JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 217.12.221.131

217.12.221.131 was found in our database!

This IP was reported 320 times. Confidence of Abuse is 28%: ?

28%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	GREEN FLOID LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS15626
Domain Name	itldc.com
Country	🇺🇦 Ukraine
City	Kyiv, Kyiv City

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 217.12.221.131

Whois 217.12.221.131

IP Abuse Reports for 217.12.221.131:

This IP address has been reported a total of 320 times from 103 distinct sources. 217.12.221.131 was first reported on November 24th 2020, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-04 13:19:11 (1 week ago)	(WPLOGIN) WP Login Attack 217.12.221.131 (UA/Ukraine/tornode1.open-the-ip-in-a-browser.vds-114821.co ... show more (WPLOGIN) WP Login Attack 217.12.221.131 (UA/Ukraine/tornode1.open-the-ip-in-a-browser.vds-114821.com): 10 in the last 3600 secs; Ports: *; Direction: 1 show less	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-05-30 07:40:59 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 217.12.221.131 (tornode1.open-the-ip-in-a-brows ... show more (mod_security) mod_security (id:210730) triggered by 217.12.221.131 (tornode1.open-the-ip-in-a-browser.vds-114821.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 03:40:54.867561 2026] [security2:error] [pid 19557:tid 19578] [client 217.12.221.131:58040] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|gelatoconsapevole.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gelatoconsapevole.com"] [uri "/dump.sql"] [unique_id "ahqUhnAZ_ruPv5Q30YkN2wAAAU4"], referer: gelatoconsapevole.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-23 01:01:05 (2 weeks ago)	217.12.221.131 - - [22/May/2026:22:00:59 -0300] "GET /?parent_id=0&post_id=88&name=%F0%9F%92%B9+Get+ ... show more 217.12.221.131 - - [22/May/2026:22:00:59 -0300] "GET /?parent_id=0&post_id=88&name=%F0%9F%92%B9+Get+36%2C824.75+US+Dollars.+Next+%E2%87%A2+graph.org%2FBALANCE-3682444-USD-04-21-5%3Fhs%3D93557a7c11ca01d3bb9a3f7d81d62680%26++%F0%9F%92%B9&email=qnabk73jey43ir%40wshu.net&comment=l3i0ls HTTP/2.0" 200 189029 "https://www.blogmania.com.br?parent_id=0&post_id=88&name=%F0%9F%92%B9+Get+36%2C824.75+US+Dollars.+Next+%E2%87%A2+graph.org%2FBALANCE-3682444-USD-04-21-5%3Fhs%3D93557a7c11ca01d3bb9a3f7d81d62680%26++%F0%9F%92%B9&email=qnabk73jey43ir%40wshu.net&comment=l3i0ls" "Mozilla/5.0 (Linux; Android 5.0.2; SM-A300FU) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.136 Mobile Safari/537.36" 217.12.221.131 - - [22/May/2026:22:01:03 -0300] "GET /?parent_id=0&post_id=86&name=%F0%9F%93%8A+Get+the+transfer+of+36%2C824.69+US+Dollars.+Next+%E2%9A%A1%E2%9E%A4+graph.org%2FBALANCE-3682444-USD-04-21-5%3Fhs%3D68eb5516d37871589a2a2ed9201fcea6%26++%F0%9F%93%8A&email=qnabk73jey43ir%40wshu.net&comment=2icuk3 ... show less	Port Scan Hacking SQL Injection Brute-Force Bad Web Bot Exploited Host
🇺🇸 ipblock.com	2026-05-15 17:14:00 (3 weeks ago)	IPBlock protected site ID [3717-sec]. Robotic site crawling, undeclared spider	Bad Web Bot Web App Attack
Anonymous	2026-05-06 04:03:00 (1 month ago)	2026-05-05 19:00:30,904 fail2ban.actions [3625835]: NOTICE [tor] Ban 217.12.221.131 2026-05- ... show more 2026-05-05 19:00:30,904 fail2ban.actions [3625835]: NOTICE [tor] Ban 217.12.221.131 2026-05-05 22:00:28,273 fail2ban.actions [3625835]: NOTICE [tor] Ban 217.12.221.131 2026-05-06 01:00:27,833 fail2ban.actions [3625835]: NOTICE [tor] Ban 217.12.221.131 2026-05-06 04:00:36,390 fail2ban.actions [3625835]: NOTICE [tor] Ban 217.12.221.131 2026-05-06 07:02:59,255 fail2ban.actions [3625835]: NOTICE [tor] Ban 217.12.221.131 show less	Brute-Force
🇦🇺 MAGIC	2026-04-25 00:30:52 (1 month ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
Anonymous	2026-04-24 21:03:11 (1 month ago)	2026-04-24 12:00:31,266 fail2ban.actions [7718]: NOTICE [tor] Ban 217.12.221.131 2026-04-24 ... show more 2026-04-24 12:00:31,266 fail2ban.actions [7718]: NOTICE [tor] Ban 217.12.221.131 2026-04-24 15:00:29,391 fail2ban.actions [7718]: NOTICE [tor] Ban 217.12.221.131 2026-04-24 18:00:31,227 fail2ban.actions [7718]: NOTICE [tor] Ban 217.12.221.131 2026-04-24 21:00:40,301 fail2ban.actions [7718]: NOTICE [tor] Ban 217.12.221.131 2026-04-25 00:03:09,979 fail2ban.actions [7718]: NOTICE [tor] Ban 217.12.221.131 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-03-23 13:10:02 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 217.12.221.131 (tornode1.open-the-ip-in-a-brows ... show more (mod_security) mod_security (id:210492) triggered by 217.12.221.131 (tornode1.open-the-ip-in-a-browser.vds-114821.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 23 09:09:28.351820 2026] [security2:error] [pid 22708:tid 22765] [client 217.12.221.131:47210] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.skillscredentials.com"] [uri "/.git/config"] [unique_id "acE7iDgcG6yJEYE4YPDvwgAAAJg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-03-17 20:01:05 (2 months ago)	2026-03-17 11:00:11,730 fail2ban.actions [3511917]: NOTICE [tor] Ban 217.12.221.131 2026-03- ... show more 2026-03-17 11:00:11,730 fail2ban.actions [3511917]: NOTICE [tor] Ban 217.12.221.131 2026-03-17 13:00:56,224 fail2ban.actions [3511917]: NOTICE [tor] Ban 217.12.221.131 2026-03-17 16:00:31,105 fail2ban.actions [3511917]: NOTICE [tor] Ban 217.12.221.131 2026-03-17 19:01:01,608 fail2ban.actions [3511917]: NOTICE [tor] Ban 217.12.221.131 2026-03-17 22:00:55,774 fail2ban.actions [3511917]: NOTICE [tor] Ban 217.12.221.131 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-03-14 06:42:12 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 217.12.221.131 (tornode1.open-the-ip-in-a-brows ... show more (mod_security) mod_security (id:210492) triggered by 217.12.221.131 (tornode1.open-the-ip-in-a-browser.vds-114821.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 14 02:42:05.584630 2026] [security2:error] [pid 20549:tid 20549] [client 217.12.221.131:47926] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.alphatar.io"] [uri "/.git/config"] [unique_id "abUDPZUA_MjYfox6Y5d9ywAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-03-04 19:11:19 (3 months ago)	Try to access /xmlrpc.php	Web App Attack
🇳🇱 homeshowdomain.nl	2026-02-02 23:00:03 (4 months ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-02-01. show less	Hacking Web App Attack SSH
🇩🇪 LRob.fr	2026-01-23 12:05:42 (4 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
Anonymous	2026-01-22 01:59:32 (4 months ago)	(wordpress) Failed wordpress login from 217.12.221.131 (UA/Ukraine/tornode1.open-the-ip-in-a-browser ... show more (wordpress) Failed wordpress login from 217.12.221.131 (UA/Ukraine/tornode1.open-the-ip-in-a-browser.vds-114821.com) show less	Brute-Force
🇩🇪 LRob.fr	2026-01-22 01:53:37 (4 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack

Showing 1 to 15 of 320 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 176.65.139.248

🇫🇷 81.31.13.214

🇨🇳 14.103.145.231

🇩🇪 213.209.159.228

🇧🇷 189.8.120.58

🇺🇸 140.235.168.153

🇳🇱 45.92.1.134

🇩🇪 213.209.159.56

🇧🇷 177.85.61.134

🇬🇧 165.232.111.136

🇺🇸 162.216.149.201

🇮🇳 122.187.126.128

🇨🇳 117.72.125.34

🇷🇺 109.63.176.65

🇮🇩 103.146.202.144

🇻🇳 103.118.28.17

🇹🇷 91.151.88.168

🇳🇱 86.54.31.34

🇺🇸 66.132.186.228

🇬🇧 35.203.211.21