AbuseIPDB » 52.147.207.120

Check an IP Address, Domain Name, or Subnet

e.g. 18.205.66.93, microsoft.com, or 5.188.10.0/24

52.147.207.120 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 83%: ?

83%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
Domain Name	microsoft.com
Country	United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IP2Location. Updated monthly.

Report 52.147.207.120

Whois 52.147.207.120

IP Abuse Reports for 52.147.207.120:

This IP address has been reported a total of 26 times from 18 distinct sources. 52.147.207.120 was first reported on March 15th 2023, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	Date	Comment	Categories
Abuse Buster	5 hours ago	Web application vulnerability scanning	Web App Attack
Ba-Yu	9 hours ago	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
0xffffffff	9 hours ago	[2023-03-21 03:13:32.136948] [authz_core:error] [pid 1680828:tid 139645022565952] [client 52.147.207 ... show more[2023-03-21 03:13:32.136948] [authz_core:error] [pid 1680828:tid 139645022565952] [client 52.147.207.120:0] AH01630: client denied by server configuration: /var/www//ALFA_DATA, referer www.google.com , error_notes:alfa-shell , URI:'/ALFA_DATA/alfacgiapi/perl.alfa' [2023-03-21 03:13:32.156072] [authz_core:error] [pid 1680828:tid 139645022565952] [client 52.147.207.120:0] AH01630: client denied by server configuration: /var/www//wp-content/themes/seotheme, referer www.google.com , error_notes:missing-php , URI:'/wp-content/themes/seotheme/db.php?u' [2023-03-21 03:13:32.416770] [authz_core:error] [pid 1680828:tid 139645022565952] [client 52.147.207.120:0] AH01630: client denied by server configuration: /var/www//wp-content/themes/seotheme, referer www.google.com , error_notes:missing-php , URI:'/wp-content/themes/seotheme/db.php?u' [2023-03-21 03:13:32.632502] [authz_core:error] [pid 1680828:tid 139645022565952] [client 52.147.207.120:0] AH01630: client denied by server configuration: /var/www//alfacgiapi, r show less	Bad Web Bot Web App Attack
webbfabriken	19 hours ago	Attack reported by Webbfabiken Security API - WFSecAPI	Brute-Force
london2038.com	20 Mar 2023	Script kiddie 52.147.207.120 - - [20/Mar/2023:05:40:57 +0100] "GET /wp-content/themes/seotheme ... show moreScript kiddie 52.147.207.120 - - [20/Mar/2023:05:40:57 +0100] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 204 0 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 52.147.207.120 - - [20/Mar/2023:05:40:57 +0100] "POST /wp-plain.php HTTP/1.1" 204 0 "www.google.com" "Mozilla/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" show less	Exploited Host Web App Attack
CryptoYakari	20 Mar 2023	52.147.207.120 - - [20/Mar/2023:04:37:40 +0300] "POST /ALFA_DATA/alfacgiapi/perl.alfa HTTP/1.0" 403 ... show more52.147.207.120 - - [20/Mar/2023:04:37:40 +0300] "POST /ALFA_DATA/alfacgiapi/perl.alfa HTTP/1.0" 403 568 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 52.147.207.120 - - [20/Mar/2023:04:37:40 +0300] "GET / HTTP/1.0" 403 568 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" 52.147.207.120 - - [20/Mar/2023:04:37:40 +0300] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.0" 403 567 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" ... show less	Web Spam Blog Spam Bad Web Bot Web App Attack
Anonymous	20 Mar 2023	Suspicious Activity detected by ModSecurity 2023-03-20 04:35:43	Hacking Bad Web Bot Web App Attack
sumnone	19 Mar 2023	Wordpress vulnerability probing: Error 404. The requested page (/wp-content/themes/seotheme/db.php) ... show moreWordpress vulnerability probing: Error 404. The requested page (/wp-content/themes/seotheme/db.php) was not found show less	Bad Web Bot Exploited Host Web App Attack
Anonymous	19 Mar 2023	Suspicious Activity detected by ModSecurity 2023-03-19 10:35:32	Hacking Bad Web Bot Web App Attack
CryptoYakari	19 Mar 2023	52.147.207.120 - - [19/Mar/2023:05:04:51 +0300] "GET /wordpress HTTP/1.0" 404 27526 "-" "-" 52 ... show more52.147.207.120 - - [19/Mar/2023:05:04:51 +0300] "GET /wordpress HTTP/1.0" 404 27526 "-" "-" 52.147.207.120 - - [19/Mar/2023:05:04:51 +0300] "GET /wp HTTP/1.0" 404 27442 "-" "-" 52.147.207.120 - - [19/Mar/2023:05:04:52 +0300] "GET /blog HTTP/1.0" 404 27466 "-" "-" 52.147.207.120 - - [19/Mar/2023:05:04:52 +0300] "GET /new HTTP/1.0" 404 27454 "-" "-" 52.147.207.120 - - [19/Mar/2023:05:04:52 +0300] "GET /old HTTP/1.0" 404 27454 "-" "-" ... show less	Web Spam Blog Spam Bad Web Bot Web App Attack
Donovan_DMC	18 Mar 2023	GET /wp-content/themes/seotheme/db.php?u - 52.147.207.120 (Mozlila/5.0 (Linux; Android 7.0; SM-G892A ... show moreGET /wp-content/themes/seotheme/db.php?u - 52.147.207.120 (Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36) [wp-content]: WordPress Content Scanner [php-scanner]: PHP Scanner show less	Bad Web Bot Web App Attack
mypatricks	18 Mar 2023	52.147.207.120 \| Port: 43744 \| DNS: 52.147.207.120 2023-03-18T21:48:08+08:00 Asia/Singapore \| Suspic ... show more52.147.207.120 \| Port: 43744 \| DNS: 52.147.207.120 2023-03-18T21:48:08+08:00 Asia/Singapore \| Suspicious User Abuse Activity \| UA: Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36 HTTP/1.1 443 POST \| URL: /ALFA_DATA/alfacgiapi/perl.alfa \| Ref: www.google.com \| Country: US/United States/-08:00 IP City: Tappahannock 7a9dee745ddb81a5-IAD/Ashburn, VA, United States 1 hits/0 secs Robots 3 show less	Web Spam Blog Spam Brute-Force Exploited Host Web App Attack
AC - Team	18 Mar 2023	52.147.207.120 - - [18/Mar/2023:10:05:54 -0300] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" ... show more52.147.207.120 - - [18/Mar/2023:10:05:54 -0300] "GET /wp-content/themes/seotheme/db.php?u HTTP/1.1" 500 749 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" ... show less	Hacking Web App Attack
SleepyHosting	17 Mar 2023	(mod_security) mod_security (id:400010) triggered by 52.147.207.120 (US/United States/-): 5 in the l ... show more(mod_security) mod_security (id:400010) triggered by 52.147.207.120 (US/United States/-): 5 in the last 3600 secs show less	Brute-Force
el-brujo	17 Mar 2023	17/Mar/2023:03:29:49 +0100Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 52.147. ... show more17/Mar/2023:03:29:49 +0100Apache-Error: [file "apache2_util.c"] [line 273] [level 3] [client 52.147.207.120] ModSecurity: Warning. Pattern match "(?:^\|=)\\\\\\\\s(?:{\|\\\\\\\\s\\\\\\\$\\\\\\\\s\|\\\\\\\\w+=(?:[^\\\\\\\\s]\|\\\\\\\\$.\|\\\\\\\\$.\|<.\|>.\|\\\\\\\\'.\\\\\\\\'\|\\\\".\\\\")\\\\\\\\s+\|!\\\\\\\\s\|\\\\\\\\$)\\\\\\\\s(?:'\|\\\\")(?:[\\\\\\\\?\\\\\\\\\\\\\\\\[\\\\\\\\]\\\\\\\\(\\\\\\\$\\\\\\\\-\\\\\\\\\|+\\\\\\\\w'\\\\"\\\\\\\\./\\\\\\\\\\\\\\\\]+/)?[\\\\\\\\\\\\\\\\'\\\\"](?:l[\\\\\\\\\\\\\\\\'\\\\"](?:s(?:[\\\\\\\\\\\\\\\\'\\\\"](?:b[\\\\\\\\\\\\\\\\'\\\\"]_[\\\\\\\\\\\\\\\\'\\\\"]r[\\\\\\\\\\\\\\\\'\\\\"]e[\\\\\\\\\\\\\\\\'\\\\"]l[\\\\\\\\\\\\\\\\' ..." at REQUEST_COOKIES:g. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "463"] [id "932150"] [msg "Remote Command Execution: Direct Unix Command Execution"] [data "Matched Data: echo found within REQUEST_COOKIES:g: echo Sp3ctra"] [severity "CRITICAL"] [ver "OWASP_ ... show less	Hacking