JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 74.7.227.153

74.7.227.153 was found in our database!

This IP was reported 276 times. Confidence of Abuse is 80%: ?

80%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Atlanta, Georgia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 74.7.227.153

Whois 74.7.227.153

IP Abuse Reports for 74.7.227.153:

This IP address has been reported a total of 276 times from 99 distinct sources. 74.7.227.153 was first reported on October 29th 2025, and the most recent report was 49 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 blinx	2026-06-20 04:39:30 (49 minutes ago)	Suspicious activity detected by Modsecurity	Web Spam Port Scan Hacking Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-19 23:34:54 (5 hours ago)	Excessive multi-domain requests	Brute-Force
🇺🇸 TPI-Abuse	2026-06-19 10:19:28 (19 hours ago)	(mod_security) mod_security (id:210730) triggered by 74.7.227.153 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 74.7.227.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 06:19:22.114544 2026] [security2:error] [pid 6480:tid 6480] [client 74.7.227.153:60188] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|jerusalem-korczak-home.com\|F\|2"] [data ".html.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jerusalem-korczak-home.com"] [uri "/jek/IO/2008-07-17/sderot.html.bak"] [unique_id "ajUXqhDzcHkZuzdNt68CUQAAAAA"], referer: http://jerusalem-korczak-home.com/jek/IO/2008-07-17/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 08:09:35 (21 hours ago)	(mod_security) mod_security (id:225170) triggered by 74.7.227.153 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 74.7.227.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 04:09:30.450952 2026] [security2:error] [pid 8139:tid 8139] [client 74.7.227.153:52812] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.sigridsnaturalfoods.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.sigridsnaturalfoods.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ajT5OiYFZ9uFlYI-1QDFowAAAAA"], referer: http://www.sigridsnaturalfoods.com/author/admin/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Starburst SysOp Team	2026-06-18 14:55:51 (1 day ago)	Suspicious Java class detected. Matched phrase "classLoader" at REQUEST_FILENAME. (944130-stl2-14)	Hacking
🇫🇷 masterguru	2026-06-18 06:57:03 (1 day ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 74.7.227.153 (US/United States/-): 1 ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 74.7.227.153 (US/United States/-): 1 in the last 3600 secs (0-195) show less	Hacking
🇫🇷 masterguru	2026-06-18 03:49:44 (2 days ago)	Too much 404 requests in 1 minute. Operator GE matched 10 at IP:block_script. (46020-196)	Hacking
🇳🇱 Site.eu	2026-06-13 03:27:01 (1 week ago)	Excessive multi-domain requests	Brute-Force
🇷🇴 iulianh	2026-06-12 18:32:29 (1 week ago)	80,443	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-06-12 15:58:57 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 74.7.227.153 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 74.7.227.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 11:58:53.205793 2026] [security2:error] [pid 8143:tid 8160] [client 74.7.227.153:48436] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|charteredwealthmanager.aafm.us\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "charteredwealthmanager.aafm.us"] [uri "/http/charteredfinancialmanager.com"] [unique_id "aiwsvcII_MEWQi0s8hlrvwAAAM0"], referer: https://charteredwealthmanager.aafm.us/ show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 penjaga BRIN	2026-06-12 13:21:48 (1 week ago)	SQL injection attempt	SQL Injection
🇫🇷 masterguru	2026-06-12 12:49:07 (1 week ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 74.7.227.153 (US/United States/-): 1 ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 74.7.227.153 (US/United States/-): 1 in the last 3600 secs (0-195) show less	Hacking
🇺🇸 TPI-Abuse	2026-06-11 23:46:24 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 74.7.227.153 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 74.7.227.153 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 19:46:17.890396 2026] [security2:error] [pid 4475:tid 4493] [client 74.7.227.153:37002] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.hooknpatch.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.hooknpatch.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "aitIyRXizEVXVo4h4T2kYAAAANA"], referer: https://www.hooknpatch.com/author/admin/ show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 el-brujo	2026-06-10 05:35:45 (1 week ago)	Cloudflare WAF: Request Path: /whois.html Request Query: ?domain=cmd.exe Host: www.elhacker.net user ... show more Cloudflare WAF: Request Path: /whois.html Request Query: ?domain=cmd.exe Host: www.elhacker.net userAgent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.4; +https://openai.com/gptbot) Action: log Source: firewallManaged ASN Description: Microsoft Corporation Country: US Method: GET Timestamp: 2026-06-10T05:35:45Z ruleId: 89557ce9b26e4d4dbf29e90c28345b9b. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇳🇱 JCB	2026-06-08 08:16:00 (1 week ago)	xmlrpc.php	Web App Attack

Showing 1 to 15 of 276 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2a0c:9f00:a000:f2ca::1

🇭🇰 220.246.46.144

🇷🇺 185.188.182.39

🇮🇳 103.89.136.111

🇳🇱 86.54.31.34

🇺🇸 20.55.35.128

🇩🇪 2.27.20.149

🇺🇸 205.210.31.47

🇺🇸 162.154.82.161

🇵🇰 153.117.33.245

🇫🇮 147.185.133.53

🇵🇭 119.92.70.82

🇭🇰 103.243.26.174

🇨🇦 85.217.149.51

🇮🇷 84.47.194.220

🇳🇱 45.148.10.141

🇸🇬 43.133.61.150

🇺🇸 2607:f8b0:4001:c11::124

🇧🇷 205.210.31.224

🇳🇱 204.76.203.219