JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 48.217.251.96

48.217.251.96 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 98%: ?

98%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 48.217.251.96

Whois 48.217.251.96

IP Abuse Reports for 48.217.251.96:

This IP address has been reported a total of 28 times from 25 distinct sources. 48.217.251.96 was first reported on May 15th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 micropedro	2026-06-16 05:30:53 (3 days ago)	4 incidents: malicious activity. Ports: 2083/TCP(1), 2086/TCP(1), 8080/TCP(1), 8443/TCP(1). First: 2 ... show more 4 incidents: malicious activity. Ports: 2083/TCP(1), 2086/TCP(1), 8080/TCP(1), 8443/TCP(1). First: 2026-06-08 22:30, Last: 2026-06-16 01:30 UTC. Triggers: ufw-repeater. show less	Port Scan
🇯🇵 SentinalX by uzumaru	2026-06-14 03:05:18 (5 days ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: www.google.com:443 show less	Open Proxy Port Scan
🇩🇪 Carsten	2026-06-12 20:44:56 (1 week ago)	POST [wp/xmlrpc.php]	Port Scan
🇨🇦 polycoda	2026-06-12 20:06:00 (1 week ago)	🔑 Probes for xmlrpc.php everywhere	Hacking Web App Attack
🇺🇸 mnsf	2026-06-12 20:05:46 (1 week ago)	Xmlrpc Caught (6)	Brute-Force Web App Attack
🇺🇸 Penny Packer	2026-06-12 20:05:08 (1 week ago)	Fail2Ban apache-tripwires	Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 20:02:11 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 48.217.251.96 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 48.217.251.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 16:01:58.097435 2026] [security2:error] [pid 30893:tid 30893] [client 48.217.251.96:9888] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 48.217.251.96 (+1 hits since last alert)\|healthmarkcounseling.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "healthmarkcounseling.com"] [uri "/blog/xmlrpc.php"] [unique_id "aixltsOFx0kcWGZOGgtaRQAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 bittiguru.fi	2026-06-12 19:54:29 (1 week ago)	48.217.251.96 - [12/Jun/2026:22:54:28 +0300] "POST /wp/xmlrpc.php HTTP/1.1" 404 191 "-" "Mozilla/5.0 ... show more 48.217.251.96 - [12/Jun/2026:22:54:28 +0300] "POST /wp/xmlrpc.php HTTP/1.1" 404 191 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "3.13" 48.217.251.96 - [12/Jun/2026:22:54:29 +0300] "POST /blog/xmlrpc.php HTTP/1.1" 404 191 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "3.13" ... show less	Hacking Brute-Force Web App Attack
🇨🇭 zynex	2026-06-12 19:51:44 (1 week ago)	URL Probing: /wp/xmlrpc.php	Web App Attack
🇺🇸 WellSpring	2026-06-12 19:39:16 (1 week ago)	xmlrpc exploit on 775.today/wp/xmlrpc.php — WellSpr.ing/NetSentinel civic-AI security layer	Brute-Force Web App Attack
🇳🇱 wlt-blocker	2026-06-12 19:35:07 (1 week ago)	Unauthorized access to webpage admin	Web App Attack
🇬🇧 PeravixGroup	2026-06-02 04:19:23 (2 weeks ago)	Honeypot detection: Web application exploitation attempt (CMS/plugin probe) on port 8443. Severity: ... show more Honeypot detection: Web application exploitation attempt (CMS/plugin probe) on port 8443. Severity: MEDIUM. Aaran.cloud show less	Web App Attack
🇧🇷 P1n4	2026-06-02 02:52:11 (2 weeks ago)	Heimdal IDS auto-block: sensitive_file (score=0.80)	Web App Attack
🇹🇭 Sawasdee	2026-06-02 02:49:18 (2 weeks ago)	Port Scan ...	Port Scan
🇫🇷 dusfor72	2026-06-02 02:42:12 (2 weeks ago)	aggressive portscan ...	Port Scan

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 182.8.182.61

🇺🇸 66.132.153.123

🇺🇸 207.90.244.22

🇸🇬 94.231.206.249

🇳🇱 91.92.40.6

🇮🇪 52.30.68.121

🇫🇷 51.254.113.225

🇳🇱 45.156.87.127

🇮🇩 36.66.16.233

🇻🇳 14.162.147.4

🇺🇸 205.210.31.48

🇸🇬 172.217.47.30

🇩🇪 91.65.123.43

🇧🇷 45.205.1.69

🇳🇱 45.148.10.147

🇬🇧 35.203.211.103

🇨🇳 14.103.117.86

🇺🇸 198.46.200.132

🇧🇷 189.51.43.54

🇯🇵 156.227.232.198