JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 4.236.159.148

4.236.159.148 was found in our database!

This IP was reported 99 times. Confidence of Abuse is 58%: ?

58%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 4.236.159.148

Whois 4.236.159.148

IP Abuse Reports for 4.236.159.148:

This IP address has been reported a total of 99 times from 45 distinct sources. 4.236.159.148 was first reported on November 11th 2025, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇯🇵 demonsword	2026-06-11 08:46:50 (5 days ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: cp.cloudflare.com:80 show less	Open Proxy Port Scan
🇦🇹 urnilxfgbez	2026-06-02 22:45:00 (1 week ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇸🇪 NordhTech	2026-06-02 22:30:12 (1 week ago)	More than 3 malicious connection attempts, trying port(s) 2083/tcp, then blocked from services ...	Port Scan Hacking
🇺🇸 CBJ	2026-06-02 22:24:48 (1 week ago)	fail2ban: apache-filepath-recon ...	Web App Attack
🇺🇸 paulo.apoloni	2026-06-02 22:22:22 (1 week ago)	4.236.159.148 - - [02/Jun/2026:19:22:17 -0300] "GET /.git/config HTTP/1.1" 404 181 "-" "Mozilla/5.0 ... show more 4.236.159.148 - - [02/Jun/2026:19:22:17 -0300] "GET /.git/config HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Mobile Safari/537.36" 4.236.159.148 - - [02/Jun/2026:19:22:19 -0300] "GET /.env.local HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Mobile Safari/537.36" 4.236.159.148 - - [02/Jun/2026:19:22:20 -0300] "GET /.env.production HTTP/1.1" 404 118 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14.4; rv:125.0) Gecko/20100101 Firefox/125.0" 4.236.159.148 - - [02/Jun/2026:19:22:21 -0300] "GET /.env.backup HTTP/1.1" 404 118 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 4.236.159.148 - - [02/Jun/2026:19:22:22 -0300] "GET /.env.save HTTP/1.1" 404 118 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" ... show less	Web App Attack
🇩🇪 Admins@FBN	2026-06-02 21:47:49 (1 week ago)	FW-PortScan: Traffic Blocked srcport=47138 dstport=8080	Port Scan
🇺🇸 TPI-Abuse	2026-06-02 21:35:38 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 4.236.159.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 4.236.159.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 17:35:30.786845 2026] [security2:error] [pid 26602:tid 26602] [client 4.236.159.148:47029] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.97"] [uri "/.git/HEAD"] [unique_id "ah9MolC4S33oU6KXJIH4MwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 19:50:47 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 4.236.159.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 4.236.159.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 15:50:43.063164 2026] [security2:error] [pid 5777:tid 5777] [client 4.236.159.148:47012] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.29"] [uri "/.git/HEAD"] [unique_id "ah80E8liABa6CxQBEw-yRAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-06-02 19:35:57 (1 week ago)	Blocked by UFW (TCP on 2083) Source port: 46233 TTL: 48 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 2083) Source port: 46233 TTL: 48 Packet length: 60 TOS: 0x00 This report (for 4.236.159.148) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-02 17:55:04 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 4.236.159.148 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 4.236.159.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 13:55:00.533126 2026] [security2:error] [pid 6118:tid 6118] [client 4.236.159.148:47084] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.87"] [uri "/.git/HEAD"] [unique_id "ah8Y9PBMisODvo7efKiz8AAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 webadmin	2026-06-02 17:12:12 (1 week ago)		Web App Attack
Anonymous	2026-06-02 17:02:33 (1 week ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇩🇪 IloGus	2026-06-02 17:00:13 (1 week ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇬🇧 PeravixGroup	2026-06-02 16:52:47 (1 week ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇱🇺 SiteXL	2025-12-04 15:12:02 (6 months ago)	{"event":{"DateTime":"2025-12-02T16:10:27Z","RemoteAddr":"4.236.159.148:47168","Protocol":"SSH","Com ... show more {"event":{"DateTime":"2025-12-02T16:10:27Z","RemoteAddr":"4.236.159.148:47168","Protocol":"SSH","Command":"","CommandOutput":"","Status":"Stateless","Msg":"New SSH Login Attempt","ID":"e0c86641-e599-4f95-ae6d-b4882cf0f731","Environ":"","User":"root","Password":"llll","Client":"SSH-2.0-Go","Headers":"","HeadersMap":null,"Cookies":"","UserAgent":"","HostHTTPRequest":"","Body":"","HTTPMethod":"","RequestURI":"","Description":"SSH interactive","SourceIp":"4.236.159.148","SourcePort":"47168","TLSServerName":"","Handler":""},"level":"info","msg":"New Event","status":"Stateless"} {"event":{"DateTime":"2025-12-02T16:11:21Z","RemoteAddr":"4.236.159.148:47169","Protocol":"SSH","Command":"","CommandOutput":"","Status":"Stateless","Msg":"New SSH Login Attempt","ID":"a768199d-dbb1-49c2-a9fb-aeb5f8844dff","Environ":"","User":"root","Password":"vvvv","Client":"SSH-2.0-Go","Headers":"","HeadersMap":null,"Cookies":"","UserAgent":"","HostHTTPRequest":"","Body":"","HTTPMethod":"","RequestURI":"","Description":"SSH interactive", show less	Port Scan Hacking Brute-Force SSH

Showing 1 to 15 of 99 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 208.69.32.179

🇺🇸 208.69.32.174

🇩🇪 194.88.98.116

🇨🇳 180.76.137.37

🇺🇸 172.174.198.66

🇵🇰 153.117.32.105

🇰🇷 125.137.115.145

🇳🇱 85.11.167.7

🇳🇱 77.91.71.12

🇺🇸 64.62.156.182

🇬🇧 51.75.168.198

🇩🇪 43.228.157.200

🇬🇧 35.203.211.67

🇩🇪 217.160.212.27

🇺🇸 208.69.32.87

🇦🇷 186.158.30.49

🇦🇹 185.242.177.68

🇺🇸 172.59.91.2

🇭🇰 152.32.171.184

🇩🇪 80.237.133.86