JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.70.115.218

172.70.115.218 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 0%: ?

ISP	Cloudflare, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS13335
Domain Name	cloudflare.com
Country	🇺🇸 United States of America
City	Newark, New Jersey

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Important Note: 172.70.115.218 is an IP address from within our whitelist belonging to the subnet 172.64.0.0/13, which we identify as: "Cloudflare Reverse Proxy".

Whitelisted netblocks are typically owned by trusted entities, such as Google or Microsoft who may use them for search engine spiders. However, these same entities sometimes also provide cloud servers and mail services which are easily abused. Pay special attention when trusting or distrusting these IPs.

Report 172.70.115.218

Whois 172.70.115.218

IP Abuse Reports for 172.70.115.218:

This IP address has been reported a total of 12 times from 6 distinct sources. 172.70.115.218 was first reported on July 23rd 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇱 router.al	2026-06-23 10:52:38 (1 day ago)	06/23/2026-10:52:38.788084 172.70.115.218 Protocol: 6 ET EXPLOIT GraphQL Introspection Query Attempt	Hacking
Anonymous	2026-06-01 05:49:28 (3 weeks ago)	[Mon Jun 01 07:49:26.764427 2026] [authz_core:error] [pid 9250] [client 172.70.115.218:11683] AH0163 ... show more [Mon Jun 01 07:49:26.764427 2026] [authz_core:error] [pid 9250] [client 172.70.115.218:11683] AH01630: client denied by server configuration: /etc/httpd/htdocs [Mon Jun 01 07:49:27.181812 2026] [authz_core:error] [pid 9250] [client 172.70.115.218:11683] AH01630: client denied by server configuration: /etc/httpd/htdocs [Mon Jun 01 07:49:27.411444 2026] [authz_core:error] [pid 9250] [client 172.70.115.218:11683] AH01630: client denied by server configuration: /etc/httpd/htdocs ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-03-30 01:21:05 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.115.218 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.70.115.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 29 21:20:59.378004 2026] [security2:error] [pid 20566:tid 20566] [client 172.70.115.218:12665] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.puckerbackbikini.com"] [uri "/docker/.env"] [unique_id "acnP-27qgWP1rapBsnos8wAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-29 17:06:26 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.115.218 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.70.115.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 29 13:06:22.307169 2026] [security2:error] [pid 30199:tid 30199] [client 172.70.115.218:11744] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.carmel.xyz"] [uri "/.env.bak"] [unique_id "aclcDrYm1P0ImJ0wGku-DAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-20 07:30:29 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.115.218 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.70.115.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 20 03:30:17.493670 2026] [security2:error] [pid 2584741:tid 2584741] [client 172.70.115.218:11146] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.hendersonhomes.com"] [uri "/docker/.env"] [unique_id "abz3ibmaC-IrBSMEBFGa-gAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 LotPhantom	2026-03-20 06:30:49 (3 months ago)	2026/03/20 06:30:48 [error] 2491776#2491776: 166292 access forbidden by rule, client: 172.70.115.21 ... show more 2026/03/20 06:30:48 [error] 2491776#2491776: 166292 access forbidden by rule, client: 172.70.115.218, server: staging-api.bridginggaps.tech, request: "GET /.env.json HTTP/2.0", host: "staging-api.bridginggaps.tech" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-03-20 06:30:30 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.115.218 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.70.115.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 20 02:30:26.054445 2026] [security2:error] [pid 15294:tid 15334] [client 172.70.115.218:11296] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.kwainet.com"] [uri "/private/.env"] [unique_id "abzpgrbVL-av_JwZaza46gAAAUM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-20 02:36:45 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 172.70.115.218 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.70.115.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 19 22:36:35.655089 2026] [security2:error] [pid 25210:tid 25210] [client 172.70.115.218:11784] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "intercite.com"] [uri "/.env.staging"] [unique_id "abyys3CSaBGqZdVUURfw0wAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-03-18 18:49:25 (3 months ago)	[Wed Mar 18 19:49:17.849758 2026] [authz_core:error] [pid 31917] [client 172.70.115.218:13168] AH016 ... show more [Wed Mar 18 19:49:17.849758 2026] [authz_core:error] [pid 31917] [client 172.70.115.218:13168] AH01630: client denied by server configuration: /etc/httpd/htdocs [Wed Mar 18 19:49:24.344740 2026] [authz_core:error] [pid 31916] [client 172.70.115.218:13175] AH01630: client denied by server configuration: /etc/httpd/htdocs [Wed Mar 18 19:49:24.503688 2026] [authz_core:error] [pid 31916] [client 172.70.115.218:13175] AH01630: client denied by server configuration: /etc/httpd/htdocs ... show less	Web App Attack
Anonymous	2025-09-17 00:28:22 (9 months ago)	wp-login.php scan	Web App Attack
Anonymous	2025-09-07 23:45:37 (9 months ago)	[Mon Sep 08 01:45:36.369575 2025] [authz_core:error] [pid 24331] [client 172.70.115.218:19442] AH016 ... show more [Mon Sep 08 01:45:36.369575 2025] [authz_core:error] [pid 24331] [client 172.70.115.218:19442] AH01630: client denied by server configuration: /etc/httpd/htdocs [Mon Sep 08 01:45:36.576869 2025] [authz_core:error] [pid 24331] [client 172.70.115.218:19442] AH01630: client denied by server configuration: /etc/httpd/htdocs [Mon Sep 08 01:45:36.783613 2025] [authz_core:error] [pid 24331] [client 172.70.115.218:19442] AH01630: client denied by server configuration: /etc/httpd/htdocs ... show less	Web App Attack
🇲🇹 Malta	2025-07-23 20:29:29 (11 months ago)	172.70.115.218 - - [23/Jul/2025:22:29:29 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Linux; And ... show more 172.70.115.218 - - [23/Jul/2025:22:29:29 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Linux; Android 14; SM-G998B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.0.0 Mobile Safari/537.36" Brute-force password attempt show less	Hacking Brute-Force Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 2804:1b1:1043:240b:c562:5526:ee10:eb8b

🇮🇳 182.95.177.158

🇳🇱 176.65.139.181

🇨🇳 106.12.74.119

🇮🇳 103.91.246.73

🇧🇩 45.120.115.150

🇺🇸 34.63.5.31

🇷🇴 193.46.255.86

🇬🇹 190.151.130.5

🇫🇷 185.255.126.42

🇧🇬 151.251.104.200

🇺🇸 134.209.120.216

🇵🇱 134.112.56.47

🇺🇸 92.204.138.191

🇫🇷 91.231.89.160

🇺🇸 67.81.118.42

🇰🇷 49.254.0.82

🇨🇳 14.103.111.16

🇮🇳 182.95.230.206

🇬🇧 165.154.129.188