JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.172.157.6

172.172.157.6 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 78%: ?

78%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.172.157.6

Whois 172.172.157.6

IP Abuse Reports for 172.172.157.6:

This IP address has been reported a total of 15 times from 15 distinct sources. 172.172.157.6 was first reported on May 20th 2026, and the most recent report was 43 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 zwebvigil	2026-06-15 01:05:49 (43 minutes ago)	172.172.157.6 [14/Jun/2026:18:05:42 -0700] "GET /.env HTTP/1.1" 401 381 "-" port=30853 "Mozilla/5.0 ... show more 172.172.157.6 [14/Jun/2026:18:05:42 -0700] "GET /.env HTTP/1.1" 401 381 "-" port=30853 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "-" "-" "<ipaddr>" 454 172.172.157.6 [14/Jun/2026:18:05:42 -0700] "GET /.env.local HTTP/1.1" 401 381 "-" port=30851 "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "-" "-" "<ipaddr>" 422 172.172.157.6 [14/Jun/2026:18:05:43 -0700] "GET /.env.production HTTP/1.1" 401 381 "-" port=30854 "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" "-" "-" "<ipaddr>" 693 172.172.157.6 [14/Jun/2026:18:05:44 -0700] "GET /.env.backup HTTP/1.1" 401 381 "-" port=30856 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" "-" "-" "<ipaddr>" 321 172.172.157.6 [14/Jun/2026:18:05:46 -0700] "GET /wp-config.php.bak HTTP/1.1" 401 381 " show less	Web App Attack
🇨🇦 Blinker73	2026-06-15 00:59:24 (49 minutes ago)	2026-06-14T20:59 kernel: OUT= SRC=172.172.157.6 LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=13135 DF P ... show more 2026-06-14T20:59 kernel: OUT= SRC=172.172.157.6 LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=13135 DF PROTO=TCP SPT=30853 DPT=2078 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-14T20:59 kernel: OUT= SRC=172.172.157.6 LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=4031 DF PROTO=TCP SPT=30856 DPT=2087 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-14T20:59 kernel: OUT= SRC=172.172.157.6 LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=28400 DF PROTO=TCP SPT=30854 DPT=2095 WINDOW=64240 RES=0x00 SYN URGP= show less	Port Scan
Anonymous	2026-06-15 00:40:02 (1 hour ago)	suspicious request in access.log	Web App Attack
Anonymous	2026-06-14 15:52:36 (9 hours ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇬🇧 djboddington	2026-06-14 07:39:44 (18 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇩🇪 dispaisyenterprises	2026-06-14 07:15:50 (18 hours ago)	Honeypot [fra-de-honeypot]: Empty payload (likely service probe); 2082 [1], 2083 [1], 2086 [1], 2078 ... show more Honeypot [fra-de-honeypot]: Empty payload (likely service probe); 2082 [1], 2083 [1], 2086 [1], 2078 [1], 2087 [1], 2077 [1] TCP Reported by DisPaisy Enterprises (dispaisy.systems) using: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇺🇸 MPL	2026-06-14 05:17:28 (20 hours ago)	tcp port scan (10 or more attempts)	Port Scan
🇺🇸 TPI-Abuse	2026-06-14 03:51:50 (21 hours ago)	(mod_security) mod_security (id:210492) triggered by 172.172.157.6 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 172.172.157.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 23:51:45.617508 2026] [security2:error] [pid 12635:tid 12635] [client 172.172.157.6:38857] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.55"] [uri "/.git/HEAD"] [unique_id "ai4lUWRBQOoXJ_Q7quQCZgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Axel	2026-06-14 03:36:45 (22 hours ago)	Blocked by UFW on MVI [2082/tcp] \| SPT: 38852 \| TTL: 48 \| LEN: 60 \| TOS: 0x00 • Reported by: github. ... show more Blocked by UFW on MVI [2082/tcp] \| SPT: 38852 \| TTL: 48 \| LEN: 60 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇮🇹 festigf	2026-06-14 03:32:59 (22 hours ago)	Attacco rilevato da Fail2Ban su Nginx	Brute-Force Web App Attack
🇮🇱 spd.co.il	2026-05-28 18:06:05 (2 weeks ago)	Web application attack detected	Hacking Web App Attack
🇮🇹 VHosting	2026-05-26 19:50:03 (2 weeks ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇩🇪 itsolon	2026-05-26 18:35:52 (2 weeks ago)	[26/May/2026:20:35:19 +0200] 177982051992.493119 172.172.157.6 22552 217.154.7.177 443 [26/May/2026: ... show more [26/May/2026:20:35:19 +0200] 177982051992.493119 172.172.157.6 22552 217.154.7.177 443 [26/May/2026:20:35:21 +0200] 177982052143.626268 172.172.157.6 22552 217.154.7.177 443 [26/May/2026:20:35:23 +0200] 177982052342.834911 172.172.157.6 22552 217.154.7.177 443 [26/May/2026:20:35:26 +0200] 177982052689.412293 172.172.157.6 22552 217.154.7.177 443 [26/May/2026:20:35:51 +0200] 177982055156.457786 172.172.157.6 22552 217.154.7.177 443 ... show less	Port Scan Hacking Brute-Force Web App Attack
🇱🇻 garmtech.com	2026-05-26 16:20:56 (2 weeks ago)	IM360 WAF: Direct access to sensitive file or dotfile MV:/.env	Web App Attack
🇬🇧 2048	2026-05-20 20:24:46 (3 weeks ago)	2026-05-20T22:24:42.312060+02:00 machodeer kernel: [2016599.309846] [UFW BLOCK] IN=ens3 OUT= MAC=RED ... show more 2026-05-20T22:24:42.312060+02:00 machodeer kernel: [2016599.309846] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=172.172.157.6 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=173 DF PROTO=TCP SPT=38955 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-05-20T22:24:43.360590+02:00 machodeer kernel: [2016600.359267] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=172.172.157.6 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=174 DF PROTO=TCP SPT=38955 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-05-20T22:24:44.384700+02:00 machodeer kernel: [2016601.383365] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=172.172.157.6 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=175 DF PROTO=TCP SPT=38955 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 show less	Port Scan

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 220.250.10.84

🇺🇸 205.210.31.14

🇨🇳 183.66.166.30

🇭🇰 172.253.237.17

🇨🇳 123.245.85.20

🇮🇩 103.217.224.218

🇱🇹 77.90.185.86

🇺🇸 65.49.1.130

🇺🇸 64.62.197.209

🇨🇳 14.103.27.130

🇯🇵 8.216.9.117

🇦🇹 194.35.121.167

🇦🇷 181.86.73.143

🇫🇮 178.20.210.208

🇺🇸 130.131.195.135

🇨🇳 118.212.121.63

🇸🇬 103.187.146.33

🇺🇸 73.74.65.2

🇨🇳 60.13.6.147

🇺🇸 43.135.135.17