JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.203.253.208

172.203.253.208 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 10%: ?

10%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.203.253.208

Whois 172.203.253.208

IP Abuse Reports for 172.203.253.208:

This IP address has been reported a total of 31 times from 21 distinct sources. 172.203.253.208 was first reported on April 3rd 2026, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 dominioz	2026-06-26 19:59:48 (8 hours ago)	172.203.253.208 [65C0] 16:59:41 Authentication [SMTP] - Result=0, [email protected] ... show more 172.203.253.208 [65C0] 16:59:41 Authentication [SMTP] - Result=0, [email protected], Method=2 172.203.253.208 [65C0] 16:59:44 Authentication [SMTP] - Result=0, [email protected], Method=0 ... show less	Brute-Force
🇧🇷 dominioz	2026-06-26 16:43:11 (12 hours ago)	172.203.253.208 [65C0] 13:43:01 Authentication [SMTP] - Result=0, [email protected] ... show more 172.203.253.208 [65C0] 13:43:01 Authentication [SMTP] - Result=0, [email protected], Method=2 172.203.253.208 [65C0] 13:43:04 Authentication [SMTP] - Result=0, [email protected], Method=0 172.203.253.208 [65C0] 13:43:08 Authentication [SMTP] - Result=0, [email protected], Method=0 ... show less	Brute-Force
🇯🇵 demonsword	2026-05-10 09:27:21 (1 month ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: ptlogin.4399.com:443 show less	Open Proxy Port Scan
🇳🇱 homeshowdomain.nl	2026-04-12 22:02:53 (2 months ago)	Auto-ban: >3000 req/min op 2026-04-12	Web App Attack SSH Hacking
🇺🇸 ambor	2026-04-12 19:55:26 (2 months ago)	Honeypot access: Git configuration file access attempt. Path: /.git/config	Web App Attack
🇳🇱 ipoac.nl	2026-04-12 19:43:50 (2 months ago)	-:443 172.203.253.208 - - [12/Apr/2026:21:43:48 +0200] - "GET /.git/config HTTP/2.0" 404 2489 "https ... show more -:443 172.203.253.208 - - [12/Apr/2026:21:43:48 +0200] - "GET /.git/config HTTP/2.0" 404 2489 "https://outlook.live.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0" show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-04-12 18:56:52 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.203.253.208 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 172.203.253.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 12 14:56:48.397097 2026] [security2:error] [pid 2604391:tid 2604391] [client 172.203.253.208:34844] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "scandicakes.com"] [uri "/.git/config"] [unique_id "advq8O8aHgvuCJb7rnuqAAAAACM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-12 17:08:50 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.203.253.208 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 172.203.253.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 12 13:08:43.803960 2026] [security2:error] [pid 690837:tid 690837] [client 172.203.253.208:33856] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "wallet.joebankx.com"] [uri "/.git/config"] [unique_id "advRm7QbcxwXh_jogRrCzwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-12 16:37:36 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.203.253.208 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 172.203.253.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 12 12:37:29.424472 2026] [security2:error] [pid 2988493:tid 2988493] [client 172.203.253.208:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "site.kimbrothersusa.com"] [uri "/.git/config"] [unique_id "advKSTXoh0d_mNxJ2Qi9BwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-04-12 16:29:30 (2 months ago)	[SunApr1218:29:26.4995332026][security2:error][pid2013117:tid2013142][client172.203.253.208:0]ModSec ... show more [SunApr1218:29:26.4995332026][security2:error][pid2013117:tid2013142][client172.203.253.208:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".git\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"342\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"foodelivery.benvenutialfood.ch\"][uri\"/.git/config\"][unique_id\"advIZmu0O1ZeJX8OKp-cwgAAAFc\"]\,referer:https://duckduckgo.com/ show less	Hacking Web App Attack
🇳🇱 debestelapp	2026-04-12 15:45:03 (2 months ago)		Web App Attack
🇺🇸 TPI-Abuse	2026-04-12 15:42:08 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.203.253.208 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 172.203.253.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 12 11:42:02.900729 2026] [security2:error] [pid 2511553:tid 2511600] [client 172.203.253.208:34634] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cafeteresemporda.com.webcraftestudio.com"] [uri "/.git/config"] [unique_id "adu9Sl2bUmdZDMeoYMNvyAAAAFc"], referer: https://mail.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 interbiznw.com	2026-04-12 15:12:54 (2 months ago)	malicious-web-requests-vulnerability-scanning	Hacking Brute-Force Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-04-12 15:05:04 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 172.203.253.208 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 172.203.253.208 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 12 11:04:55.251238 2026] [security2:error] [pid 2535028:tid 2535028] [client 172.203.253.208:34319] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "chevronparkett.com"] [uri "/.git/config"] [unique_id "adu0l7FA_Bu3TYW07Dx-hQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Blexyel	2026-04-12 15:04:36 (2 months ago)	172.203.253.208 - - [12/Apr/2026:15:04:31 +0000] "GET /.git/config HTTP/1.1" 200 2116 "https://chat. ... show more 172.203.253.208 - - [12/Apr/2026:15:04:31 +0000] "GET /.git/config HTTP/1.1" 200 2116 "https://chat.openai.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:132.0) Gecko/20100101 Firefox/132.0" ... show less	Brute-Force Web App Attack

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.105

🇬🇧 195.206.182.207

🇳🇿 118.148.185.151

🇫🇷 109.199.106.34

🇱🇻 81.30.98.49

🇳🇱 45.153.34.235

🇳🇱 45.148.10.152

🇧🇪 34.79.230.60

🇸🇪 213.66.196.11

🇧🇪 207.175.58.196

🇵🇰 160.187.180.146

🇵🇰 153.117.13.245

🇺🇸 104.236.83.40

🇨🇳 101.126.4.240

🇩🇪 69.5.169.249

🇺🇸 50.6.248.168

🇳🇱 45.153.34.43

🇬🇧 2a06:4880:c000::f7

🇳🇱 192.109.200.78

🇫🇷 163.172.60.23