JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.183.91.2

172.183.91.2 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 67%: ?

67%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.183.91.2

Whois 172.183.91.2

IP Abuse Reports for 172.183.91.2:

This IP address has been reported a total of 19 times from 15 distinct sources. 172.183.91.2 was first reported on April 17th 2024, and the most recent report was 15 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 Kepler-1649c	2026-06-03 22:05:39 (15 hours ago)	Detected Attack: HTPasswd.Access	Hacking
🇺🇸 RAP	2026-06-03 09:55:15 (1 day ago)	2026-06-03 09:55:15 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 08:25:21 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 172.183.91.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.183.91.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 04:25:15.466754 2026] [security2:error] [pid 441:tid 441] [client 172.183.91.2:27335] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.105"] [uri "/.git/HEAD"] [unique_id "ah_k6-R6Q5TXa5NvGzfRIgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 iNetWorker	2026-06-03 08:01:07 (1 day ago)	firewall-block, port(s): 80/tcp, 2086/tcp	Port Scan
Anonymous	2026-06-03 07:56:09 (1 day ago)	Honeypot hit: Empty payload (likely service probe); 2087 [1] TCP Reported by: https://github.com/sef ... show more Honeypot hit: Empty payload (likely service probe); 2087 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇺🇸 xmission.com	2026-06-03 07:47:32 (1 day ago)	Blocked by UFW (TCP on 80) Source port: 27721 TTL: 51 Packet length: 60 TOS: 0x00 This report (for ... show more Blocked by UFW (TCP on 80) Source port: 27721 TTL: 51 Packet length: 60 TOS: 0x00 This report (for 172.183.91.2) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇬🇧 PeravixGroup	2026-06-03 07:42:22 (1 day ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
Anonymous	2026-06-03 06:54:17 (1 day ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇮🇹 VHosting	2026-05-22 12:00:06 (1 week ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
Anonymous	2026-05-22 10:15:23 (1 week ago)	(caddyscan) Scanner path probe from 172.183.91.2 (US/United States/-): 5 in the last 3600 secs; Port ... show more (caddyscan) Scanner path probe from 172.183.91.2 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 172.183.91.2 - - [22/May/2026:10:15:17 +0000] "GET /config/.env HTTP/1.1" [REDACTED] 200 2627 172.183.91.2 - - [22/May/2026:10:15:18 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.183.91.2 - - [22/May/2026:10:15:18 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 172.183.91.2 - - [22/May/2026:10:15:18 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.183.91.2 - - [22/May/2026:10:15:18 +0000] "GET /.env HTTP/1.1" show less	Port Scan
Anonymous	2026-05-22 06:43:04 (1 week ago)	(caddyscan) Scanner path probe from 172.183.91.2 (US/United States/-): 5 in the last 3600 secs; Port ... show more (caddyscan) Scanner path probe from 172.183.91.2 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 172.183.91.2 - - [22/May/2026:06:43:00 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.183.91.2 - - [22/May/2026:06:43:00 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 172.183.91.2 - - [22/May/2026:06:43:00 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.183.91.2 - - [22/May/2026:06:43:00 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.183.91.2 - - [22/May/2026:06:43:00 +0000] "GET /@fs/.env?import&raw HTTP/1.1" show less	Port Scan
🇯🇵 choko51	2026-04-13 01:51:45 (1 month ago)	Proxy honeypot: Authentication attempt. Type: socks5, Port: 1080/tcp, Info: CONNECT cmd:1 atyp:3	Open Proxy Port Scan Hacking
🇬🇧 2048	2026-03-18 13:27:37 (2 months ago)	2026-03-18T14:27:34.431518+01:00 machodeer kernel: [2097273.262797] [UFW BLOCK] IN=ens3 OUT= MAC=RED ... show more 2026-03-18T14:27:34.431518+01:00 machodeer kernel: [2097273.262797] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=172.183.91.2 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=30543 DF PROTO=TCP SPT=16517 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-03-18T14:27:35.432159+01:00 machodeer kernel: [2097274.263318] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=172.183.91.2 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=30544 DF PROTO=TCP SPT=16517 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-03-18T14:27:36.454801+01:00 machodeer kernel: [2097275.285553] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=172.183.91.2 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=30545 DF PROTO=TCP SPT=16517 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 show less	Port Scan
🇬🇧 2048	2026-02-18 18:45:24 (3 months ago)	2026-02-18T19:45:20.636961+01:00 machodeer kernel: [ 2089.979867] [UFW BLOCK] IN=ens3 OUT= MAC=REDAC ... show more 2026-02-18T19:45:20.636961+01:00 machodeer kernel: [ 2089.979867] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=172.183.91.2 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=28350 DF PROTO=TCP SPT=62600 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-02-18T19:45:21.716460+01:00 machodeer kernel: [ 2091.060644] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=172.183.91.2 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=28351 DF PROTO=TCP SPT=62600 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-02-18T19:45:22.716358+01:00 machodeer kernel: [ 2092.060803] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=172.183.91.2 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=28352 DF PROTO=TCP SPT=62600 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 show less	Port Scan
🇺🇸 MHuiG	2024-10-05 22:08:11 (1 year ago)	The IP has triggered Cloudflare WAF. action: managed_challenge source: firewallCustom clientAsn: 807 ... show more The IP has triggered Cloudflare WAF. action: managed_challenge source: firewallCustom clientAsn: 8075 clientASNDescription: MICROSOFT-CORP-MSN-AS-BLOCK clientCountryName: US clientIP: 172.183.91.2 clientRequestHTTPHost: mhuig.top clientRequestHTTPMethodName: GET clientRequestHTTPProtocol: HTTP/1.1 clientRequestPath: / clientRequestQuery: datetime: 2024-10-05T21:18:14Z rayName: 8ce0716d3e2b2910 ruleId: f4a2c940dd7944e58e72d246ea29b5af userAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; QQDownload 732; .NET4.0C; .NET4.0E). Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Open Proxy VPN IP Port Scan Hacking SQL Injection Bad Web Bot Exploited Host Web App Attack

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇺 202.123.26.150

🇪🇸 188.114.111.43

🇧🇷 181.214.221.109

🇸🇬 140.245.32.185

🇺🇸 104.164.126.160

🇪🇸 90.170.47.115

🇷🇴 89.37.116.208

🇷🇴 80.94.92.165

🇨🇦 70.81.127.119

🇬🇭 41.139.37.148

🇮🇶 37.239.213.6

🇷🇺 178.178.194.151

🇬🇧 178.128.32.203

🇧🇷 177.152.69.54

🇳🇱 176.65.139.151

🇺🇸 147.185.132.29

🇨🇳 122.224.205.42

🇮🇳 106.215.160.219

🇨🇳 106.75.49.194

🇨🇳 106.75.36.195