JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.182.213.70

172.182.213.70 was found in our database!

This IP was reported 143 times. Confidence of Abuse is 64%: ?

64%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.182.213.70

Whois 172.182.213.70

IP Abuse Reports for 172.182.213.70:

This IP address has been reported a total of 143 times from 51 distinct sources. 172.182.213.70 was first reported on July 28th 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 thororen	2026-06-02 11:51:36 (2 days ago)	Blocked by UFW [2083/tcp] Source port: 35652 TTL: 48 Packet length: 60 TOS: 0x00 This report was ge ... show more Blocked by UFW [2083/tcp] Source port: 35652 TTL: 48 Packet length: 60 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇸🇰 EVISION	2026-06-02 11:30:58 (2 days ago)	Automatic report from EV firewall log. https://github.com/Ragnarocek/Windows_FW_AbuseIPDB_Reporti ... show more Automatic report from EV firewall log. https://github.com/Ragnarocek/Windows_FW_AbuseIPDB_Reporting ID: ysMcUw69DGZZg3GkO9a7w9PqLPLnqi17 show less	Port Scan Hacking Brute-Force
🇺🇸 TPI-Abuse	2026-06-02 11:15:57 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 172.182.213.70 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.182.213.70 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 07:15:50.906355 2026] [security2:error] [pid 24136:tid 24136] [client 172.182.213.70:35106] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.15"] [uri "/.git/HEAD"] [unique_id "ah67Zm0GBb8QAVU27qyRhAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-02 11:05:32 (2 days ago)	Abuse Detected (4)	Brute-Force Web App Attack
🇫🇷 sthoyer.de	2026-06-02 09:01:29 (2 days ago)	Jun 2 11:01:26 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd: ... show more Jun 2 11:01:26 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=172.182.213.70 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=829 DF PROTO=TCP SPT=35464 DPT=2087 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 2 11:01:27 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=172.182.213.70 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=9285 DF PROTO=TCP SPT=35621 DPT=8443 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 2 11:01:27 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=172.182.213.70 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=59710 DF PROTO=TCP SPT=35466 DPT=2083 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 2 11:01:27 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=172.182.213.70 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=41748 DF PROTO=TCP SPT=35466 DPT=2082 WINDO ... show less	Port Scan
🇧🇷 SOCBR	2026-06-02 08:58:10 (2 days ago)	IPS: Sensitive Configuration File Disclosure.	Hacking
🇧🇪 delabiemedia.be	2026-06-02 08:40:05 (2 days ago)	172.182.213.70 - - [02/Jun/2026:10:39:50 +0200] "GET /.env HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windo ... show more 172.182.213.70 - - [02/Jun/2026:10:39:50 +0200] "GET /.env HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" 172.182.213.70 - - [02/Jun/2026:10:39:52 +0200] "GET /.env.local HTTP/1.1" 404 134 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 172.182.213.70 - - [02/Jun/2026:10:39:54 +0200] "GET /.env.production HTTP/1.1" 404 134 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14.4; rv:125.0) Gecko/20100101 Firefox/125.0" 172.182.213.70 - - [02/Jun/2026:10:39:57 +0200] "GET /.env.save HTTP/1.1" 404 134 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 172.182.213.70 - - [02/Jun/2026:10:40:04 +0200] "GET /.aws/credentials HTTP/1.1" 404 196 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" ... show less	Web App Attack
🇹🇷 Threat.live	2026-06-02 08:25:06 (2 days ago)	Suspicious Connection Attempts	Brute-Force
🇺🇸 RAP	2026-06-02 08:10:34 (2 days ago)	2026-06-02 08:10:34 UTC Unauthorized activity to TCP port 8443. Web App	Port Scan Web App Attack
Anonymous	2026-06-02 06:40:15 (2 days ago)	172.182.213.70 - - [02/Jun/2026:03:40:12 -0300] "GET /.env HTTP/1.1" 404 125 "-" "Mozilla/5.0 (compa ... show more 172.182.213.70 - - [02/Jun/2026:03:40:12 -0300] "GET /.env HTTP/1.1" 404 125 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 172.182.213.70 - - [02/Jun/2026:03:40:14 -0300] "GET /.env.production HTTP/1.1" 404 125 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ... show less	Port Scan
🇩🇪 2048	2026-04-07 19:13:14 (1 month ago)	2026-04-07T20:13:10.834004+01:00 machodeer kernel: [3846010.468987] [UFW BLOCK] IN=ens3 OUT= MAC=RED ... show more 2026-04-07T20:13:10.834004+01:00 machodeer kernel: [3846010.468987] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=172.182.213.70 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=29141 DF PROTO=TCP SPT=10195 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-04-07T20:13:11.849004+01:00 machodeer kernel: [3846011.484112] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=172.182.213.70 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=29142 DF PROTO=TCP SPT=10195 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-04-07T20:13:12.873062+01:00 machodeer kernel: [3846012.507567] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=172.182.213.70 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=29143 DF PROTO=TCP SPT=10195 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 show less	Port Scan
🇯🇵 knock	2026-03-20 20:04:07 (2 months ago)	SSH honeypot brute-force attempt (269 total hits)	Brute-Force SSH
🇯🇵 chirorist	2026-03-20 17:39:09 (2 months ago)	2026-03-21T02:37:52.271561 web.chirorist.org sshd[867900]: Failed password for root from 172.182.213 ... show more 2026-03-21T02:37:52.271561 web.chirorist.org sshd[867900]: Failed password for root from 172.182.213.70 port 29901 ssh2 2026-03-21T02:39:05.460550 web.chirorist.org sshd[867904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.182.213.70 user=root 2026-03-21T02:39:07.564699 web.chirorist.org sshd[867904]: Failed password for root from 172.182.213.70 port 29901 ssh2 2026-03-21T02:39:05.460550 web.chirorist.org sshd[867904]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.182.213.70 user=root 2026-03-21T02:39:07.564699 web.chirorist.org sshd[867904]: Failed password for root from 172.182.213.70 port 29901 ssh2 ... show less	Brute-Force SSH
🇯🇵 chirorist	2026-03-20 15:37:44 (2 months ago)	2026-03-21T00:36:42.388921 web.chirorist.org sshd[859825]: Failed password for root from 172.182.213 ... show more 2026-03-21T00:36:42.388921 web.chirorist.org sshd[859825]: Failed password for root from 172.182.213.70 port 29761 ssh2 2026-03-21T00:36:40.293892 web.chirorist.org sshd[859825]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.182.213.70 user=root 2026-03-21T00:36:42.388921 web.chirorist.org sshd[859825]: Failed password for root from 172.182.213.70 port 29761 ssh2 2026-03-21T00:37:41.154302 web.chirorist.org sshd[859828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.182.213.70 user=root 2026-03-21T00:37:43.289753 web.chirorist.org sshd[859828]: Failed password for root from 172.182.213.70 port 29762 ssh2 ... show less	Brute-Force SSH
🇯🇵 oh.mg	2026-03-20 14:36:08 (2 months ago)	2026-03-20T10:35:30.045121-04:00 deltachat-jp sshd[1291205]: Failed password for root from 172.182.2 ... show more 2026-03-20T10:35:30.045121-04:00 deltachat-jp sshd[1291205]: Failed password for root from 172.182.213.70 port 29745 ssh2 2026-03-20T10:35:45.753522-04:00 deltachat-jp sshd[1292592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.182.213.70 user=root 2026-03-20T10:35:48.076961-04:00 deltachat-jp sshd[1292592]: Failed password for root from 172.182.213.70 port 29745 ssh2 2026-03-20T10:36:03.963960-04:00 deltachat-jp sshd[1294246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=172.182.213.70 user=root 2026-03-20T10:36:06.757140-04:00 deltachat-jp sshd[1294246]: Failed password for root from 172.182.213.70 port 29745 ssh2 ... show less	Brute-Force SSH

Showing 1 to 15 of 143 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.176.29.30

🇵🇰 175.107.213.70

🇰🇷 121.142.87.218

🇨🇳 114.217.53.40

🇺🇸 64.62.197.85

🇳🇵 202.51.89.100

🇬🇧 193.176.29.15

🇺🇸 173.252.70.51

🇺🇸 173.252.70.49

🇺🇸 173.252.70.42

🇵🇰 139.135.46.181

🇧🇷 108.179.193.80

🇩🇪 104.140.188.18

🇳🇱 88.151.33.224

🇨🇳 60.191.221.172

🇮🇪 54.155.52.114

🇺🇸 52.4.213.199

🇨🇳 202.101.73.82

🇰🇿 194.32.140.229

🇺🇸 178.156.253.13