JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 4.227.135.149

4.227.135.149 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 95%: ?

95%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 4.227.135.149

Whois 4.227.135.149

IP Abuse Reports for 4.227.135.149:

This IP address has been reported a total of 26 times from 20 distinct sources. 4.227.135.149 was first reported on August 12th 2025, and the most recent report was 21 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇷🇸 Scan	2026-06-03 02:19:41 (21 hours ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
Anonymous	2026-06-02 23:50:04 (23 hours ago)	\| Suspicious URL access.	Web App Attack Hacking SQL Injection
Anonymous	2026-06-02 23:49:21 (23 hours ago)	(caddyscan) Scanner path probe from 4.227.135.149 (US/United States/-): 5 in the last 3600 secs; Por ... show more (caddyscan) Scanner path probe from 4.227.135.149 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 216.128.134.2 200 2627 4.227.135.149 - - [02/Jun/2026:23:49:13 +0000] "GET /.git/HEAD HTTP/1.1" 216.128.134.2 200 2627 4.227.135.149 - - [02/Jun/2026:23:49:14 +0000] "GET /.git/config HTTP/1.1" 216.128.134.2 200 2627 4.227.135.149 - - [02/Jun/2026:23:49:16 +0000] "GET /.env HTTP/1.1" 216.128.134.2 200 2627 4.227.135.149 - - [02/Jun/2026:23:49:17 +0000] "GET /.env.production HTTP/1.1" 216.128.134.2 200 2627 4.227.135.149 - - [02/Jun/2026:23:49:18 +0000] "GET /.env.backup HTTP/1.1" show less	Port Scan
🇳🇱 tpjg	2026-06-02 23:11:26 (1 day ago)	Automated: 15 requests with error status in 120s window from 4.227.135.149. Evidence: /___proxy_subd ... show more Automated: 15 requests with error status in 120s window from 4.227.135.149. Evidence: /___proxy_subdomain_whm/login/:404,/backup.sql:301,/.htpasswd:301,/config.php:301,/.DS_Store:301,/actuator/env:301,/server-status:301,/phpinfo.php:301,/.aws/credentials:301,/wp-config.php.bak:301,/.env.save:301,/.env.production:301,/.env.local:301,/.env:301,/.git/config:301 show less	Web App Attack
🇦🇹 urnilxfgbez	2026-06-02 22:45:00 (1 day ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇬🇧 PeravixGroup	2026-06-02 22:35:24 (1 day ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇮🇪 AutosOnShow	2026-06-02 22:29:06 (1 day ago)	blocked for webapp attack \| path requested: /.env \| seen at 2026-06-02 22:28:33.637 \|	Web App Attack
🇺🇸 RAP	2026-06-02 21:37:35 (1 day ago)	2026-06-02 21:37:35 UTC Unauthorized activity to TCP port 8443. Web App	Port Scan Web App Attack
🇫🇷 GabrielJST	2026-06-02 20:12:50 (1 day ago)	Port Scan detected from 4.227.135.149 (US/United States/-).	Port Scan
🇺🇸 MPL	2026-06-02 19:21:50 (1 day ago)	tcp port scan (12 or more attempts)	Port Scan
🇫🇷 dynamix	2026-06-02 19:05:59 (1 day ago)	Multiple WAF Violations	Web App Attack
🇬🇧 PeravixGroup	2026-06-02 19:03:59 (1 day ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇪🇸 elcruzado.es	2026-06-02 18:39:48 (1 day ago)	(mod_security) mod_security triggered on hostname [redacted] 4.227.135.149 (US/United States/-)	SQL Injection
🇺🇸 TPI-Abuse	2026-06-02 18:27:18 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 4.227.135.149 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 4.227.135.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 14:27:11.678820 2026] [security2:error] [pid 25835:tid 25835] [client 4.227.135.149:44100] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.188"] [uri "/.git/HEAD"] [unique_id "ah8gf8jHFXVTgm0k0Lsn_AAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-02 18:27:10 (1 day ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host

Showing 1 to 15 of 26 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 221.226.232.44

🇹🇼 198.235.24.6

🇩🇪 149.88.24.3

🇳🇱 94.102.49.125

🇲🇩 89.28.33.199

🇱🇻 185.113.139.51

🇨🇳 111.19.212.140

🇳🇱 212.30.37.111

🇵🇦 190.32.173.145

🇹🇬 156.38.73.89

🇭🇰 154.83.13.181

🇬🇧 152.32.157.173

🇮🇳 125.23.183.138

🇷🇴 92.118.39.62

🇬🇧 86.18.119.62

🇺🇸 66.132.172.215

🇸🇨 41.86.34.139

🇬🇧 35.203.211.62

🇨🇳 27.42.243.148

🇺🇸 20.118.240.192