 07:52:44.744675 2025] [authz_core:error] [pid 19179] [client 172.70.114.223:9767] AH01630: client denied by server configuration: /etc/httpd/htdocs [Sat Oct 25 07:52:45.654825 2025] [authz_core:error] [pid 19179] [client 172.70.114.223:9767] AH01630: client denied by server configuration: /etc/httpd/htdocs ... show less	Web App Attack
🇺🇸 mawan	2025-07-22 07:46:39 (10 months ago)	Suspected of having performed illicit activity on LAX server.	Web App Attack

Showing 1 to 15 of 115 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 106.92.36.64

🇷🇺 95.47.246.223

🇺🇸 205.210.31.105

🇹🇼 198.235.24.93

🇹🇼 198.235.24.91

🇲🇽 189.162.31.178

🇨🇴 152.200.181.42

🇺🇸 147.185.132.12

🇨🇦 138.197.166.179

🇮🇳 122.176.117.147

🇰🇷 104.28.217.216

🇪🇸 90.162.13.50

🇳🇱 88.210.13.69

🇫🇷 85.217.140.30

🇮🇪 54.194.247.176

🇮🇳 52.172.100.161

🇧🇪 34.78.237.123

🇺🇸 216.180.246.54

🇹🇼 198.235.24.90

🇹🇼 198.235.24.83