JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.174.165.4

172.174.165.4 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 91%: ?

91%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.174.165.4

Whois 172.174.165.4

IP Abuse Reports for 172.174.165.4:

This IP address has been reported a total of 23 times from 21 distinct sources. 172.174.165.4 was first reported on October 5th 2025, and the most recent report was 22 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mw	2026-06-15 00:20:17 (22 hours ago)	GET /.env.production HTTP/1.1	Web App Attack
🇩🇪 Prodscape	2026-06-14 19:09:41 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 172.174.165.4 (US/United States/-): 5 in the la ... show more (mod_security) mod_security (id:210492) triggered by 172.174.165.4 (US/United States/-): 5 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_MODSEC show less	Port Scan
🇺🇸 Axel	2026-06-14 19:05:34 (1 day ago)	Blocked by UFW on MVI [2078/tcp] \| SPT: 16016 \| TTL: 47 \| LEN: 60 \| TOS: 0x00 • Reported by: github. ... show more Blocked by UFW on MVI [2078/tcp] \| SPT: 16016 \| TTL: 47 \| LEN: 60 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 micropedro	2026-06-14 18:59:16 (1 day ago)	4 incidents: port scanning. First: 2026-06-14 14:59, Last: 2026-06-14 14:59 UTC. Triggers: ufw-repea ... show more 4 incidents: port scanning. First: 2026-06-14 14:59, Last: 2026-06-14 14:59 UTC. Triggers: ufw-repeater,non-public-port,ufw-repeater,firewall-tcp. show less	Port Scan
🇺🇸 micropedro	2026-06-14 18:59:15 (1 day ago)	3 incidents: port scanning. Ports: 2083/TCP(1), 2086/TCP(1), 2095/TCP(1). Detected: 2026-06-14 14:59 ... show more 3 incidents: port scanning. Ports: 2083/TCP(1), 2086/TCP(1), 2095/TCP(1). Detected: 2026-06-14 14:59 UTC. Triggers: non-public-port,ufw-repeater,firewall-tcp. show less	Port Scan
🇦🇹 begou.dev	2026-06-14 18:54:32 (1 day ago)	[Threat Intelligence] Port Scanning and/or Unauthorized access -> TCP/2095	Port Scan
🇩🇪 webanyone	2026-06-14 18:45:30 (1 day ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 18:45:15 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 172.174.165.4 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 172.174.165.4 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 14:45:08.626741 2026] [security2:error] [pid 13223:tid 13223] [client 172.174.165.4:16468] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.21"] [uri "/.git/HEAD"] [unique_id "ai72tFgQpfr4bUJE96fzrAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Flo Flo	2026-06-14 17:38:55 (1 day ago)	172.174.165.4 - - - [14/Jun/2026:19:38:54 +0200] "82.66.117.16" "GET /.git/HEAD HTTP/1.1" 444 0 "-" ... show more 172.174.165.4 - - - [14/Jun/2026:19:38:54 +0200] "82.66.117.16" "GET /.git/HEAD HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 0.000 ... show less	Web App Attack
🇨🇭 SOC [GOLINE SA]	2026-06-14 17:29:41 (1 day ago)	IDS Alert: GPL WEB_SERVER 403 Forbidden === ATTACK === Signature: GPL WEB_SERVER 403 Forbidden \| SID ... show more IDS Alert: GPL WEB_SERVER 403 Forbidden === ATTACK === Signature: GPL WEB_SERVER 403 Forbidden \| SID: 2101201 \| Severity: 2 \| Category: Attempted Information Leak === SOURCE === IP: 172.174.165.4 (IPv4) \| Port: 80 \| Country: United States \| ISP: RIPE \| rDNS: None === TARGET === Host: nextcloud.goline.ch \| IP: 172.174.165.4 \| Port: 17396 \| Protocol: TCP \| App: http === RESPONSE === Time: 2026-06-14 17:29:40 \| Action: Blocked show less	Port Scan Hacking Bad Web Bot
🇧🇾 lns.bz	2026-06-14 17:11:04 (1 day ago)	Too many 404 requests [BY]	Web App Attack
🇺🇸 rellim.com	2026-06-03 20:08:16 (1 week ago)	Jun 2 20:10:36 alice kernel: HACK IN=enp3s0 OUT=enp1s0 MAC=68:05:ca:2e:ce:bc:00:24:dc:78:a0:01:08:0 ... show more Jun 2 20:10:36 alice kernel: HACK IN=enp3s0 OUT=enp1s0 MAC=68:05:ca:2e:ce:bc:00:24:dc:78:a0:01:08:00 SRC=172.174.165.4 DST=204.17.205.254 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=44382 DF PROTO=TCP SPT=58309 DPT=2083 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 2 20:10:36 alice kernel: HACK IN=enp3s0 OUT=enp1s0 MAC=68:05:ca:2e:ce:bc:00:24:dc:78:a0:01:08:00 SRC=172.174.165.4 DST=204.17.205.254 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=30639 DF PROTO=TCP SPT=58305 DPT=2087 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 2 20:10:36 alice kernel: HACK IN=enp3s0 OUT=enp1s0 MAC=68:05:ca:2e:ce:bc:00:24:dc:78:a0:01:08:00 SRC=172.174.165.4 DST=204.17.205.254 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=44705 DF PROTO=TCP SPT=58305 DPT=2086 WINDOW=64240 RES=0x00 SYN URGP=0 ... show less	Port Scan
Anonymous	2026-06-03 03:03:44 (1 week ago)	PORT & IP Scan.	Port Scan Brute-Force
🇺🇸 technash	2026-06-03 02:20:00 (1 week ago)	Port scanning detection [Fortinet/Sentinel]. Deny/drop traffic.	Port Scan
Anonymous	2026-06-03 00:26:08 (1 week ago)	Honeypot hit: Empty payload (likely service probe); 2086 [1], 2083 [1], 2087 [1], 2082 [1] TCP Repor ... show more Honeypot hit: Empty payload (likely service probe); 2086 [1], 2083 [1], 2087 [1], 2082 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 203.145.63.139

🇮🇳 122.160.50.155

🇺🇸 104.43.242.4

🇮🇪 54.217.5.99

🇱🇹 45.227.254.170

🇸🇦 5.245.112.47

🇮🇪 3.253.44.60

🇷🇴 2.57.122.238

🇨🇷 200.229.145.85

🇺🇸 184.32.122.125

🇸🇬 174.138.17.143

🇻🇳 125.253.121.228

🇨🇳 112.123.106.181

🇨🇳 59.61.184.63

🇳🇱 45.142.193.118

🇳🇬 41.242.115.84

🇺🇸 34.148.183.73

🇮🇪 18.201.75.199

🇫🇷 2001:41d0:305:2100::d63c

🇧🇪 198.235.24.209