JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 72.211.49.235

72.211.49.235 was found in our database!

This IP was reported 127 times. Confidence of Abuse is 27%: ?

27%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	Cox Communications Inc.
Usage Type	Fixed Line ISP
ASN	AS22773
Hostname(s)	wsip-72-211-49-235.sd.sd.cox.net
Domain Name	cox.com
Country	🇺🇸 United States of America
City	San Diego, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 72.211.49.235

Whois 72.211.49.235

IP Abuse Reports for 72.211.49.235:

This IP address has been reported a total of 127 times from 58 distinct sources. 72.211.49.235 was first reported on February 28th 2024, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 cmbplf	2026-05-29 19:02:25 (1 week ago)	645 limiting connections by zone (10m59s)	DDoS Attack
🇺🇸 TPI-Abuse	2026-05-23 08:15:24 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 72.211.49.235 (wsip-72-211-49-235.sd.sd.cox.net ... show more (mod_security) mod_security (id:210730) triggered by 72.211.49.235 (wsip-72-211-49-235.sd.sd.cox.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 23 04:15:20.727452 2026] [security2:error] [pid 17711:tid 17711] [client 72.211.49.235:60175] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|jerryhazlett.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jerryhazlett.com"] [uri "/dump.sql"] [unique_id "ahFiGAS5yY9HIFdE3DNZNwAAAAM"], referer: jerryhazlett.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-05-21 14:27:37 (2 weeks ago)	Try to access /xmlrpc.php?rsd	Web App Attack
🇧🇷 ICS Labs	2026-05-14 12:03:43 (3 weeks ago)	ICS Labs identified 72.211.49.235 as a malicious indicator from threat intelligence.	Hacking
Anonymous	2026-04-21 23:15:25 (1 month ago)	Automated bot traffic — residential proxy, fake browser fingerprint. UA="Mozilla/5.0 (Windows NT 10. ... show more Automated bot traffic — residential proxy, fake browser fingerprint. UA="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36" show less	Bad Web Bot Web App Attack
🇺🇸 Matthew Ping	2026-03-29 22:30:01 (2 months ago)	ModSecurity rule 949110 triggered on dedicated4785. Web application attack blocked by CSF/LFD.	Web App Attack Hacking
🇮🇳 liveaspankaj	2026-03-17 23:08:56 (2 months ago)	DDoS attack: 77 requests in 5m (GET / or repair.php).	DDoS Attack
Anonymous	2026-03-17 20:03:35 (2 months ago)	2026-03-17 11:00:26,966 fail2ban.actions [3511917]: NOTICE [tor] Ban 72.211.49.235 2026-03-1 ... show more 2026-03-17 11:00:26,966 fail2ban.actions [3511917]: NOTICE [tor] Ban 72.211.49.235 2026-03-17 14:00:12,318 fail2ban.actions [3511917]: NOTICE [tor] Ban 72.211.49.235 2026-03-17 16:01:30,558 fail2ban.actions [3511917]: NOTICE [tor] Ban 72.211.49.235 2026-03-17 19:01:15,998 fail2ban.actions [3511917]: NOTICE [tor] Ban 72.211.49.235 2026-03-17 22:03:27,044 fail2ban.actions [3511917]: NOTICE [tor] Ban 72.211.49.235 show less	Brute-Force
🇺🇸 gu-alvareza	2026-02-22 07:05:08 (3 months ago)	Generic.Path.Traversal.Detection	Port Scan
🇪🇸 gnom4ik	2026-02-21 00:03:40 (3 months ago)	ban-reviewer auto report; ip=72.211.49.235; scenario=http:scan; verdict=valid_ban; confidence=0.85; ... show more ban-reviewer auto report; ip=72.211.49.235; scenario=http:scan; verdict=valid_ban; confidence=0.85; categories=14; active_decisions=2; lookback_decisions=2; nginx_requests=0; appsec_matches=0; auth_events=0; kernel_events=0; signals=IP flagged for 'http:scan' scenario; Port Scan (category 14) detected in abuseipdb_context; IP has 2 active decisions in lookback window show less	Port Scan
🇺🇸 TPI-Abuse	2026-02-19 03:55:56 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 72.211.49.235 (wsip-72-211-49-235.sd.sd.cox.net ... show more (mod_security) mod_security (id:210730) triggered by 72.211.49.235 (wsip-72-211-49-235.sd.sd.cox.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 22:55:48.889958 2026] [security2:error] [pid 17772:tid 17772] [client 72.211.49.235:38914] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|test.nationalccl.com\|F\|2"] [data ".nationalccl.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "test.nationalccl.com"] [uri "/1771473347/facts/test.nationalccl.com"] [unique_id "aZaJxG2C90y0cgtfbiHf8AAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 gu-alvareza	2026-02-18 07:05:10 (3 months ago)	Generic.Path.Traversal.Detection	Port Scan
🇺🇸 gu-alvareza	2026-02-13 07:05:04 (3 months ago)	Web.Server.Password.File.Access	Brute-Force
🇺🇸 gu-alvareza	2026-02-02 07:05:09 (4 months ago)	Adobe.XML.Entity.Injection	SQL Injection Web App Attack
🇺🇸 gu-alvareza	2026-02-01 07:05:09 (4 months ago)	Atlassian.Server.S.Endpoint.Information.Disclosure	Web App Attack

Showing 1 to 15 of 127 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 187.154.100.150

🇭🇰 154.83.14.111

🇰🇷 112.185.48.244

🇺🇸 69.171.231.144

🇬🇧 194.74.196.10

🇬🇧 194.50.235.155

🇲🇽 187.249.34.122

🇯🇵 172.104.100.117

🇺🇸 147.185.132.16

🇧🇩 123.49.60.158

🇳🇱 109.207.174.234

🇮🇹 93.92.79.146

🇷🇸 77.243.29.163

🇮🇶 65.20.135.32

🇨🇳 60.166.83.219

🇲🇾 47.254.255.13

🇲🇾 47.250.181.248

🇺🇸 24.144.106.241

🇬🇧 5.226.140.34

🇺🇸 2607:f8b0:4004:c06::12e