JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 135.232.201.48

135.232.201.48 was found in our database!

This IP was reported 44 times. Confidence of Abuse is 48%: ?

48%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 135.232.201.48

Whois 135.232.201.48

IP Abuse Reports for 135.232.201.48:

This IP address has been reported a total of 44 times from 34 distinct sources. 135.232.201.48 was first reported on September 14th 2025, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇯🇵 SentinalX by uzumaru	2026-05-20 02:55:15 (3 weeks ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: fapi.binance.com:443 show less	Open Proxy Port Scan
🇮🇳 evicky2002	2026-05-13 07:18:32 (1 month ago)	Confirmed malicious by STILWaters CTI platform (score=100, sources=1)	Hacking Brute-Force SSH
🇬🇧 thetomtaylor.co.uk	2026-05-11 23:09:02 (1 month ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [mx01,mx03]	Bad Web Bot Web App Attack
🇫🇷 tecnicorioja	2026-05-11 22:00:07 (1 month ago)	POST /xmlrpc.php [11/May/2026:22:16:34	Brute-Force Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-05-11 19:08:01 (1 month ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01,ice02,wa01,wa02]	Bad Web Bot Web App Attack
🇦🇹 René Hickersberger	2026-05-11 17:09:35 (1 month ago)	[2026-05-11T17:09:35Z] Malicious request to /xmlrpc.php	Hacking Bad Web Bot Web App Attack
🇨🇦 lakered	2026-05-11 17:09:19 (1 month ago)	Honeypot Lakered: Nginx Honeypot: Administration interface scan (Pattern: xmlrpc). IP automatically ... show more Honeypot Lakered: Nginx Honeypot: Administration interface scan (Pattern: xmlrpc). IP automatically banned. show less	Port Scan Web App Attack
🇯🇵 Valhalla	2026-05-11 17:09:08 (1 month ago)	/xmlrpc.php	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-05-11 16:59:19 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 135.232.201.48 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 135.232.201.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 12:59:12.614277 2026] [security2:error] [pid 17574:tid 17574] [client 135.232.201.48:56920] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 135.232.201.48 (+1 hits since last alert)\|register-yacht-belgium.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "register-yacht-belgium.com"] [uri "/xmlrpc.php"] [unique_id "agIK4PIvZ0lEDY9n8IBhywAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-11 16:33:55 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 135.232.201.48 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 135.232.201.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 12:33:50.021242 2026] [security2:error] [pid 28279:tid 28279] [client 135.232.201.48:56643] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 135.232.201.48 (+1 hits since last alert)\|readyaiminspire.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "readyaiminspire.com"] [uri "/xmlrpc.php"] [unique_id "agIE7mf55WjLv4YrC5svhQAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 lnklnx	2026-05-11 16:30:37 (1 month ago)	www.rcmeal.com:443 135.232.201.48 - - [11/May/2026:11:30:35 -0500] "POST /xmlrpc.php HTTP/1.1" 404 4 ... show more www.rcmeal.com:443 135.232.201.48 - - [11/May/2026:11:30:35 -0500] "POST /xmlrpc.php HTTP/1.1" 404 4404 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Web App Attack
🇩🇪 stinpriza	2026-05-11 16:11:36 (1 month ago)	Web App Attack	Web App Attack
🇺🇸 TPI-Abuse	2026-05-11 15:48:06 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 135.232.201.48 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 135.232.201.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 11:48:02.835738 2026] [security2:error] [pid 22809:tid 22809] [client 135.232.201.48:57035] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 135.232.201.48 (+1 hits since last alert)\|qualuedata.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "qualuedata.com"] [uri "/xmlrpc.php"] [unique_id "agH6MpEXXtNMZdaBCyxzfwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-11 15:26:24 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 135.232.201.48 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 135.232.201.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 11:26:16.810116 2026] [security2:error] [pid 5779:tid 5779] [client 135.232.201.48:58347] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 135.232.201.48 (+1 hits since last alert)\|purplebikinis.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "purplebikinis.com"] [uri "/xmlrpc.php"] [unique_id "agH1GGtPUJsKbjbUp2JKsQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇳 dineshskt4all	2026-05-11 15:16:48 (1 month ago)	[Mon May 11 15:16:46.802091 2026] [proxy_fcgi:error] [pid 1318876:tid 129571311580864] [client 135.2 ... show more [Mon May 11 15:16:46.802091 2026] [proxy_fcgi:error] [pid 1318876:tid 129571311580864] [client 135.232.201.48:0] AH01071: Got error 'Primary script unknown' ... show less	Brute-Force

Showing 1 to 15 of 44 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 205.210.31.158

🇨🇳 175.12.240.184

🇺🇸 137.184.228.138

🇧🇬 91.92.40.58

🇺🇸 88.218.46.203

🇩🇪 69.5.169.6

🇨🇦 54.39.203.64

🇨🇦 15.235.98.136

🇺🇸 3.129.12.223

🇩🇪 213.209.159.242

🇺🇸 208.87.243.251

🇺🇸 205.210.31.106

🇬🇧 195.96.139.98

🇬🇧 185.248.85.21

🇨🇳 180.76.177.88

🇧🇬 79.124.60.146

🇨🇳 61.240.156.16

🇨🇦 54.39.0.191

🇩🇪 45.135.141.16

🇩🇪 44.148.221.124