JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.203.196.225

172.203.196.225 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 98%: ?

98%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.203.196.225

Whois 172.203.196.225

IP Abuse Reports for 172.203.196.225:

This IP address has been reported a total of 19 times from 18 distinct sources. 172.203.196.225 was first reported on June 2nd 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-04 03:39:28 (1 hour ago)	Portscan: TCP/2083, TCP/2082, TCP/2086, TCP/8080, TCP/8443, TCP/2087	Port Scan
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (6 hours ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
Anonymous	2026-06-03 18:04:05 (11 hours ago)	PORT & IP Scan.	Port Scan Brute-Force
🇧🇷 SOC PR	2026-06-03 06:13:59 (23 hours ago)	IPS: Sensitive Configuration File Disclosure.	Hacking
🇹🇷 Threat.live	2026-06-03 06:10:04 (23 hours ago)	Suspicious Connection Attempts	Brute-Force
🇩🇪 marcel-knorr.de	2026-06-03 05:28:07 (23 hours ago)	[MK-Root1] Blocked by UFW	Brute-Force Port Scan
🇹🇼 tyetriiix	2026-06-03 04:44:26 (1 day ago)	Wazuh Alert Evidence: 172.203.196.225 - - [03/Jun/2026:04:44:23 +0000] "GET /wp-config.php.bak HTTP/ ... show more Wazuh Alert Evidence: 172.203.196.225 - - [03/Jun/2026:04:44:23 +0000] "GET /wp-config.php.bak HTTP/1.1" 404 146 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15" "-" Origin: "-" CORS_Header: "-" Sent_allow_origin: "-" show less	Web App Attack
🇺🇸 xmission.com	2026-06-03 02:51:28 (1 day ago)	Blocked by UFW (TCP on 80) Source port: 38630 TTL: 48 Packet length: 60 TOS: 0x00 This report (for ... show more Blocked by UFW (TCP on 80) Source port: 38630 TTL: 48 Packet length: 60 TOS: 0x00 This report (for 172.203.196.225) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇺🇸 RAP	2026-06-03 02:04:22 (1 day ago)	2026-06-03 02:04:22 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇬🇧 PeravixGroup	2026-06-03 01:36:55 (1 day ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇮🇪 AutosOnShow	2026-06-03 01:22:05 (1 day ago)	blocked for webapp attack \| path requested: /.env \| seen at 2026-06-03 01:21:15.370 \|	Web App Attack
🇩🇪 getdk	2026-06-03 01:18:04 (1 day ago)	[Wed Jun 03 01:17:59.527356 2026] [security2:error] [pid 1439858] [client 172.203.196.225:38148] [cl ... show more [Wed Jun 03 01:17:59.527356 2026] [security2:error] [pid 1439858] [client 172.203.196.225:38148] [client 172.203.196.225] ModSecurity: Access denied with code 403 ... show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 joharikop	2026-06-03 01:12:23 (1 day ago)	Nginx: credential/secret file probe (/.env, /.git, /.aws etc). Automated ban via fail2ban nginx-cred ... show more Nginx: credential/secret file probe (/.env, /.git, /.aws etc). Automated ban via fail2ban nginx-credential-probes jail. show less	Web App Attack
🇺🇸 MPL	2026-06-02 14:18:39 (1 day ago)	tcp port scan (15 or more attempts)	Port Scan
🇫🇷 ISPLtd	2026-06-02 13:28:18 (1 day ago)	Jun 2 10:28:18 172.203.196.225 TCP SPT=47299 DPT=8080 SYN Jun 2 10:28:18 172.203.196.225 TCP SPT=4 ... show more Jun 2 10:28:18 172.203.196.225 TCP SPT=47299 DPT=8080 SYN Jun 2 10:28:18 172.203.196.225 TCP SPT=47299 DPT=8443 SYN Jun 2 10:28:18 172.203.196.225 TCP SPT=47297 DPT=2082 ... show less	Port Scan

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 205.210.31.65

🇦🇷 191.85.20.20

🇹🇭 152.32.245.27

🇺🇸 147.185.132.199

🇫🇷 91.231.89.2

🇨🇳 221.238.104.67

🇺🇸 216.180.246.17

🇨🇴 179.33.210.213

🇮🇳 157.20.215.123

🇱🇹 141.98.11.83

🇮🇹 109.168.93.180

🇨🇳 60.247.168.204

🇮🇳 49.207.40.162

🇮🇳 49.36.120.134

🇹🇷 46.197.13.252

🇶🇦 2600:1900:4260:40e::166

🇩🇪 212.100.48.224

🇹🇼 152.32.232.185

🇮🇩 103.166.10.244

🇷🇴 80.94.95.242