JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.212.165.68

172.212.165.68 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 34%: ?

34%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.212.165.68

Whois 172.212.165.68

IP Abuse Reports for 172.212.165.68:

This IP address has been reported a total of 16 times from 10 distinct sources. 172.212.165.68 was first reported on November 20th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 MPL	2026-06-11 09:36:32 (1 day ago)	tcp port scan (16 or more attempts)	Port Scan
🇩🇪 dpsbs	2026-06-11 09:21:58 (1 day ago)	url scanning on multiple public ips detected	Bad Web Bot
Anonymous	2026-05-24 02:12:10 (2 weeks ago)	(caddyscan) Scanner path probe from 172.212.165.68 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 172.212.165.68 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:02:11:24 +0000] "GET /@fs/.git/config?import&raw HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:02:11:25 +0000] "GET /@fs/.git/config?import?raw HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:02:11:26 +0000] "GET /@fs/.git/config?import&raw HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:02:11:28 +0000] "GET /@fs/.git/config?import?raw HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:02:11:29 +0000] "GET /.git/config HTTP/1.1" show less	Port Scan
Anonymous	2026-05-24 01:53:12 (2 weeks ago)	(caddyscan) Scanner path probe from 172.212.165.68 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 172.212.165.68 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:01:53:09 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:01:53:10 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:01:53:10 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:01:53:10 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:01:53:10 +0000] "GET /@fs/.env?import&raw HTTP/1.1" show less	Port Scan
Anonymous	2026-05-24 01:19:39 (2 weeks ago)	(caddyscan) Scanner path probe from 172.212.165.68 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 172.212.165.68 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:01:19:38 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:01:19:38 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:01:19:38 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:01:19:38 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:01:19:38 +0000] "GET /@fs/.env?import&raw HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-24 00:42:43 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 172.212.165.68 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 172.212.165.68 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 23 20:42:39.875468 2026] [security2:error] [pid 13074:tid 13074] [client 172.212.165.68:49176] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "atmaharg.com"] [uri "/config/.env"] [unique_id "ahJJfxgo1yleC1-q2weARQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-24 00:17:42 (2 weeks ago)	(caddyscan) Scanner path probe from 172.212.165.68 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 172.212.165.68 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:00:17:29 +0000] "GET /@fs/.env.production?import&raw HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:00:17:29 +0000] "GET /@fs/.env.test?import&raw HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:00:17:29 +0000] "GET /@fs/.git/config?import&raw HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:00:17:29 +0000] "GET /@fs/.git/config?import?raw HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [24/May/2026:00:17:37 +0000] "GET /.env HTTP/1.1" show less	Port Scan
Anonymous	2026-05-23 23:17:08 (2 weeks ago)	(caddyscan) Scanner path probe from 172.212.165.68 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 172.212.165.68 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 172.212.165.68 - - [23/May/2026:23:17:05 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [23/May/2026:23:17:05 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [23/May/2026:23:17:05 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [23/May/2026:23:17:05 +0000] "GET /@fs/.env?import&raw HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [23/May/2026:23:17:05 +0000] "GET /@fs/.env.local?import&raw HTTP/1.1" show less	Port Scan
Anonymous	2026-05-23 22:08:09 (2 weeks ago)	(caddyscan) Scanner path probe from 172.212.165.68 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 172.212.165.68 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 172.212.165.68 - - [23/May/2026:22:08:08 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [23/May/2026:22:08:08 +0000] "GET /config/.env HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [23/May/2026:22:08:08 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [23/May/2026:22:08:08 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 172.212.165.68 - - [23/May/2026:22:08:08 +0000] "GET /.env HTTP/1.1" show less	Port Scan
🇦🇺 MAGIC	2026-05-06 01:23:24 (1 month ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇯🇵 demonsword	2026-05-01 23:04:28 (1 month ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: www.eastmoney.com:443 show less	Open Proxy Port Scan
🇺🇸 Rayulcifer	2026-04-24 05:11:26 (1 month ago)	172.212.165.68 - - [24/Apr/2026:00:11:24 -0500] "CONNECT www.google.com:443 HTTP/1.1" 502 488 "-" "M ... show more 172.212.165.68 - - [24/Apr/2026:00:11:24 -0500] "CONNECT www.google.com:443 HTTP/1.1" 502 488 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36" 172.212.165.68 - - [24/Apr/2026:00:11:25 -0500] "CONNECT www.google.com:443 HTTP/1.1" 502 488 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇳🇱 homeshowdomain.nl	2026-04-16 22:00:56 (1 month ago)	Auto-ban: >3000 req/min op 2026-04-16	Web App Attack SSH Hacking
🇺🇸 Rayulcifer	2026-04-06 18:07:31 (2 months ago)	172.212.165.68 - - [06/Apr/2026:13:07:30 -0500] "CONNECT h2.dstat.love:443 HTTP/1.1" 502 488 "-" "-" ... show more 172.212.165.68 - - [06/Apr/2026:13:07:30 -0500] "CONNECT h2.dstat.love:443 HTTP/1.1" 502 488 "-" "-" 172.212.165.68 - - [06/Apr/2026:13:07:30 -0500] "\x16\x03\x01" 400 392 "-" "-" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇩🇪 2048	2026-02-27 06:46:20 (3 months ago)	2026-02-27T07:46:11.985189+01:00 machodeer kernel: [431587.208454] [UFW BLOCK] IN=ens3 OUT= MAC=REDA ... show more 2026-02-27T07:46:11.985189+01:00 machodeer kernel: [431587.208454] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=172.212.165.68 DST=REDACTED LEN=40 TOS=0x00 PREC=0x00 TTL=105 ID=1 DF PROTO=TCP SPT=34887 DPT=443 WINDOW=0 RES=0x00 ACK RST URGP=0 2026-02-27T07:46:15.570479+01:00 machodeer kernel: [431590.793719] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=172.212.165.68 DST=REDACTED LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=1 DF PROTO=TCP SPT=34888 DPT=443 WINDOW=0 RES=0x00 ACK RST URGP=0 2026-02-27T07:46:19.621661+01:00 machodeer kernel: [431594.844935] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=172.212.165.68 DST=REDACTED LEN=40 TOS=0x00 PREC=0x00 TTL=105 ID=1 DF PROTO=TCP SPT=34894 DPT=443 WINDOW=0 RES=0x00 ACK RST URGP=0 show less	Port Scan

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 2a01:4f8:c013:d7be::1

🇺🇸 54.83.180.239

🇺🇸 104.243.42.167

🇨🇳 60.166.8.174

🇳🇱 45.142.193.12

🇺🇸 44.55.212.118

🇬🇧 35.203.210.168

🇨🇭 20.250.17.102

🇦🇿 217.25.26.82

🇩🇪 194.187.176.75

🇮🇳 125.19.206.54

🇨🇭 104.244.74.84

🇯🇴 94.249.42.39

🇸🇬 74.114.28.27

🇺🇸 66.132.172.130

🇺🇸 44.217.27.136

🇺🇸 172.174.46.118

🇺🇸 130.131.220.154

🇯🇵 103.125.146.54

🇺🇸 66.132.172.49