JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 4.222.217.240

4.222.217.240 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 47%: ?

47%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇿🇦 South Africa
City	Johannesburg, Gauteng

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 4.222.217.240

Whois 4.222.217.240

IP Abuse Reports for 4.222.217.240:

This IP address has been reported a total of 20 times from 10 distinct sources. 4.222.217.240 was first reported on March 15th 2026, and the most recent report was 16 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-17 09:12:12 (16 hours ago)	(mod_security) mod_security (id:210492) triggered by 4.222.217.240 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 4.222.217.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 05:12:05.920989 2026] [security2:error] [pid 12738:tid 12738] [client 4.222.217.240:49458] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.construction.bonefrog.com"] [uri "/.env.old"] [unique_id "ajJk5TnVTUmN7cB9fVqHBAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇲🇳 Public CSIRT/CC of Mongolia	2026-06-17 08:27:24 (16 hours ago)	Honeypot hit: Incoming HTTP traffic on port 81	Web App Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-16 23:08:24 (1 day ago)	(mod_security) mod_security (id:243320) triggered by 4.222.217.240 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:243320) triggered by 4.222.217.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 19:08:16.632478 2026] [security2:error] [pid 11721:tid 11721] [client 4.222.217.240:42620] ModSecurity: Access denied with code 403 (phase 2). String match "/.profile" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "6621"] [id "243320"] [rev "1"] [msg "COMODO WAF: Information disclosure vulnerability in Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products (CVE-2016-6639)\|\|www.qxoticdivas.postermodelsworldwideinc.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.qxoticdivas.postermodelsworldwideinc.com"] [uri "/.profile"] [unique_id "ajHXYKyYghycZK3QeW-nJAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇿 lp	2026-06-16 01:51:50 (1 day ago)	Email account brute force: 1 attempts were recorded from 4.222.217.240 2026-06-16T03:08:18+02:00 war ... show more Email account brute force: 1 attempts were recorded from 4.222.217.240 2026-06-16T03:08:18+02:00 warning: unknown[4.222.217.240]: SASL PLAIN authentication failed: authentication failure, [email protected] show less	Brute-Force
🇲🇳 Public CSIRT/CC of Mongolia	2026-06-15 23:28:01 (2 days ago)	Honeypot hit: Incoming HTTP traffic on port 81	Web App Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-15 17:44:45 (2 days ago)	(mod_security) mod_security (id:210730) triggered by 4.222.217.240 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 4.222.217.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 13:44:41.906104 2026] [security2:error] [pid 5367:tid 5405] [client 4.222.217.240:51188] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|richardleeweatherman.com\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "richardleeweatherman.com"] [uri "/telegram_messages.db"] [unique_id "ajA6CYCzobCS6E1k2bYAyAAAAVE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 rsa	2026-06-15 17:09:00 (2 days ago)	GET /.config/crush/crush.json HTTP/1.1	DDoS Attack Brute-Force Exploited Host Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-06-15 16:23:54 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 4.222.217.240 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 4.222.217.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:23:46.083388 2026] [security2:error] [pid 14291:tid 14305] [client 4.222.217.240:58792] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "coloradomohs.aafm.us"] [uri "/.env.bak"] [unique_id "ajAnEuGLOAJZzAkwJ3oAuQAAAEk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-07 10:01:48 (1 week ago)	IncogNET WAF local CrowdSec decision. Scenario=crowdsecurity/CVE-2017-9841; Action=ban; Events=1; Ho ... show more IncogNET WAF local CrowdSec decision. Scenario=crowdsecurity/CVE-2017-9841; Action=ban; Events=1; Hosts=www.incognet.io; Paths=/phpunit/phpunit/Util/PHP/eval-stdin.php; Country=ZA; ASN=8075 MICROSOFT-CORP-MSN-AS-BLOCK show less	Hacking Web App Attack
🇬🇧 killian7603	2026-06-05 22:04:05 (1 week ago)	Logon Policy Violation	Email Spam Spoofing Brute-Force
🇮🇱 spd.co.il	2026-05-22 01:04:59 (3 weeks ago)	Web application attack detected	Hacking Web App Attack
🇮🇱 spd.co.il	2026-05-12 13:01:37 (1 month ago)	Web application attack detected	Hacking Web App Attack
🇨🇿 lp	2026-04-30 21:21:22 (1 month ago)	Email account brute force: 2 attempts were recorded from 4.222.217.240 2026-04-30T22:11:49+02:00 war ... show more Email account brute force: 2 attempts were recorded from 4.222.217.240 2026-04-30T22:11:49+02:00 warning: unknown[4.222.217.240]: SASL PLAIN authentication failed: authentication failure, [email protected] 2026-04-30T22:11:52+02:00 warning: unknown[4.222.217.240]: SASL LOGIN authentication failed: authentication failure, [email protected] show less	Brute-Force
🇮🇱 spd.co.il	2026-04-30 01:03:28 (1 month ago)	Web application attack detected	Hacking Web App Attack
Anonymous	2026-04-27 05:00:53 (1 month ago)	BruteForce IMAP/POP3/SMTP	Brute-Force

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇦 105.66.7.118

🇵🇹 85.240.193.104

🇪🇸 79.112.36.216

🇺🇿 213.230.118.47

🇬🇧 193.163.125.240

🇲🇾 180.74.84.64

🇦🇲 176.32.193.16

🇺🇸 162.216.149.64

🇧🇷 129.121.50.86

🇮🇪 128.251.36.118

🇨🇳 120.48.104.37

🇺🇸 104.9.60.148

🇫🇷 85.217.140.25

🇮🇷 79.175.176.177

🇺🇸 64.62.156.198

🇬🇧 2.120.228.85

🇩🇪 2a02:2479:1:9800::1

🇬🇧 198.244.168.185

🇺🇸 142.93.66.212

🇨🇳 125.112.242.10