JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.182.200.148

172.182.200.148 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 42%: ?

42%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.182.200.148

Whois 172.182.200.148

IP Abuse Reports for 172.182.200.148:

This IP address has been reported a total of 17 times from 13 distinct sources. 172.182.200.148 was first reported on November 30th 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇸🇪 NordhTech	2026-06-16 13:15:14 (2 days ago)	More than 3 malicious connection attempts, trying port(s) 2078/tcp, then blocked from services ...	Port Scan Hacking
🇩🇪 centurion	2026-06-16 12:52:22 (2 days ago)	Blocked by UFW on ns02 [2078/tcp] Source port: 38914 TTL: 38 Packet length: 60 TOS: 0x00 This repor ... show more Blocked by UFW on ns02 [2078/tcp] Source port: 38914 TTL: 38 Packet length: 60 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
Anonymous	2026-06-16 11:40:33 (2 days ago)	Port Scan	Port Scan
🇦🇷 Bruno	2026-06-16 10:40:29 (2 days ago)	Port Scanner: 172.182.200.148	Port Scan
Anonymous	2026-05-23 14:39:56 (3 weeks ago)	(PERMBLOCK) 172.182.200.148 (US/United States/-) has had more than 4 temp blocks in the last 86400 s ... show more (PERMBLOCK) 172.182.200.148 (US/United States/-) has had more than 4 temp blocks in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_PERMBLOCK_COUNT; Logs: show less	Port Scan
🇨🇭 4server	2026-05-23 14:15:41 (3 weeks ago)	[SatMay2316:15:35.8310442026][security2:error][pid2523248:tid2523311][client172.182.200.148:0]ModSec ... show more [SatMay2316:15:35.8310442026][security2:error][pid2523248:tid2523311][client172.182.200.148:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"cpu-services.ch\"][uri\"/config/.env\"][unique_id\"ahG2h6-h3Eqfexbn92zyFgAAAME\"]\,referer:https://www.facebook.com/ show less	Hacking Web App Attack
Anonymous	2026-05-23 13:39:45 (3 weeks ago)	(caddyscan) Scanner path probe from 172.182.200.148 (US/United States/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 172.182.200.148 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:13:39:41 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:13:39:41 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:13:39:41 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:13:39:41 +0000] "GET /@fs/.env?import&raw HTTP/1.1" [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:13:39:41 +0000] "GET /@fs/.env.local?import&raw HTTP/1.1" show less	Port Scan
Anonymous	2026-05-23 12:39:08 (3 weeks ago)	(caddyscan) Scanner path probe from 172.182.200.148 (US/United States/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 172.182.200.148 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:12:39:03 +0000] "GET /config/.env HTTP/1.1" [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:12:39:04 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:12:39:04 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:12:39:04 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:12:39:04 +0000] "GET /.env HTTP/1.1" show less	Port Scan
🇮🇹 VHosting	2026-05-23 12:00:05 (3 weeks ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
Anonymous	2026-05-23 11:39:01 (3 weeks ago)	(caddyscan) Scanner path probe from 172.182.200.148 (US/United States/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 172.182.200.148 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:11:38:58 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:11:38:58 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:11:38:58 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:11:38:58 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:11:38:58 +0000] "GET /@fs/.env?import&raw HTTP/1.1" show less	Port Scan
Anonymous	2026-05-23 10:36:14 (3 weeks ago)	(caddyscan) Scanner path probe from 172.182.200.148 (US/United States/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 172.182.200.148 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:10:36:09 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:10:36:10 +0000] "GET /config/.env HTTP/1.1" [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:10:36:10 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:10:36:10 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.182.200.148 - - [23/May/2026:10:36:10 +0000] "GET /config/.env HTTP/1.1" show less	Port Scan
🇺🇸 xmission.com	2026-04-20 09:03:02 (1 month ago)	Blocked 20 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delistin ... show more Blocked 20 connection attempts due to Spamhaus RBL (RJCT05) in the past 4 hours. To request delisting, visit https://www.spamhaus.org/lookup/ to check your IP status and submit a delist request if eligible. show less	Email Spam
🇳🇱 MiniWest 😘	2025-12-02 20:39:25 (6 months ago)	Fail2Ban on nekomata.miniwest.cloud, Service - sshd: 3 failures from 172.182.200.148 in 3600 seconds	Brute-Force SSH
Anonymous	2025-11-30 03:33:10 (6 months ago)		Brute-Force SSH
🇩🇪 Veslys	2025-11-30 03:32:05 (6 months ago)	Nov 30 04:31:41 Moonlgxt sshd[3433112]: Failed password for root from 172.182.200.148 port 31744 ssh ... show more Nov 30 04:31:41 Moonlgxt sshd[3433112]: Failed password for root from 172.182.200.148 port 31744 ssh2 Nov 30 04:32:02 Moonlgxt sshd[3433362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.182.200.148 user=root Nov 30 04:32:04 Moonlgxt sshd[3433362]: Failed password for root from 172.182.200.148 port 31744 ssh2 ... show less	Brute-Force SSH

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.56

🇺🇸 209.87.169.209

🇺🇸 195.184.76.24

🇺🇸 185.180.141.43

🇳🇱 176.65.149.180

🇩🇪 167.94.146.39

🇺🇸 156.229.27.24

🇻🇳 125.212.129.46

🇲🇴 125.31.2.160

🇵🇱 83.219.248.100

🇲🇽 46.250.168.219

🇬🇧 35.203.211.169

🇨🇳 27.159.66.72

🇨🇳 218.13.26.42

🇬🇧 195.96.139.156

🇮🇳 152.32.156.138

🇨🇳 110.249.202.99

🇮🇹 83.229.8.197

🇺🇸 74.7.241.43

🇺🇸 47.77.229.36