JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 48.211.213.34

48.211.213.34 was found in our database!

This IP was reported 35 times. Confidence of Abuse is 57%: ?

57%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Boydton, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 48.211.213.34

Whois 48.211.213.34

IP Abuse Reports for 48.211.213.34:

This IP address has been reported a total of 35 times from 25 distinct sources. 48.211.213.34 was first reported on July 25th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇷 Bruno	2026-06-16 10:39:30 (1 day ago)	Port Scanner: 48.211.213.34	Port Scan
🇳🇱 Selckie	2026-06-07 08:46:54 (1 week ago)	fail2ban: NGINX unusual impact	Web App Attack
🇹🇷 SeczarSecureOps	2026-06-02 00:52:49 (2 weeks ago)	Auto-blocked by Seczar SecureOps — Port Scan Detection (6 events in 10min) at 2026-06-02 00:52	Port Scan
🇷🇸 Scan	2026-06-02 00:40:10 (2 weeks ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-02 00:29:08 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 48.211.213.34 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 48.211.213.34 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 20:29:01.872099 2026] [security2:error] [pid 32543:tid 32543] [client 48.211.213.34:3092] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.156"] [uri "/.env"] [unique_id "ah4jzQDJK-QuFGPrkaq1ZwAAACc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MPL	2026-06-01 22:17:37 (2 weeks ago)	tcp ports: 80,2087 (4 or more attempts)	Port Scan
🇺🇸 TPI-Abuse	2026-06-01 21:29:28 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 48.211.213.34 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 48.211.213.34 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 17:29:22.232419 2026] [security2:error] [pid 26627:tid 26627] [client 48.211.213.34:3089] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.179"] [uri "/.env.production"] [unique_id "ah35shmF2zs8TkgAFsqViAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-06-01 21:23:02 (2 weeks ago)	Blocked by UFW (TCP on 8080) Source port: 3088 TTL: 48 Packet length: 60 TOS: 0x00 This report (for ... show more Blocked by UFW (TCP on 8080) Source port: 3088 TTL: 48 Packet length: 60 TOS: 0x00 This report (for 48.211.213.34) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇺🇸 RAP	2026-06-01 21:16:01 (2 weeks ago)	2026-06-01 21:16:01 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇬🇧 PeravixGroup	2026-06-01 21:14:54 (2 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇳🇱 homeshowdomain.nl	2026-05-28 22:04:43 (2 weeks ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-27. show less	Web App Attack SSH Hacking
🇨🇭 4server	2026-05-27 19:30:00 (3 weeks ago)	[WedMay2721:29:54.7891862026][security2:error][pid477579:tid477780][client48.211.213.34:0]ModSecurit ... show more [WedMay2721:29:54.7891862026][security2:error][pid477579:tid477780][client48.211.213.34:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".git\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"partnersat.ch.81-17-25-250.cpanel.site\"][uri\"/.git/config\"][unique_id\"ahdGMmnQkokjmXJ9g6BlhQAAAMQ\"]\,referer:https://www.notion.so/ show less	Hacking Web App Attack
🇳🇱 Mangelot Hosting	2026-05-23 00:05:43 (3 weeks ago)	(modsecurity) srv102 ModSecurity 48.211.213.34 (US/United States/-): 10 in the last 3600 secs; Ports ... show more (modsecurity) srv102 ModSecurity 48.211.213.34 (US/United States/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
Anonymous	2026-05-22 23:20:57 (3 weeks ago)	(caddyscan) Scanner path probe from 48.211.213.34 (US/United States/-): 5 in the last 3600 secs; Por ... show more (caddyscan) Scanner path probe from 48.211.213.34 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 48.211.213.34 - - [22/May/2026:23:15:02 +0000] "GET /@fs/.git/config?import?raw HTTP/1.1" [REDACTED] 200 2627 48.211.213.34 - - [22/May/2026:23:20:55 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 48.211.213.34 - - [22/May/2026:23:20:56 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 48.211.213.34 - - [22/May/2026:23:20:56 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 48.211.213.34 - - [22/May/2026:23:20:56 +0000] "GET /.env HTTP/1.1" show less	Port Scan
Anonymous	2026-05-22 22:14:17 (3 weeks ago)	(caddyscan) Scanner path probe from 48.211.213.34 (US/United States/-): 5 in the last 3600 secs; Por ... show more (caddyscan) Scanner path probe from 48.211.213.34 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 48.211.213.34 - - [22/May/2026:22:11:36 +0000] "GET /@fs/.git/config?import&raw HTTP/1.1" [REDACTED] 200 2627 48.211.213.34 - - [22/May/2026:22:11:36 +0000] "GET /@fs/.git/config?import?raw HTTP/1.1" [REDACTED] 200 2627 48.211.213.34 - - [22/May/2026:22:14:13 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 48.211.213.34 - - [22/May/2026:22:14:13 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 48.211.213.34 - - [22/May/2026:22:14:13 +0000] "GET /.env HTTP/1.1" show less	Port Scan

Showing 1 to 15 of 35 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 206.189.193.223

🇲🇽 200.77.172.159

🇳🇱 195.178.110.30

🇪🇸 172.110.219.251

🇵🇰 103.117.163.44

🇭🇰 103.49.62.60

🇧🇷 45.167.184.132

🇻🇳 27.79.44.149

🇻🇳 27.71.85.115

🇯🇵 8.216.7.75

🇺🇸 2a04:c300:400::1e6

🇮🇹 2a00:1450:4025:1805::12c

🇩🇪 213.209.159.11

🇧🇪 198.235.24.204

🇨🇳 180.153.236.232

🇺🇸 173.255.223.124

🇺🇸 172.210.9.131

🇺🇸 167.88.165.96

🇱🇹 158.173.79.149

🇺🇸 64.62.197.42