JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.172.158.2

172.172.158.2 was found in our database!

This IP was reported 34 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.172.158.2

Whois 172.172.158.2

IP Abuse Reports for 172.172.158.2:

This IP address has been reported a total of 34 times from 23 distinct sources. 172.172.158.2 was first reported on August 27th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 kingjan1999	2026-06-02 06:00:22 (2 days ago)	Blocked by UFW [2087/tcp] \| SPT: 11584 \| TTL: 52 \| LEN: 60 \| TOS: 0x00 • Reported by: github.com/sef ... show more Blocked by UFW [2087/tcp] \| SPT: 11584 \| TTL: 52 \| LEN: 60 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 RAP	2026-06-02 05:59:16 (2 days ago)	2026-06-02 05:59:16 UTC Unauthorized activity to TCP port 8443. Web App	Port Scan Web App Attack
Anonymous	2026-06-02 05:53:09 (2 days ago)	Try to connect to Port_Scan_443_stealth	Port Scan
🇦🇺 FireGuard Server	2026-06-02 05:45:09 (2 days ago)	Blocked by OPNsense firewall; 6 hits, proto=tcp, ports=2082,2083,2086,2087,8080,8443	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-02 03:23:29 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 172.172.158.2 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 172.172.158.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 23:23:21.391426 2026] [security2:error] [pid 2114:tid 2114] [client 172.172.158.2:11328] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.73"] [uri "/.git/config"] [unique_id "ah5MqfqVpVNOTo5MjVK_xwAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MPL	2026-06-02 02:12:38 (2 days ago)	tcp port scan (12 or more attempts)	Port Scan
🇹🇭 Sawasdee	2026-06-01 11:25:12 (3 days ago)	Port Scan ...	Port Scan
🇬🇧 PeravixGroup	2026-06-01 10:37:31 (3 days ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇺🇸 MPL	2026-06-01 09:34:02 (3 days ago)	tcp/2087 (2 or more attempts)	Port Scan
🇺🇸 sumnone	2026-05-31 18:46:28 (3 days ago)	Port probing on unauthorized port 8080	Port Scan Hacking Exploited Host
🇺🇸 RAP	2026-05-31 18:40:59 (3 days ago)	2026-05-31 18:40:59 UTC Unauthorized activity to TCP port 9200.	Port Scan
🇺🇸 mw	2026-05-26 00:00:51 (1 week ago)	POST /wp-admin/options-general.php?page=smartcode HTTP/1.1	Web App Attack
🇯🇵 demonsword	2026-05-07 16:47:45 (3 weeks ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: fapi.binance.com:443 show less	Open Proxy Port Scan
🇺🇸 Rayulcifer	2026-02-04 22:20:37 (3 months ago)	172.172.158.2 - - [04/Feb/2026:17:20:36 -0500] "CONNECT speed.hetzner.de:443 HTTP/1.1" 502 488 "-" " ... show more 172.172.158.2 - - [04/Feb/2026:17:20:36 -0500] "CONNECT speed.hetzner.de:443 HTTP/1.1" 502 488 "-" "-" 172.172.158.2 - - [04/Feb/2026:17:20:36 -0500] "CONNECT speed.cloudflare.com:443 HTTP/1.1" 502 488 "-" "-" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇹🇷 rtbh.com.tr	2025-08-29 20:08:31 (9 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force

Showing 16 to 30 of 34 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.56

🇲🇽 200.77.172.159

🇺🇸 134.209.211.191

🇺🇸 64.95.9.221

🇷🇴 2.57.121.112

🇰🇷 222.108.147.76

🇳🇵 202.70.78.237

🇻🇳 171.231.188.52

🇧🇩 103.179.198.19

🇮🇳 103.111.228.36

🇫🇷 91.231.89.171

🇺🇸 47.251.184.247

🇭🇰 47.242.9.160

🇿🇦 41.135.79.153

🇮🇹 34.154.4.75

🇺🇸 34.121.74.134

🇫🇷 176.125.224.179

🇵🇭 120.28.197.223

🇫🇷 91.231.89.65

🇱🇹 81.30.98.49