JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.182.201.171

172.182.201.171 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 62%: ?

62%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.182.201.171

Whois 172.182.201.171

IP Abuse Reports for 172.182.201.171:

This IP address has been reported a total of 15 times from 13 distinct sources. 172.182.201.171 was first reported on September 23rd 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇯🇵 demonsword	2026-06-12 10:54:51 (1 day ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: cp.cloudflare.com:443 show less	Open Proxy Port Scan
🇧🇪 boxed-it	2026-06-04 08:56:38 (1 week ago)	GET /.git/HEAD (Tarpitted for 1d15h8m29s, wasted 8.06MB)	Web App Attack
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (1 week ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇷🇸 Scan	2026-06-03 00:06:17 (1 week ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇦🇹 urnilxfgbez	2026-06-02 22:45:00 (1 week ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 Gabriel Camargo	2026-06-02 22:06:09 (1 week ago)	172.182.201.171 - - [02/Jun/2026:17:06:06 -0500] "GET /.git/HEAD HTTP/1.1" 404 197 "-" "Mozilla/5.0 ... show more 172.182.201.171 - - [02/Jun/2026:17:06:06 -0500] "GET /.git/HEAD HTTP/1.1" 404 197 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 172.182.201.171 - - [02/Jun/2026:17:06:07 -0500] "GET /.git/config HTTP/1.1" 404 197 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 172.182.201.171 - - [02/Jun/2026:17:06:08 -0500] "GET /.env HTTP/1.1" 404 134 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ... show less	Brute-Force SSH
🇬🇧 PeravixGroup	2026-06-02 21:57:47 (1 week ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇮🇩 Burayot	2026-06-02 21:05:59 (1 week ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 172.182.201.171 (US/United States/- ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 172.182.201.171 (US/United States/-): 1 in the last 3600 secs show less	Web App Attack
🇩🇪 psauxit	2026-06-02 20:22:52 (1 week ago)	Fail2Ban - NGINX bad requests 400-401-403-404-444, high level vulnerability scanning, commonly xmlrp ... show more Fail2Ban - NGINX bad requests 400-401-403-404-444, high level vulnerability scanning, commonly xmlrpc_attack, wp-login brute force, excessive crawling/scraping show less	Web App Attack Hacking
🇫🇷 900cm	2026-06-02 19:31:00 (1 week ago)	[Tue Jun 02 21:30:48.683343 2026] [access_compat:error] [pid 2098329:tid 2098329] [client 172.182.20 ... show more [Tue Jun 02 21:30:48.683343 2026] [access_compat:error] [pid 2098329:tid 2098329] [client 172.182.201.171:18711] AH01797: client denied by server configuration: /var/www/darkintruder/.git [Tue Jun 02 21:30:53.840688 2026] [access_compat:error] [pid 2807079:tid 2807079] [client 172.182.201.171:18706] AH01797: client denied by server configuration: /var/www/darkintruder/.env.local [Tue Jun 02 21:30:59.383634 2026] [access_compat:error] [pid 2806661:tid 2806661] [client 172.182.201.171:18700] AH01797: client denied by server configuration: /var/www/darkintruder/.env.backup ... show less	Port Scan Brute-Force SSH
🇬🇧 PeravixGroup	2026-06-02 18:51:17 (1 week ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-02 17:50:49 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 172.182.201.171 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 172.182.201.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 13:50:41.774815 2026] [security2:error] [pid 20992:tid 20992] [client 172.182.201.171:18741] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.20"] [uri "/.env"] [unique_id "ah8X8deoDUZw2WlBuNB4OAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Starburst SysOp Team	2026-06-02 17:47:04 (1 week ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-nue6-1)	Hacking Bad Web Bot
Anonymous	2026-06-02 17:25:16 (1 week ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇦🇺 advena	2025-09-23 20:00:56 (8 months ago)	172.182.201.171 (AS8075 MICROSOFT-CORP-MSN-AS-BLOCK) was intercepted at 2025-09-23T19:58:48Z after v ... show more 172.182.201.171 (AS8075 MICROSOFT-CORP-MSN-AS-BLOCK) was intercepted at 2025-09-23T19:58:48Z after violating WAF directive: 874a3e315c344b1281ad4f00046aab6f. Pre-cautionary/corrective action applied: managed_challenge. show less	Web Spam Hacking Brute-Force Web App Attack

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 212.83.145.101

🇫🇮 185.148.1.161

🇧🇷 177.104.171.149

🇯🇵 172.93.220.185

🇧🇬 164.138.220.142

🇺🇸 150.136.183.138

🇨🇳 123.158.253.240

🇨🇳 116.138.0.45

🇬🇧 77.98.200.40

🇺🇸 24.239.209.150

🇨🇭 216.131.108.3

🇺🇸 205.210.31.109

🇦🇺 203.220.200.243

🇲🇦 196.92.7.246

🇪🇪 185.12.237.12

🇺🇸 162.216.150.102

🇲🇦 160.174.129.232

🇨🇳 112.87.155.123

🇧🇬 78.128.112.6

🇨🇴 69.6.234.27