JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.138.39.105

52.138.39.105 was found in our database!

This IP was reported 670 times. Confidence of Abuse is 0%: ?

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇨🇦 Canada
City	Toronto, Ontario

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.138.39.105

Whois 52.138.39.105

IP Abuse Reports for 52.138.39.105:

This IP address has been reported a total of 670 times from 236 distinct sources. 52.138.39.105 was first reported on March 21st 2026, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 filou812	2026-03-21 19:30:50 (2 months ago)	url tried is "/term.php"	Web App Attack
Anonymous	2026-03-21 19:24:24 (2 months ago)	52.138.39.105 - - [21/Mar/2026:20:24:18 +0100] "GET /term.php HTTP/1.1" 404 49593 52.138.39.105 - - ... show more 52.138.39.105 - - [21/Mar/2026:20:24:18 +0100] "GET /term.php HTTP/1.1" 404 49593 52.138.39.105 - - [21/Mar/2026:20:24:19 +0100] "GET /test.php HTTP/1.1" 404 49592 52.138.39.105 - - [21/Mar/2026:20:24:19 +0100] "GET /themes.php HTTP/1.1" 404 49593 52.138.39.105 - - [21/Mar/2026:20:24:19 +0100] "GET /tool.php HTTP/1.1" 404 49593 52.138.39.105 - - [21/Mar/2026:20:24:20 +0100] "GET /update/f35.php HTTP/1.1" 404 49593 52.138.39.105 - - [21/Mar/2026:20:24:20 +0100] "GET /w.php HTTP/1.1" 404 49593 52.138.39.105 - - [21/Mar/2026:20:24:21 +0100] "GET /wa.php HTTP/1.1" 404 49593 52.138.39.105 - - [21/Mar/2026:20:24:21 +0100] "GET /wp-access.php HTTP/1.1" 404 49592 52.138.39.105 - - [21/Mar/2026:20:24:22 +0100] "GET /wp-content/admin.php HTTP/1.1" 404 49593 52.138.39.105 - - [21/Mar/2026:20:24:22 +0100] "GET /wp-content/autoload_classmap.php HTTP/1.1" 404 49593 ... show less	Web Spam Web App Attack
🇺🇸 jcbriar	2026-03-21 19:13:58 (2 months ago)	Searching for vulnerable scripts	Hacking Web App Attack
🇱🇺 conseilgouz	2026-03-21 19:11:59 (2 months ago)	are-21 : Rogue PHP files=>/w.php	Hacking
🇺🇸 Player Unknown	2026-03-21 19:11:31 (2 months ago)	52.138.39.105 - - [21/Mar/2026:12:11:30 -0700] "GET /term.php HTTP/1.1" 404 47 "-" "Mozilla/5.0 (Win ... show more 52.138.39.105 - - [21/Mar/2026:12:11:30 -0700] "GET /term.php HTTP/1.1" 404 47 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 52.138.39.105 - - [21/Mar/2026:12:11:30 -0700] "GET /test.php HTTP/1.1" 404 47 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 52.138.39.105 - - [21/Mar/2026:12:11:30 -0700] "GET /themes.php HTTP/1.1" 404 47 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 52.138.39.105 - - [21/Mar/2026:12:11:30 -0700] "GET /tool.php HTTP/1.1" 404 47 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 52.138.39.105 - - [21/Mar/2026:12:11:30 -0700] "GET /tx78.php?p= HTTP/1.1" 404 47 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 52.138.39. ... show less	Brute-Force SSH
Anonymous	2026-03-21 19:10:12 (2 months ago)	Bot / seems abusive / Apache connections: 20	DDoS Attack Web Spam Bad Web Bot Web App Attack
🇪🇸 el-brujo	2026-03-21 19:09:50 (2 months ago)	Cloudflare WAF: Request Path: /wp-content/plugins/wp-file-manager/lib/php/plugins/admin.php Request ... show more Cloudflare WAF: Request Path: /wp-content/plugins/wp-file-manager/lib/php/plugins/admin.php Request Query: Host: ns2.elhacker.net userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Action: block Source: firewallManaged ASN Description: MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation Country: CA Method: GET Timestamp: 2026-03-21T19:09:50Z ruleId: 8840c3fa2c7947f6b10176ceb8f65558. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇪🇸 el-brujo	2026-03-21 19:09:47 (2 months ago)	[Sat Mar 21 20:09:47.192267 2026] [proxy_fcgi:error] [pid 1007167:tid 1007802] [remote 52.138.39.105 ... show more [Sat Mar 21 20:09:47.192267 2026] [proxy_fcgi:error] [pid 1007167:tid 1007802] [remote 52.138.39.105:0] AH01071: Got error 'Primary script unknown' [Sat Mar 21 20:09:47.324818 2026] [proxy_fcgi:error] [pid 1007167:tid 1007813] [remote 52.138.39.105:0] AH01071: Got error 'Primary script unknown' ... show less	Hacking Web App Attack
🇩🇪 Viveronese	2026-03-21 19:09:20 (2 months ago)	HTTP vulnerability scanning	Web App Attack
🇩🇪 macrob	2026-03-21 19:07:54 (2 months ago)	2026/03/21 19:07:52 [error] 1078240#1078240: 92183673 access forbidden by rule, client: 52.138.39.1 ... show more 2026/03/21 19:07:52 [error] 1078240#1078240: 92183673 access forbidden by rule, client: 52.138.39.105, server: fastcredit.net.ua, request: "GET /wp-content/admin.php HTTP/2.0", host: "fastcredit.net.ua" 2026/03/21 19:07:52 [error] 1078238#1078238: 92183169 access forbidden by rule, client: 52.138.39.105, server: fastcredit.net.ua, request: "GET /wp-content/autoload_classmap.php HTTP/2.0", host: "fastcredit.net.ua" 2026/03/21 19:07:53 [error] 1078236#1078236: 92183654 access forbidden by rule, client: 52.138.39.105, server: fastcredit.net.ua, request: "GET /wp-content/options.php HTTP/2.0", host: "fastcredit.net.ua" ... show less	Web App Attack
🇺🇸 S.O.B.A. Dev.	2026-03-21 19:07:31 (2 months ago)	Threat Blocked by BeeHive from (ASN:8075) (Network:MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporati ... show more Threat Blocked by BeeHive from (ASN:8075) (Network:MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation) (Host:soba.dev) (Method:GET) (Protocol:HTTP/1.1) (Timestamp:2026-03-21T19:07:31Z) show less	Brute-Force Web Spam Web App Attack
🇫🇷 devsecops.cv	2026-03-21 19:05:19 (2 months ago)	Fail2Ban: apache-ratelimit - 20 failures	Port Scan Bad Web Bot Web App Attack
Anonymous	2026-03-21 19:05:07 (2 months ago)	PHP file probing detected by Fail2Ban	Web App Attack
🇬🇧 poundawebsiteltd	2026-03-21 19:02:52 (2 months ago)	Apache 403 Forbidden Access. Evidence: [REDACTED_DOMAIN]:443 52.138.39.105 - - [21/Mar/2026:19:02:50 ... show more Apache 403 Forbidden Access. Evidence: [REDACTED_DOMAIN]:443 52.138.39.105 - - [21/Mar/2026:19:02:50 +0000] GET /wp-admin/js/index.php?p= HTTP/1.1 500 3056 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 show less	Web App Attack
🇬🇧 cybersteve99	2026-03-21 19:02:32 (2 months ago)	Too many 4xx Requests -	Brute-Force Web App Attack

Showing 571 to 585 of 670 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.180.246.209

🇺🇸 205.210.31.104

🇺🇸 195.184.76.246

🇧🇷 177.22.168.43

🇭🇰 165.154.20.228

🇺🇸 151.240.63.107

🇭🇰 45.142.154.98

🇵🇰 14.1.107.210

🇹🇼 198.235.24.78

🇺🇸 162.241.192.24

🇺🇸 162.216.150.36

🇺🇸 162.216.149.123

🇮🇳 128.185.116.114

🇻🇳 103.200.25.198

🇨🇦 85.217.149.16

🇺🇸 64.62.197.17

🇨🇾 62.228.126.113

🇺🇸 45.33.89.53

🇻🇪 38.51.194.208

🇦🇺 217.217.118.44