JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.212.163.228

172.212.163.228 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 45%: ?

45%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.212.163.228

Whois 172.212.163.228

IP Abuse Reports for 172.212.163.228:

This IP address has been reported a total of 15 times from 14 distinct sources. 172.212.163.228 was first reported on July 31st 2025, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 backslash	2026-06-05 09:03:01 (3 weeks ago)	block ruleset WAF detection and high score on abuseIPDB 149EB1B42C242111FADBBC2EF8F90219570691E1	Bad Web Bot
Anonymous	2026-06-03 10:18:00 (3 weeks ago)	The following intrusion was observed: HTPasswd.Access.	Web App Attack
🇦🇹 urnilxfgbez	2026-06-02 22:45:00 (3 weeks ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 cwytech	2026-06-02 21:49:08 (3 weeks ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/tpot-web-crit.	Bad Web Bot Web App Attack
🇫🇷 alexsky06	2026-06-02 21:04:01 (3 weeks ago)	WAF block: crowdsecurity/vpatch-git-config from 172.212.163.228	Web App Attack Hacking
🇺🇸 MPL	2026-06-02 20:45:54 (3 weeks ago)	tcp port scan (8 or more attempts)	Port Scan
🇮🇩 penjaga BRIN	2026-06-02 18:57:59 (3 weeks ago)	Suspicious malicious activity	Hacking
🇺🇸 TPI-Abuse	2026-06-02 18:48:06 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 172.212.163.228 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 172.212.163.228 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 14:47:57.416355 2026] [security2:error] [pid 19739:tid 19739] [client 172.212.163.228:45193] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.65"] [uri "/.git/config"] [unique_id "ah8lXWnUTsw5QNKTvAhVgQAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-02 18:05:52 (3 weeks ago)	Abuse Detected (4)	Brute-Force Web App Attack
Anonymous	2026-06-02 17:56:04 (3 weeks ago)	RdpGuard detected brute-force attempt on HTTP	Brute-Force
Anonymous	2026-06-02 17:32:08 (3 weeks ago)	Honeypot hit: Empty payload (likely service probe); 2082 [1], 2086 [1], 2083 [1], 2087 [1] TCP Repor ... show more Honeypot hit: Empty payload (likely service probe); 2082 [1], 2086 [1], 2083 [1], 2087 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-02 17:19:28 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 172.212.163.228 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 172.212.163.228 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 13:19:21.190797 2026] [security2:error] [pid 10467:tid 10467] [client 172.212.163.228:45202] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.103"] [uri "/.git/config"] [unique_id "ah8QmZxw9E-fmYk06QGRnAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 PeravixGroup	2026-06-02 17:06:06 (3 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
Anonymous	2026-06-02 17:03:24 (3 weeks ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇧🇪 cmbplf	2025-07-31 22:26:21 (10 months ago)	4.959 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇦🇿 212.47.148.123

🇲🇽 187.189.160.202

🇩🇪 185.242.3.226

🇺🇸 185.191.171.4

🇺🇸 162.216.150.117

🇨🇳 115.190.226.99

🇨🇳 106.12.172.151

🇹🇷 94.123.166.131

🇺🇸 65.49.1.85

🇸🇦 51.36.92.188

🇷🇺 46.8.60.81

🇬🇧 35.203.211.222

🇸🇦 188.51.207.223

🇺🇸 172.236.96.130

🇫🇷 172.71.135.11

🇨🇮 102.206.121.54

🇲🇺 102.117.131.119

🇫🇷 92.205.50.247

🇳🇱 91.92.40.8

🇩🇪 69.5.169.145