JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.172.87.48

172.172.87.48 was found in our database!

This IP was reported 94 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Boydton, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.172.87.48

Whois 172.172.87.48

IP Abuse Reports for 172.172.87.48:

This IP address has been reported a total of 94 times from 65 distinct sources. 172.172.87.48 was first reported on January 18th 2026, and the most recent report was 14 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-03 08:11:03 (14 hours ago)	(mod_security) mod_security (id:210492) triggered by 172.172.87.48 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 172.172.87.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 04:10:55.778723 2026] [security2:error] [pid 7924:tid 7924] [client 172.172.87.48:16841] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.90"] [uri "/.git/HEAD"] [unique_id "ah_hjydjHASlC1AsKhBSpQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 alferez	2026-06-03 07:29:55 (15 hours ago)	Searching .(env\|sql\|zip\|tar\|rar) files	Hacking Exploited Host Web App Attack
🇺🇸 RAP	2026-06-03 07:22:14 (15 hours ago)	2026-06-03 07:22:14 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇩🇪 EGP Abuse Dept	2026-06-03 07:03:10 (15 hours ago)	Scanning for web/db/file exploits on tpc-017.mach3builders.nl	SQL Injection Bad Web Bot Web App Attack
🇩🇪 paissangroup	2026-06-03 06:57:30 (15 hours ago)	Multiple WAF Violations	Web App Attack
🇺🇸 xmission.com	2026-06-03 06:47:45 (15 hours ago)	Blocked by UFW (TCP on 443) Source port: 8804 TTL: 49 Packet length: 60 TOS: 0x00 This report (for ... show more Blocked by UFW (TCP on 443) Source port: 8804 TTL: 49 Packet length: 60 TOS: 0x00 This report (for 172.172.87.48) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇳🇱 ipoac.nl	2026-06-03 06:23:43 (16 hours ago)	ipoac.nl:80 172.172.87.48 - - [03/Jun/2026:08:23:42 +0200] 203.26.133.248 "GET /.git/config HTTP/1.1 ... show more ipoac.nl:80 172.172.87.48 - - [03/Jun/2026:08:23:42 +0200] 203.26.133.248 "GET /.git/config HTTP/1.1" 404 1679 "-" "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Mobile Safari/537.36" show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-03 06:22:26 (16 hours ago)	(mod_security) mod_security (id:210492) triggered by 172.172.87.48 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 172.172.87.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 02:22:20.282026 2026] [security2:error] [pid 12666:tid 12666] [client 172.172.87.48:8943] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.229"] [uri "/.git/config"] [unique_id "ah_IHLrGZY9tcsC02TXmTAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇷 SOC PR	2026-06-03 05:40:40 (17 hours ago)	IPS: Sensitive Configuration File Disclosure.	Hacking
🇳🇱 StopAbuse	2026-06-03 05:34:09 (17 hours ago)	tcp/2082 tcp/2086 tcp/2087 tcp/443	Port Scan
🇩🇪 acadeova	2026-06-03 05:04:30 (17 hours ago)	🚨 Recon detected (nft drop) SRC=172.172.87.48 Observed=TCP dpt=2083 in=enp0s6 ttl=47 Time=recent(jou ... show more 🚨 Recon detected (nft drop) SRC=172.172.87.48 Observed=TCP dpt=2083 in=enp0s6 ttl=47 Time=recent(journalctl: 10 minutes ago) Assessment=Generic scanning / reconnaissance (PORT_SCAN) show less	Port Scan
🇺🇸 sumnone	2026-06-03 04:36:06 (18 hours ago)	Port probing on unauthorized port 8080	Port Scan Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-06-03 04:05:44 (18 hours ago)	(mod_security) mod_security (id:210492) triggered by 172.172.87.48 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 172.172.87.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 00:05:40.905333 2026] [security2:error] [pid 25438:tid 25461] [client 172.172.87.48:7241] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.133"] [uri "/.git/HEAD"] [unique_id "ah-oFLxaAPByV6KBgHn1HwAAANM"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇹 urnilxfgbez	2026-06-02 22:45:00 (1 day ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 micropedro	2026-06-02 22:17:15 (1 day ago)	3 incidents: port scanning. First: 2026-06-02 17:22, Last: 2026-06-02 18:17 UTC. Triggers: ufw-repea ... show more 3 incidents: port scanning. First: 2026-06-02 17:22, Last: 2026-06-02 18:17 UTC. Triggers: ufw-repeater,non-public-port,firewall-tcp. show less	Port Scan

Showing 1 to 15 of 94 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 186.96.145.241

🇺🇸 167.71.248.81

🇰🇷 112.216.129.27

🇺🇸 104.234.32.113

🇧🇷 45.239.238.93

🇨🇳 42.56.154.145

🇮🇩 8.215.85.137

🇫🇷 5.189.173.102

🇳🇱 2.27.7.107

🇪🇹 196.189.124.229

🇳🇱 195.178.110.30

🇳🇱 185.242.226.33

🇺🇸 157.56.160.189

🇯🇵 125.195.21.96

🇨🇳 111.170.148.210

🇺🇸 54.167.52.189

🇳🇱 45.148.10.157

🇸🇬 2a09:bac1:6520:8::19c:2a9

🇬🇧 213.171.208.62

🇧🇷 200.175.61.207