JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 208.92.158.21

208.92.158.21 was found in our database!

This IP was reported 51 times. Confidence of Abuse is 0%: ?

ISP	AfterNorth
Usage Type	Fixed Line ISP
ASN	AS14371
Hostname(s)	realestatecreate.com
Domain Name	afternorth.com
Country	🇺🇸 United States of America
City	Bemidji, Minnesota

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 208.92.158.21

Whois 208.92.158.21

IP Abuse Reports for 208.92.158.21:

This IP address has been reported a total of 51 times from 16 distinct sources. 208.92.158.21 was first reported on July 14th 2025, and the most recent report was 10 months ago.

Old Reports: The most recent abuse report for this IP address is from 10 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 penguin-solutions.at	2025-07-28 19:54:16 (10 months ago)	Excessive 403/404 errors ...	Brute-Force Web App Attack
Anonymous	2025-07-28 10:36:03 (10 months ago)	Malicious activity detected	Hacking Web App Attack
Anonymous	2025-07-28 10:20:40 (10 months ago)	Hacking activity detected	Hacking Brute-Force
🇺🇸 mnsf	2025-07-27 00:05:08 (10 months ago)	Too many Status 50X (359) Request Overload (448)	Brute-Force Web App Attack
Anonymous	2025-07-26 15:20:02 (10 months ago)	Malicious activity detected	Hacking Web App Attack
🇩🇪 LRob.fr	2025-07-26 07:00:21 (10 months ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇩🇪 LRob.fr	2025-07-26 06:45:14 (10 months ago)	Repeated attacks detected by Fail2Ban in recidive jail	Hacking
🇩🇪 LRob.fr	2025-07-26 06:30:11 (10 months ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇺🇸 mnsf	2025-07-25 18:05:08 (10 months ago)	Too many Status 50X (343) Request Overload (443)	Brute-Force Web App Attack
🇩🇪 updown.io	2025-07-25 16:55:02 (10 months ago)	{"level":"info","ts":1753462497.7721667,"logger":"http.log.access.log1","msg":"handled request","req ... show more {"level":"info","ts":1753462497.7721667,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"208.92.158.21","remote_port":"50277","client_ip":"208.92.158.21","proto":"HTTP/1.1","method":"GET","host":"status.gera0.he2.eric.si","uri":"/deployment.zip","headers":{"User-Agent":["Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"","server_name":"status.gera0.he2.eric.si"}},"bytes_read":0,"user_id":"","duration":0.000120499,"size":0,"status":429,"resp_headers":{"Server":["Caddy"],"Alt-Svc":["h3=\":443\"; ma=2592000"],"Retry-After":["1"]}} {"level":"info","ts":1753462497.7902951,"logger":"http.log.access.log1","msg":"handled request","request":{"remote_ip":"208.92.158.21","remote_port":"50273","client_ip":"208.92.158.21","proto":"HTTP/1.1","method":"GET","host":"status.gera0.he2.eric.si","uri":"/deploy.zip","headers":{"User-Agent":["Mozilla/5.0 (M ... show less	DDoS Attack Web App Attack
🇺🇸 TPI-Abuse	2025-07-25 08:25:57 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 208.92.158.21 (realestatecreate.com): 1 in the ... show more (mod_security) mod_security (id:210492) triggered by 208.92.158.21 (realestatecreate.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 25 04:25:49.943367 2025] [security2:error] [pid 23738:tid 23738] [client 208.92.158.21:55552] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gmes.biz"] [uri "/web.config.rar"] [unique_id "aIM_jfyQvB_9E9Ih3Ar0HAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2025-07-25 07:02:03 (10 months ago)	6.678 4xx requests in 1 hour (2w1d3hfromnow)	Brute-Force Bad Web Bot
Anonymous	2025-07-20 04:23:40 (11 months ago)	fail2ban apache-modsecurity web [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [uri "/Teler ... show more fail2ban apache-modsecurity web [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [uri "/Telerik.Web.UI.WebResource.axd"] show less	Web App Attack
🇺🇸 mnsf	2025-07-20 03:05:21 (11 months ago)	Too many Status 40X (16)	Brute-Force Web App Attack
🇩🇪 FeG Deutschland	2025-07-19 23:56:45 (11 months ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1247	Exploited Host Web App Attack

Showing 1 to 15 of 51 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 170.187.165.139

🇺🇸 162.216.150.38

🇺🇸 162.216.149.252

🇿🇦 154.0.167.121

🇨🇳 120.48.42.17

🇷🇴 80.94.92.184

🇺🇸 52.248.40.89

🇳🇱 45.148.10.152

🇻🇪 38.74.253.43

🇭🇰 223.18.112.50

🇬🇧 161.35.169.21

🇮🇳 103.160.209.101

🇷🇺 95.25.174.209

🇫🇷 85.217.140.53

🇮🇳 49.34.238.103

🇭🇰 43.155.40.91

🇧🇪 34.76.227.239

🇻🇳 14.224.213.222

🇳🇱 193.176.31.211

🇺🇸 162.216.149.104