JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.208.152.211

172.208.152.211 was found in our database!

This IP was reported 25 times. Confidence of Abuse is 65%: ?

65%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Cheyenne, Wyoming

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.208.152.211

Whois 172.208.152.211

IP Abuse Reports for 172.208.152.211:

This IP address has been reported a total of 25 times from 19 distinct sources. 172.208.152.211 was first reported on September 14th 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇸🇪 adaml1324	2026-06-03 17:26:37 (2 days ago)	TCP port scan detected From server logs: DIRECT_IP_HTTPS ip=[attacker] time=03/Jun/2026:08:18:08 +0 ... show more TCP port scan detected From server logs: DIRECT_IP_HTTPS ip=[attacker] time=03/Jun/2026:08:18:08 +0200 2026-06-03 08:18:07 TCP port 2083 2026-06-03 08:18:07 TCP port 2082 show less	Port Scan
Anonymous	2026-06-03 06:36:24 (2 days ago)	Unauthorized access (tcp/8080 - Scan for open web proxy)	Port Scan
Anonymous	2026-06-03 06:16:53 (2 days ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
Anonymous	2026-06-03 06:08:08 (2 days ago)	Honeypot hit: Empty payload (likely service probe); 2087 [1], 2083 [1], 2082 [1], 2086 [1] TCP Repor ... show more Honeypot hit: Empty payload (likely service probe); 2087 [1], 2083 [1], 2082 [1], 2086 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇺🇸 MPL	2026-06-03 05:53:03 (2 days ago)	tcp port scan (8 or more attempts)	Port Scan
🇺🇸 MPL	2026-06-03 05:50:22 (2 days ago)	tcp port scan (16 or more attempts)	Port Scan
🇨🇦 lakered	2026-06-03 05:46:48 (2 days ago)	Detectors: [NGINX] \| Reasons: Nginx Honeypot: Sensitive configuration file search \| Automated scan t ... show more Detectors: [NGINX] \| Reasons: Nginx Honeypot: Sensitive configuration file search \| Automated scan targeting an unauthorized host or default server sinkhole \| Tech Evidence: Incomplete-Browser-Profile (Missing: Accept, Accept-Language) \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 14.4; rv:125.0) Gecko/20100101 Firefox/125.0 show less	Port Scan Bad Web Bot Hacking Web App Attack
🇦🇺 crispi	2026-06-03 05:25:00 (2 days ago)	Port scan from 172.208.152.211	Port Scan
🇬🇧 PeravixGroup	2026-06-03 05:19:19 (2 days ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇩🇪 getdk	2026-06-03 05:16:45 (2 days ago)	[03/Jun/2026:05:16:44 +0000] host.domain.tld:80 172.208.152.211 - - "GET /.git/HEAD HTTP/1.1" 403 45 ... show more [03/Jun/2026:05:16:44 +0000] host.domain.tld:80 172.208.152.211 - - "GET /.git/HEAD HTTP/1.1" 403 458 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" [03/Jun/2026:05:16:44 +0000] host.domain.tld:80 172.208.152.211 - - "GET /.git/config HTTP/1.1" 403 458 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14.4; rv:125.0) Gecko/20100101 Firefox/125.0" show less	Brute-Force Bad Web Bot
🇫🇷 Flo Flo	2026-05-04 19:43:05 (1 month ago)	172.208.152.211 - - - [04/May/2026:21:43:05 +0200] "flad.xyz" "POST /wp/xmlrpc.php HTTP/1.1" 444 0 " ... show more 172.208.152.211 - - - [04/May/2026:21:43:05 +0200] "flad.xyz" "POST /wp/xmlrpc.php HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 0.000 ... show less	Web App Attack
🇩🇪 4server	2026-05-04 19:42:35 (1 month ago)	[MonMay0421:42:29.7943342026][security2:error][pid639346:tid639363][client172.208.152.211:0]ModSecur ... show more [MonMay0421:42:29.7943342026][security2:error][pid639346:tid639363][client172.208.152.211:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"morgenstern-swiss.ch\"][uri\"/wp/xmlrpc.php\"][unique_id\"afj2pXHvqPof53NCAd4ewQAAAAU\"] show less	Port Scan Brute-Force Web App Attack
🇩🇪 big-cloud.nl	2026-05-04 19:33:02 (1 month ago)	Try to access /wp/xmlrpc.php	Web App Attack
🇳🇱 wlt-blocker	2026-05-04 19:23:49 (1 month ago)	Unauthorized access to webpage admin	Web App Attack
🇫🇷 masterguru	2026-05-04 19:21:42 (1 month ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 172.208.152.211 (US/United States/-): 1 in the ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 172.208.152.211 (US/United States/-): 1 in the last 3600 secs (0-201) show less	Hacking

Showing 1 to 15 of 25 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 202.53.94.246

🇸🇾 91.144.21.210

🇸🇪 90.231.80.167

🇷🇴 80.94.92.177

🇨🇳 58.45.40.105

🇨🇦 57.134.215.133

🇬🇧 51.89.129.110

🇺🇸 20.106.57.122

🇩🇪 155.117.127.153

🇸🇪 138.124.85.214

🇩🇪 116.203.204.171

🇰🇪 102.210.148.92

🇫🇷 79.137.34.248

🇪🇬 62.193.91.121

🇳🇱 45.148.10.30

🇺🇸 192.210.228.134

🇫🇮 147.185.133.243

🇫🇷 141.11.18.59

🇱🇹 81.30.98.158

🇩🇪 69.5.169.252