JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 4.236.166.149

4.236.166.149 was found in our database!

This IP was reported 35 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 4.236.166.149

Whois 4.236.166.149

IP Abuse Reports for 4.236.166.149:

This IP address has been reported a total of 35 times from 27 distinct sources. 4.236.166.149 was first reported on May 20th 2026, and the most recent report was 17 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (17 hours ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇬🇧 sandra361	2026-06-03 02:25:01 (1 day ago)	Port scan detected: 7 attempts across 7 ports (2082,2083,2086,443,80,8080,8443). \| Evidence: GHOST_S ... show more Port scan detected: 7 attempts across 7 ports (2082,2083,2086,443,80,8080,8443). \| Evidence: GHOST_SCAN:IN=enp1s0f0 OUT= SRC=4.236.166.149 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=329 DF PROTO=TCP SPT=34879 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 show less	Port Scan
🇹🇭 Sawasdee	2026-06-03 02:22:14 (1 day ago)	Port Scan ...	Port Scan
🇩🇪 ITSNF	2026-06-03 02:00:03 (1 day ago)	Blocked by OPNsense firewall; 3 hits, proto=tcp, ports=2082,2087,8080	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-03 01:41:30 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 4.236.166.149 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 4.236.166.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 21:41:27.069554 2026] [security2:error] [pid 30510:tid 30510] [client 4.236.166.149:34864] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.120"] [uri "/.git/HEAD"] [unique_id "ah-GR5OOHTYUeo7BJ6ED7wAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MPL	2026-06-03 01:27:14 (1 day ago)	tcp port scan (16 or more attempts)	Port Scan
🇷🇸 Scan	2026-06-03 01:19:27 (1 day ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇩🇪 guldkage	2026-06-03 01:00:52 (1 day ago)	Unauthorized connection attempt detected from IP address 4.236.166.149 to port 8443 (ger-03) [b]	Brute-Force Exploited Host
🇺🇸 Gabriel Camargo	2026-06-03 00:58:14 (1 day ago)	4.236.166.149 - - [02/Jun/2026:19:58:10 -0500] "GET /.env HTTP/1.1" 404 134 "-" "Mozilla/5.0 (Macint ... show more 4.236.166.149 - - [02/Jun/2026:19:58:10 -0500] "GET /.env HTTP/1.1" 404 134 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14.4; rv:125.0) Gecko/20100101 Firefox/125.0" 4.236.166.149 - - [02/Jun/2026:19:58:12 -0500] "GET /.env.local HTTP/1.1" 404 134 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14.4; rv:125.0) Gecko/20100101 Firefox/125.0" 4.236.166.149 - - [02/Jun/2026:19:58:13 -0500] "GET /.env.production HTTP/1.1" 404 134 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" ... show less	Brute-Force SSH
🇺🇸 MPL	2026-06-02 23:53:53 (1 day ago)	tcp/8443	Port Scan
🇩🇪 Bedios GmbH	2026-06-02 23:40:02 (1 day ago)	Login credentials theft attempt	Hacking
🇺🇸 MakoWish	2026-06-02 23:19:53 (1 day ago)	Fuzzing for misconfigured web servers.	Hacking Web App Attack
🇮🇪 AutosOnShow	2026-06-02 23:12:06 (1 day ago)	blocked for webapp attack \| path requested: /.env \| seen at 2026-06-02 23:11:15.397 \|	Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 22:47:23 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 4.236.166.149 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 4.236.166.149 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 18:47:18.329637 2026] [security2:error] [pid 20473:tid 20473] [client 4.236.166.149:35840] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.249"] [uri "/.env"] [unique_id "ah9ddkT40jU05lFvH_TsgAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇹 urnilxfgbez	2026-06-02 22:45:00 (1 day ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan

Showing 1 to 15 of 35 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 171.231.180.45

🇸🇬 165.154.236.104

🇵🇰 153.117.13.249

🇵🇱 143.20.97.214

🇲🇦 81.192.46.29

🇺🇸 72.179.206.34

🇰🇷 61.72.145.120

🇺🇸 3.14.15.145

🇮🇩 203.145.34.37

🇮🇳 117.214.14.162

🇨🇳 106.75.224.96

🇮🇷 87.107.102.246

🇩🇪 68.183.212.68

🇷🇺 45.132.18.40

🇺🇦 31.43.53.154

🇪🇸 217.76.158.60

🇪🇹 196.189.237.172

🇺🇸 189.13.253.195

🇷🇺 176.215.239.218

🇺🇸 162.216.150.252