JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.172.158.7

172.172.158.7 was found in our database!

This IP was reported 30 times. Confidence of Abuse is 61%: ?

61%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.172.158.7

Whois 172.172.158.7

IP Abuse Reports for 172.172.158.7:

This IP address has been reported a total of 30 times from 24 distinct sources. 172.172.158.7 was first reported on January 5th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 technash	2026-06-03 07:50:00 (1 week ago)	Port scanning detection [Fortinet/Sentinel]. Deny/drop traffic.	Port Scan
🇺🇸 gu-alvareza	2026-06-03 07:05:29 (1 week ago)	HTPasswd.Access	Brute-Force
Anonymous	2026-06-03 06:24:54 (1 week ago)	2026-06-03T07:24:52.683137+01:00 vps kernel: [42208060.044052] [PORTSCAN DETECTED] IN=ens3 OUT= MAC= ... show more 2026-06-03T07:24:52.683137+01:00 vps kernel: [42208060.044052] [PORTSCAN DETECTED] IN=ens3 OUT= MAC=fa:16:3e:66:f6:24:02:37:19:0d:c2:f3:08:00 SRC=172.172.158.7 DST=54.37.14.118 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=59166 DF PROTO=TCP SPT=60137 DPT=2087 WINDOW=64240 RES=0x00 SYN URGP=0 ... show less	Port Scan Brute-Force
🇺🇸 MPL	2026-06-03 06:21:17 (1 week ago)	tcp port scan (8 or more attempts)	Port Scan
🇬🇧 PeravixGroup	2026-06-03 05:55:02 (1 week ago)	Imunify360 WAF block (graylisted)	Web App Attack
🇬🇧 PeravixGroup	2026-06-03 05:23:20 (1 week ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-03 05:05:05 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 172.172.158.7 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 172.172.158.7 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 01:05:00.557302 2026] [security2:error] [pid 11796:tid 11866] [client 172.172.158.7:60354] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.84"] [uri "/.env"] [unique_id "ah-1_HKa5UnrqpMdbiWK-AAAAJg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 paprika	2026-06-03 04:48:31 (1 week ago)	Automated report #1: 1 attacks detected. Types: Brute-force (login).	Brute-Force Email Spam
🇺🇸 LotPhantom	2026-06-03 03:15:29 (1 week ago)	2026-06-03T03:15:29.152905+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1 ... show more 2026-06-03T03:15:29.152905+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1:fe:00:00:00:01:01:08:00 SRC=172.172.158.7 DST=157.230.217.55 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=57437 DF PROTO=TCP SPT=60181 DPT=2086 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-03T03:15:29.152926+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1:fe:00:00:00:01:01:08:00 SRC=172.172.158.7 DST=157.230.217.55 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=4352 DF PROTO=TCP SPT=60174 DPT=8443 WINDOW=64240 RES=0x00 SYN URGP=0 ... show less	Port Scan Hacking
🇩🇪 markawes	2026-06-03 02:23:10 (1 week ago)	[markis] Auto banned by Fail2Ban. Reason: Malicious web scan / attempted access to sensitive paths. ... show more [markis] Auto banned by Fail2Ban. Reason: Malicious web scan / attempted access to sensitive paths. Evidence: 172.172.158.7 - - [03/Jun/2026:03:23:04 +0100] "GET /.git/HEAD HTTP/1.1" 404 455 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 172.172.158.7 - - [03/Jun/2026:03:23:08 +0100] "GET /.env.local HTTP/1.1" 404 455 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 172.172.158.7 - - [03/Jun/2026:03:23:08 +0100] "GET /.env.production HTTP/1.1" 404 455 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" show less	Port Scan Hacking Web App Attack
🇬🇧 PeravixGroup	2026-06-03 01:46:30 (1 week ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇫🇷 ✨	2026-06-03 01:44:22 (1 week ago)	Domain : pleskcontrolpanel Rule : config 2026-06-03 01:34:30 203.29.11.169 GET /config.php - 8443 - ... show more Domain : pleskcontrolpanel Rule : config 2026-06-03 01:34:30 203.29.11.169 GET /config.php - 8443 - 172.172.158.7 Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15 - 404 0 2 1307 226 248 - - show less	Hacking SQL Injection
🇺🇸 drewf.ink	2026-06-03 01:29:57 (1 week ago)	[01:29] Port scanning. Port(s) scanned: TCP/8443	Port Scan
Anonymous	2026-06-03 01:24:09 (1 week ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 xmission.com	2026-05-09 21:01:49 (1 month ago)	Blocked 16 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delistin ... show more Blocked 16 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delisting, visit https://www.spamhaus.org/lookup/ to check your IP status and submit a delist request if eligible. show less	Email Spam

Showing 1 to 15 of 30 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇮 2a01:4f9:6b:2d01::40

🇺🇸 2607:ff10:c8:594::7

🇰🇷 211.46.188.16

🇳🇱 195.178.110.30

🇳🇱 176.65.139.254

🇺🇸 172.190.216.105

🇮🇷 151.232.20.140

🇱🇰 124.43.66.82

🇨🇳 114.80.32.225

🇦🇺 103.114.58.143

🇮🇳 103.25.47.94

🇩🇪 87.106.47.28

🇫🇷 51.159.95.39

🇺🇸 45.79.168.172

🇿🇦 41.132.67.123

🇺🇸 20.163.34.54

🇨🇳 221.228.203.3

🇺🇸 172.203.245.82

🇯🇵 160.251.206.227

🇬🇷 137.59.5.15