JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.203.253.171

172.203.253.171 was found in our database!

This IP was reported 36 times. Confidence of Abuse is 82%: ?

82%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.203.253.171

Whois 172.203.253.171

IP Abuse Reports for 172.203.253.171:

This IP address has been reported a total of 36 times from 30 distinct sources. 172.203.253.171 was first reported on April 13th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 FEWA	2026-06-17 05:22:28 (1 week ago)	Fail2Ban Ban Triggered	Hacking Bad Web Bot Web App Attack
🇪🇪 Selckie	2026-06-15 14:13:58 (1 week ago)	fail2ban: NGINX unusual impact	Web App Attack
Anonymous	2026-06-03 18:04:07 (3 weeks ago)	PORT & IP Scan.	Port Scan Brute-Force
🇧🇷 SOC-BR	2026-06-03 07:30:41 (3 weeks ago)	Attack detected by Fortinet - applications3: Spring.Boot.Actuator.Unauthorized.Access - 2026-06-02 1 ... show more Attack detected by Fortinet - applications3: Spring.Boot.Actuator.Unauthorized.Access - 2026-06-02 17:52:34 - Source Port 26318 show less	Port Scan Hacking
🇺🇸 gu-alvareza	2026-06-03 07:05:29 (3 weeks ago)	HTPasswd.Access	Brute-Force
🇫🇷 Petre 21_ip	2026-06-03 06:23:52 (3 weeks ago)	2026-06-03T08:23:51.291551+02:00 vmi2775508 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:5c:a7:cf:c ... show more 2026-06-03T08:23:51.291551+02:00 vmi2775508 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:5c:a7:cf:c0:69:11:b3:85:db:08:00 SRC=172.203.253.171 DST=155.133.26.57 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=3942 DF PROTO=TCP SPT=33111 DPT=2087 WINDOW=64240 RES=0x00 SYN URGP=0 ... show less	Port Scan
🇬🇧 PeravixGroup	2026-06-03 06:17:23 (3 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-03 04:48:42 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 172.203.253.171 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 172.203.253.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 00:48:36.208626 2026] [security2:error] [pid 30536:tid 30536] [client 172.203.253.171:32802] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.198"] [uri "/.env"] [unique_id "ah-yJKEcIj7Exn_KoXsrMgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇹🇷 Threat.live	2026-06-03 04:05:06 (3 weeks ago)	Suspicious Connection Attempts	Brute-Force
🇩🇪 acadeova	2026-06-03 03:33:46 (3 weeks ago)	Blocked by UFW on vps2 [8443/tcp] Source port: 33196 TTL: 49 Packet length: 60 TOS: 0x00 This repor ... show more Blocked by UFW on vps2 [8443/tcp] Source port: 33196 TTL: 49 Packet length: 60 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇳🇱 i-turnradio.nl	2026-06-03 02:55:55 (3 weeks ago)	2026-06-03 @ 04:55:55 (CET) ~ Blocked for trying to access: /.env.local	Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 02:20:06 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 172.203.253.171 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 172.203.253.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 22:20:00.790322 2026] [security2:error] [pid 8989:tid 8989] [client 172.203.253.171:32266] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.73"] [uri "/.git/HEAD"] [unique_id "ah-PUKPO0rvEdRgyHOBMKQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-03 01:59:03 (3 weeks ago)	Bot / scanning and/or hacking attempts: GET /.git/HEAD HTTP/1.1, GET /.env.backup HTTP/1.1, GET /wp- ... show more Bot / scanning and/or hacking attempts: GET /.git/HEAD HTTP/1.1, GET /.env.backup HTTP/1.1, GET /wp-config.php HTTP/1.1, GET /.env HTTP/1.1, GET /actuator/env HTTP/1.1, GET /config.php HTTP/1.1, GET /app/config/parameters.yml HTTP/1.1, POST /___proxy_subdomain_whm/login/?login_only=1 HTTP/1.1, GET /___proxy_subdomain_whm/login/ HTTP/1.1 show less	Hacking Web App Attack
🇦🇹 urnilxfgbez	2026-06-02 22:45:00 (3 weeks ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 TPI-Abuse	2026-06-02 22:20:35 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 172.203.253.171 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 172.203.253.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 18:20:30.399060 2026] [security2:error] [pid 21461:tid 21461] [client 172.203.253.171:26341] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.200"] [uri "/.git/HEAD"] [unique_id "ah9XLjqWxfR1nsBDF3FGBwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 36 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 176.65.149.236

🇫🇷 173.249.52.138

🇩🇪 167.94.146.52

🇺🇸 153.66.225.15

🇨🇱 138.186.9.20

🇺🇸 130.51.131.45

🇨🇳 60.16.211.212

🇨🇳 60.16.211.114

🇬🇧 45.82.76.124

🇺🇸 45.33.105.182

🇵🇰 203.135.42.52

🇺🇸 198.23.249.85

🇳🇱 193.176.31.251

🇮🇩 182.2.177.216

🇫🇷 91.231.89.254

🇳🇱 89.21.67.139

🇭🇺 84.225.72.43

🇳🇱 81.19.216.118

🇮🇹 78.134.49.171

🇺🇸 66.132.224.22