JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.212.164.18

172.212.164.18 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 81%: ?

81%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.212.164.18

Whois 172.212.164.18

IP Abuse Reports for 172.212.164.18:

This IP address has been reported a total of 27 times from 23 distinct sources. 172.212.164.18 was first reported on September 2nd 2025, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-02 22:45:00 (2 weeks ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇬🇧 PeravixGroup	2026-06-02 20:41:56 (2 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇺🇸 MPL	2026-06-02 20:00:08 (2 weeks ago)	tcp port scan (3 or more attempts)	Port Scan
🇫🇷 Thaliruth	2026-06-02 18:56:39 (2 weeks ago)	default:80 172.212.164.18 - - [02/Jun/2026:20:56:38 +0200] "GET /.git/HEAD HTTP/1.1" 403 416 "-" "Mo ... show more default:80 172.212.164.18 - - [02/Jun/2026:20:56:38 +0200] "GET /.git/HEAD HTTP/1.1" 403 416 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 172.212.164.18 - - [02/Jun/2026:20:56:38 +0200] "GET /.git/HEAD HTTP/1.1" 403 271 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ... show less	Brute-Force Web App Attack
🇩🇪 ValtonTahiri	2026-06-02 18:11:52 (2 weeks ago)	UFW blocked a suspicious connection attempt to a closed or denied port. This activity is commonly as ... show more UFW blocked a suspicious connection attempt to a closed or denied port. This activity is commonly associated with port scanning, service discovery, or automated internet probing. Technical: source_ip=172.212.164.18; proto=TCP; source_port=10270; target_port=2086; flags=SYN show less	Port Scan
🇨🇭 flaus	2026-06-02 17:40:28 (2 weeks ago)	$f2bV_matches	Hacking Bad Web Bot Web App Attack
🇳🇱 JCB	2026-06-02 17:17:00 (2 weeks ago)	172.212.164.18 - - [02/Jun/2026:08:55:35 +0300] "POST /___proxy_subdomain_whm/login/?login_only=1 HT ... show more 172.212.164.18 - - [02/Jun/2026:08:55:35 +0300] "POST /___proxy_subdomain_whm/login/?login_only=1 HTTP/1.1" 404 236 172.212.164.18 - - [02/Jun/2026:08:55:35 +0300] "GET /___proxy_subdomain_whm/login/ HTTP/1.1" 404 236 ... show less	Web App Attack Hacking
🇫🇷 alexsky06	2026-06-02 17:07:08 (2 weeks ago)	WAF block: crowdsecurity/vpatch-git-config from 172.212.164.18	Web App Attack Hacking
Anonymous	2026-06-02 10:16:53 (2 weeks ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 RAP	2026-06-02 09:30:09 (2 weeks ago)	2026-06-02 09:30:09 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 09:01:57 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 172.212.164.18 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.212.164.18 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 05:01:51.717149 2026] [security2:error] [pid 28602:tid 28602] [client 172.212.164.18:32537] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.138"] [uri "/.git/HEAD"] [unique_id "ah6b_4dDo-vYtTZRZ4upVAAAACQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇷 somosbr	2026-06-02 08:24:13 (2 weeks ago)	[2026-06-02T08:24:13Z] Unsolicited scan from 172.212.164.18 to port 443/tcp	Port Scan
🇺🇸 MPL	2026-06-02 08:22:41 (2 weeks ago)	tcp port scan (10 or more attempts)	Port Scan
🇹🇭 Sawasdee	2026-06-02 06:57:07 (2 weeks ago)	Unwanted checking 80 or 443 port ...	Bad Web Bot
🇧🇷 SOC PR	2026-06-02 06:04:44 (2 weeks ago)	IPS: Sensitive Configuration File Disclosure.	Hacking

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇿 212.154.234.9

🇨🇳 106.13.45.232

🇺🇸 185.165.50.19

🇱🇹 77.90.185.230

🇯🇵 76.9.111.19

🇸🇬 74.114.31.150

🇺🇸 66.132.195.61

🇮🇶 65.20.204.88

🇺🇸 34.73.254.7

🇬🇧 213.166.84.56

🇩🇪 206.189.50.75

🇺🇸 172.253.220.212

🇩🇪 167.94.146.47

🇳🇱 132.243.120.41

🇺🇸 104.22.101.107

🇮🇩 103.188.177.46

🇨🇳 58.47.104.45

🇫🇷 51.159.149.103

🇨🇳 36.133.163.5

🇺🇸 158.51.96.38