AbuseIPDB » 4.201.80.28

4.201.80.28 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 66%: ?

66%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
Domain Name	microsoft.com
Country	Brazil
City	Campinas, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IP2Location. Updated monthly.

Report 4.201.80.28

Whois 4.201.80.28

IP Abuse Reports for 4.201.80.28:

This IP address has been reported a total of 17 times from 11 distinct sources. 4.201.80.28 was first reported on January 4th 2023, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago. It is possible that this IP is no longer involved in abusive activities.

Reporter	Date	Comment	Categories
AC - Team	18 Jan 2023	4.201.80.28 - - [18/Jan/2023:16:03:27 -0300] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 403 ... show more4.201.80.28 - - [18/Jan/2023:16:03:27 -0300] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 403 10151 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" ... show less	Hacking Web App Attack
el-brujo	18 Jan 2023	18/Jan/2023:17:36:51 +0100Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 4.201.8 ... show more18/Jan/2023:17:36:51 +0100Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 4.201.80.28] ModSecurity: Warning. String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1034"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".xsd"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "hwagm.elhacker.net"] [uri "/wp-content/plugins/indeed-membe ... show less	Hacking
mieg	18 Jan 2023	AbusiveCrawling	Brute-Force Web App Attack
ut-addicted.com	17 Jan 2023	\[Wed Jan 18 00:46:45.875855 2023\] \[:error\] \[pid 24507:tid 140181336217344\] \[client 4.201.80.2 ... show more\[Wed Jan 18 00:46:45.875855 2023\] \[:error\] \[pid 24507:tid 140181336217344\] \[client 4.201.80.28:55651\] \[client 4.201.80.28\] ModSecurity: Access denied with code 403 \(phase 2\). Operator GE matched 5 at TX:anomaly_score. \[file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-949-BLOCKING-EVALUATION.conf"\] \[line "57"\] \[id "949110"\] \[msg "Inbound Anomaly Score Exceeded \(Total Score: 5\)"\] \[severity "CRITICAL"\] \[tag "application-multi"\] \[tag "language-multi"\] \[tag "platform-multi"\] \[tag "attack-generic"\] \[hostname "crx.it"\] \[uri "/wp-content/plugins/indeed-membership-pro/classes/PaymentGateways/mollie/vendor/phpunit/phpunit/phpunit.xsd"\] \[unique_id "Y8czZaRWsWoAI1rSPgtGUAAAAMI"\] show less	Brute-Force Web App Attack
Bay13	17 Jan 2023	f2b urlscanners	Hacking Web App Attack
taivas.nl	17 Jan 2023	Bad_requests	Bad Web Bot
AC - Team	16 Jan 2023	4.201.80.28 - - [16/Jan/2023:16:57:09 -0300] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 404 ... show more4.201.80.28 - - [16/Jan/2023:16:57:09 -0300] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 404 8287 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" ... show less	Hacking Web App Attack
octageeks.com	08 Jan 2023	Wordpress malicious attack:[octablocked]	Web App Attack
octageeks.com	07 Jan 2023	Wordpress malicious attack:[octablocked]	Web App Attack
octageeks.com	06 Jan 2023	Wordpress malicious attack:[octablocked]	Web App Attack
chronos	05 Jan 2023	[[05/01/2023 - 16:07:59 -03:00 UTC] Attack from [Microsoft Corporation] [4.201.80.28] Ac ... show more[[05/01/2023 - 16:07:59 -03:00 UTC] Attack from [Microsoft Corporation] [4.201.80.28] Action: BLocKed Hacking... Unauthorized attempts to access the server. Web App Attack -> Attempts to probe for or exploit installed web applications such as a CMS like WordPress/Drupal, e-commerce solutions, forum software, phpMyAdmin and various other software pl] ... show less	Hacking Web App Attack
10dencehispahard SL	05 Jan 2023	Suspicious activity detected by Modsecurity [Application attack LFI]	Hacking Web App Attack
octageeks.com	05 Jan 2023	Wordpress malicious attack:[octablocked]	Web App Attack
AC - Team	05 Jan 2023	4.201.80.28 - - [05/Jan/2023:01:00:28 -0300] "GET /.env HTTP/1.1" 403 433 "-" "Mozilla/5.0 (Macintos ... show more4.201.80.28 - - [05/Jan/2023:01:00:28 -0300] "GET /.env HTTP/1.1" 403 433 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" ... show less	Hacking Web App Attack
Anonymous	04 Jan 2023	$f2bV_matches	Brute-Force

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩