JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 4.227.169.201

4.227.169.201 was found in our database!

This IP was reported 8 times. Confidence of Abuse is 46%: ?

46%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 4.227.169.201

Whois 4.227.169.201

IP Abuse Reports for 4.227.169.201:

This IP address has been reported a total of 8 times from 7 distinct sources. 4.227.169.201 was first reported on May 26th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 kkeyser	2026-06-04 16:30:01 (2 hours ago)	GET /.env.local HTTP/1.1	Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 14:47:22 (4 hours ago)	(mod_security) mod_security (id:210730) triggered by 4.227.169.201 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 4.227.169.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 10:47:17.408438 2026] [security2:error] [pid 29972:tid 29972] [client 4.227.169.201:5107] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|192.64.150.216\|F\|2"] [data ".env.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "192.64.150.216"] [uri "/.env.backup"] [unique_id "aiGP9QHbs8kFDLWzdYVlQAAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-04 13:05:54 (5 hours ago)	Too many Status 50X (20)	Brute-Force Web App Attack
🇹🇷 Domainhizmetleri.com	2026-06-04 12:02:37 (6 hours ago)	[honeypot] - MS-SQL-PROBE	Port Scan Hacking
🇳🇱 homeshowdomain.nl	2026-05-27 21:59:49 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-26. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-26 15:09:49 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 4.227.169.201 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 4.227.169.201 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 11:09:44.084585 2026] [security2:error] [pid 5246:tid 5269] [client 4.227.169.201:4800] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lamcohomecare.com.lamco.us"] [uri "/config/.env"] [unique_id "ahW3uLbQ2Aw4xRHEKvQcnwAAANI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-05-26 12:31:26 (1 week ago)	4.227.169.201 - - [26/May/2026:15:31:23 +0300] "GET /.env HTTP/1.1" 404 791 "https://www.notion.so/" ... show more 4.227.169.201 - - [26/May/2026:15:31:23 +0300] "GET /.env HTTP/1.1" 404 791 "https://www.notion.so/" "Mozilla/5.0 (Linux; Android 14; SM-G998B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36" 4.227.169.201 - - [26/May/2026:15:31:25 +0300] "GET /.env HTTP/1.1" 404 791 "https://duckduckgo.com/" "Mozilla/5.0 (Linux; Android 14; SM-G998B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Mobile Safari/537.36" ... show less	Web App Attack
Anonymous	2026-05-26 11:51:05 (1 week ago)	(caddyscan) Scanner path probe from 4.227.169.201 (US/United States/-): 5 in the last 3600 secs; Por ... show more (caddyscan) Scanner path probe from 4.227.169.201 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 4.227.169.201 - - [26/May/2026:11:51:03 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 4.227.169.201 - - [26/May/2026:11:51:04 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 4.227.169.201 - - [26/May/2026:11:51:04 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 4.227.169.201 - - [26/May/2026:11:51:04 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 4.227.169.201 - - [26/May/2026:11:51:04 +0000] "GET /@fs/.git/config?import&raw HTTP/1.1" show less	Port Scan

Showing 1 to 8 of 8 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇱🇰 220.247.224.226

🇧🇷 189.113.8.254

🇲🇽 187.251.123.104

🇬🇧 185.247.137.150

🇪🇸 172.110.219.251

🇵🇰 153.117.38.150

🇨🇳 118.183.180.108

🇳🇬 102.88.137.80

🇮🇹 93.92.77.85

🇺🇸 64.236.187.241

🇬🇧 51.89.129.241

🇺🇸 48.44.232.22

🇮🇱 213.8.113.2

🇫🇷 194.163.170.168

🇰🇷 183.99.228.131

🇺🇸 172.208.48.177

🇹🇭 159.192.73.218

🇺🇸 147.185.132.28

🇨🇳 123.13.41.128

🇨🇳 113.57.186.183