JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.203.253.161

172.203.253.161 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 63%: ?

63%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.203.253.161

Whois 172.203.253.161

IP Abuse Reports for 172.203.253.161:

This IP address has been reported a total of 16 times from 15 distinct sources. 172.203.253.161 was first reported on April 6th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 SOC [GOLINE SA]	2026-06-10 20:14:38 (1 week ago)	IDS Alert: GPL WEB_SERVER 403 Forbidden === ATTACK === Signature: GPL WEB_SERVER 403 Forbidden \| SID ... show more IDS Alert: GPL WEB_SERVER 403 Forbidden === ATTACK === Signature: GPL WEB_SERVER 403 Forbidden \| SID: 2101201 \| Severity: 2 \| Category: Attempted Information Leak === SOURCE === IP: 172.203.253.161 (IPv4) \| Port: 80 \| Country: United States \| ISP: RIPE \| rDNS: None === TARGET === Host: nextcloud.goline.ch \| IP: 172.203.253.161 \| Port: 16291 \| Protocol: TCP \| App: http === RESPONSE === Time: 2026-06-10 20:14:37 \| Action: Blocked show less	Port Scan Hacking Bad Web Bot
🇩🇪 Kreisausschuss des Odenwaldkreises	2026-06-10 19:39:53 (1 week ago)	HAProxy NOSRV or BADREQ	Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 19:07:17 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 172.203.253.161 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 172.203.253.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 15:07:09.959351 2026] [security2:error] [pid 13356:tid 13356] [client 172.203.253.161:16411] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.63"] [uri "/.git/HEAD"] [unique_id "aim13fjeG6NrR-q8-W2MngAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-10 17:05:40 (1 week ago)	Abuse Detected (2)	Brute-Force Web App Attack
🇺🇸 xmission.com	2026-06-10 16:10:23 (1 week ago)	Blocked by UFW (TCP on 8443) Source port: 16418 TTL: 48 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 8443) Source port: 16418 TTL: 48 Packet length: 60 TOS: 0x00 This report (for 172.203.253.161) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 ShadowWhisperer	2026-06-10 15:36:01 (1 week ago)	HTTPS GET /.git/HEAD UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KH	Web App Attack
Anonymous	2026-06-07 21:16:26 (2 weeks ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇫🇷 dynamix	2026-06-07 14:51:37 (2 weeks ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 13:34:04 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 172.203.253.161 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 172.203.253.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 09:33:57.956204 2026] [security2:error] [pid 24297:tid 24297] [client 172.203.253.161:46664] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.99"] [uri "/.git/config"] [unique_id "aiVzRVGSmEfg3OEaXLRnzgAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 _ArminS_	2026-06-07 12:16:16 (2 weeks ago)	SP-Scan 46278:2087 detected 2026.06.07 14:16:16 blocked until 2026.07.27 07:19:03	Port Scan
🇩🇪 centurion	2026-06-07 11:38:12 (2 weeks ago)	Blocked by UFW on ns02 [2087/tcp] Source port: 45834 TTL: 45 Packet length: 60 TOS: 0x00 This repor ... show more Blocked by UFW on ns02 [2087/tcp] Source port: 45834 TTL: 45 Packet length: 60 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 crooze.net	2026-06-07 09:48:51 (2 weeks ago)	172.203.253.161 - - [07/Jun/2026:05:48:50 -0400] "GET /.git/HEAD HTTP/1.1" 444 0 "-" "Mozilla/5.0 (M ... show more 172.203.253.161 - - [07/Jun/2026:05:48:50 -0400] "GET /.git/HEAD HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14.4; rv:125.0) Gecko/20100101 Firefox/125.0" ... show less	Web App Attack
🇩🇪 EGP Abuse Dept	2026-06-07 09:42:16 (2 weeks ago)	Scanning for web/db/file exploits on tpc-027.mach3builders.nl	SQL Injection Bad Web Bot Web App Attack
🇧🇷 SOC PR	2026-06-07 09:15:05 (2 weeks ago)	IPS: Web Server Exposed Git Repository Information Disclosure.	Hacking
🇧🇾 lns.bz	2026-06-07 09:03:46 (2 weeks ago)	Too many 404 requests [BY]	Web App Attack

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.163.125.104

🇳🇱 185.93.89.114

🇮🇩 180.250.196.141

🇷🇴 141.98.83.240

🇨🇳 111.170.12.148

🇸🇬 101.47.156.21

🇷🇺 94.233.127.218

🇳🇱 91.92.40.231

🇩🇪 64.89.163.91

🇱🇹 45.227.254.170

🇺🇸 45.154.153.27

🇮🇸 45.133.193.25

🇵🇰 37.111.145.135

🇩🇪 167.94.146.47

🇸🇪 104.222.171.214

🇵🇰 103.73.101.153

🇫🇷 79.143.186.128

🇺🇸 34.26.9.145

🇩🇪 213.209.159.108

🇬🇧 195.206.182.194