JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 48.217.251.130

48.217.251.130 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 93%: ?

93%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 48.217.251.130

Whois 48.217.251.130

IP Abuse Reports for 48.217.251.130:

This IP address has been reported a total of 21 times from 17 distinct sources. 48.217.251.130 was first reported on March 31st 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 SOC PR	2026-06-03 06:33:10 (1 day ago)	IPS: Web Server Exposed Git Repository Information Disclosure.	Hacking
🇺🇸 RAP	2026-06-03 06:23:25 (1 day ago)	2026-06-03 06:23:25 UTC Unauthorized activity to TCP port 8443. Web App	Port Scan Web App Attack
🇵🇱 mkey	2026-06-03 05:32:26 (1 day ago)	[First: 2026-06-03 05:56:31/single] HITS=1 Repeated suspicious IDS-detected activity; sample=Attempt ... show more [First: 2026-06-03 05:56:31/single] HITS=1 Repeated suspicious IDS-detected activity; sample=Attempting to connect to a forbidden port show less	Port Scan Hacking Web App Attack
🇮🇩 Burayot	2026-06-03 05:26:23 (1 day ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 48.217.251.130 (US/United States/-): ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 48.217.251.130 (US/United States/-): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 its101	2026-06-03 05:05:09 (1 day ago)	Automated detection by LockdownAccess security system. Attack type(s): git_exposure, env_grab, frame ... show more Automated detection by LockdownAccess security system. Attack type(s): git_exposure, env_grab, framework_probe, config_probe, data_exposure. Reason: Nginx: git_exposure attack. Path targeted: unknown. Blocked in Cloudflare. show less	Web App Attack
🇧🇾 lns.bz	2026-06-03 04:53:40 (1 day ago)	Too many 404 requests [BY]	Web App Attack
🇸🇬 drewf.ink	2026-06-03 04:45:21 (1 day ago)	[04:45] Port scanning. Port(s) scanned: TCP/2086, TCP/2087	Port Scan
🇫🇷 GabrielJST	2026-06-03 04:17:47 (1 day ago)	Port Scan detected from 48.217.251.130 (US/United States/-).	Port Scan
Anonymous	2026-06-03 03:54:43 (1 day ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-06-03 03:41:25 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 48.217.251.130 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 48.217.251.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 23:41:17.990716 2026] [security2:error] [pid 8138:tid 8138] [client 48.217.251.130:61949] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.170"] [uri "/.env.save"] [unique_id "ah-iXfydkn4TvC4B64TMbgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 03:06:23 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 48.217.251.130 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 48.217.251.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 23:06:18.482061 2026] [security2:error] [pid 10215:tid 10215] [client 48.217.251.130:60434] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.142"] [uri "/.git/config"] [unique_id "ah-aKg_HfrB3LodLwFsbOQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 PeravixGroup	2026-06-02 07:04:00 (2 days ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
Anonymous	2026-06-02 07:00:00 (2 days ago)	SSH Brute-Force	DDoS Attack Port Scan Hacking Brute-Force SSH
🇩🇪 ISPLtd	2026-06-02 04:08:16 (2 days ago)	Jun 2 01:08:15 48.217.251.130 TCP SPT=50304 DPT=2082 SYN Jun 2 01:08:15 48.217.251.130 TCP SPT=503 ... show more Jun 2 01:08:15 48.217.251.130 TCP SPT=50304 DPT=2082 SYN Jun 2 01:08:15 48.217.251.130 TCP SPT=50308 DPT=8080 SYN Jun 2 01:08:15 48.217.251.130 TCP SPT=50307 DPT=2083 ... show less	Port Scan
🇺🇸 MPL	2026-06-02 04:06:17 (2 days ago)	tcp/2087	Port Scan

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 213.166.84.35

🇬🇧 195.206.182.207

🇨🇳 175.178.128.72

🇳🇱 172.235.173.150

🇺🇸 172.69.17.78

🇻🇳 42.117.173.238

🇻🇳 180.93.36.16

🇪🇬 156.199.107.218

🇳🇱 45.198.224.5

🇳🇱 45.148.10.157

🇹🇼 45.43.37.254

🇺🇸 20.29.22.156

🇷🇴 2.57.122.238

🇩🇪 213.209.159.228

🇹🇼 198.235.24.52

🇸🇬 193.37.32.34

🇧🇷 187.72.128.177

🇨🇴 179.33.186.150

🇳🇱 162.159.113.83

🇸🇪 158.174.210.161