JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.152.180.199

52.152.180.199 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 66%: ?

66%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.152.180.199

Whois 52.152.180.199

IP Abuse Reports for 52.152.180.199:

This IP address has been reported a total of 15 times from 13 distinct sources. 52.152.180.199 was first reported on April 27th 2026, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇻🇪 LUISE	2026-06-15 00:25:34 (4 hours ago)	Vulnerability scanning for Web/phpMyAdmin files on ULA server 72-23.	Hacking Bad Web Bot
🇩🇪 bescared	2026-06-14 20:47:39 (8 hours ago)	F2B - Malicious activity detected. Excessive port scans. -8ff06ede-	Port Scan
🇺🇸 xmission.com	2026-06-14 19:56:51 (9 hours ago)	Blocked by UFW (TCP on 2082) Source port: 19172 TTL: 46 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 2082) Source port: 19172 TTL: 46 Packet length: 60 TOS: 0x00 This report (for 52.152.180.199) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇳🇴 jad-abuse	2026-06-14 19:33:02 (9 hours ago)	ThreatFeed automated detection: malicious HTTP scanning / exploit attempts. Signatures: git_exposure ... show more ThreatFeed automated detection: malicious HTTP scanning / exploit attempts. Signatures: git_exposure, env_probe, config_backup, aws_creds, server_status, actuator. Observed by 1 sensor(s); 20 hits. show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 19:18:43 (9 hours ago)	(mod_security) mod_security (id:210492) triggered by 52.152.180.199 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.152.180.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 15:18:35.470718 2026] [security2:error] [pid 18339:tid 18339] [client 52.152.180.199:18509] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.10"] [uri "/.git/HEAD"] [unique_id "ai7-i0XBRKia0fccQegTrAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-14 19:01:27 (10 hours ago)	Blocked by ModSec and CSF	Port Scan
Anonymous	2026-06-14 18:17:18 (10 hours ago)	Http Port:80 (http_status:403) - Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 ... show more Http Port:80 (http_status:403) - Agent:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 show less	Web App Attack
🇦🇱 router.al	2026-06-14 18:10:58 (11 hours ago)	06/14/2026-18:10:57.859838 52.152.180.199 Protocol: 6 GPL WEB_SERVER .htpasswd access	Hacking
🇬🇧 pearbright	2026-06-14 17:00:29 (12 hours ago)	2026-06-14T17:00:01.094363+00:00 srv1093252 kernel: [2202388.653916] [UFW BLOCK] IN=eth0 OUT= MAC=28 ... show more 2026-06-14T17:00:01.094363+00:00 srv1093252 kernel: [2202388.653916] [UFW BLOCK] IN=eth0 OUT= MAC=28:e8:d4:b5:be:84:44:38:39:ff:ff:41:08:00 SRC=52.152.180.199 DST=72.61.19.109 LEN=60 TOS=0x00 PREC=0x00 TTL=39 ID=50164 DF PROTO=TCP SPT=19230 DPT=2078 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-14T17:00:01.094574+00:00 srv1093252 kernel: [2202388.659114] [UFW BLOCK] IN=eth0 OUT= MAC=28:e8:d4:b5:be:84:44:38:39:ff:ff:41:08:00 SRC=52.152.180.199 DST=72.61.19.109 LEN=60 TOS=0x00 PREC=0x00 TTL=38 ID=55763 DF PROTO=TCP SPT=18433 DPT=2086 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-14T17:00:01.098589+00:00 srv1093252 kernel: [2202388.659651] [UFW BLOCK] IN=eth0 OUT= MAC=28:e8:d4:b5:be:84:44:38:39:ff:ff:41:08:00 SRC=52.152.180.199 DST=72.61.19.109 LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=63678 DF PROTO=TCP SPT=19211 DPT=2096 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-14T17:00:01.098728+00:00 srv1093252 kernel: [2202388.660533] [UFW BLOCK] IN=eth0 OUT= MAC=28:e8:d4:b5:be:84:44:38:39:ff:ff:41:08:00 SRC=52.1 ... show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-14 16:47:55 (12 hours ago)	(mod_security) mod_security (id:210492) triggered by 52.152.180.199 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.152.180.199 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 12:47:51.524455 2026] [security2:error] [pid 20410:tid 20410] [client 52.152.180.199:18580] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.13"] [uri "/.env"] [unique_id "ai7bNx5OsuUejvWiO7xDQAAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Axel	2026-06-14 15:57:06 (13 hours ago)	Blocked by UFW on MVI [2095/tcp] \| SPT: 19115 \| TTL: 47 \| LEN: 60 \| TOS: 0x00 • Reported by: github. ... show more Blocked by UFW on MVI [2095/tcp] \| SPT: 19115 \| TTL: 47 \| LEN: 60 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇨🇦 Tanados	2026-06-14 15:45:47 (13 hours ago)	Blocked by UFW [2078/tcp] Source port: 18144 TTL: 44 Packet length: 60 TOS: 0x00 This report was ge ... show more Blocked by UFW [2078/tcp] Source port: 18144 TTL: 44 Packet length: 60 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇯🇵 demonsword	2026-04-28 07:42:42 (1 month ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: www.eastmoney.com:443 show less	Open Proxy Port Scan
🇺🇸 Rayulcifer	2026-04-27 17:03:51 (1 month ago)	52.152.180.199 - - [27/Apr/2026:12:03:50 -0500] "CONNECT hvpnvn.edu.vn:443 HTTP/1.1" 502 488 "-" "-" ... show more 52.152.180.199 - - [27/Apr/2026:12:03:50 -0500] "CONNECT hvpnvn.edu.vn:443 HTTP/1.1" 502 488 "-" "-" 52.152.180.199 - - [27/Apr/2026:12:03:50 -0500] "\x16\x03\x01" 400 392 "-" "-" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇯🇵 demonsword	2026-04-27 17:03:49 (1 month ago)	HTTP proxy scanner (CONNECT / open proxy probe) target: hvpnvn.edu.vn:443	Port Scan

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 2a02:c207:2325:6949::1

🇺🇸 2607:f8b0:4004:c1b::12c

🇧🇷 205.210.31.138

🇧🇷 200.167.93.61

🇩🇪 185.242.3.195

🇺🇸 157.230.55.34

🇹🇼 101.13.1.75

🇮🇷 85.198.19.244

🇺🇸 66.132.195.107

🇮🇶 65.20.143.162

🇸🇬 212.73.148.12

🇮🇩 180.248.196.12

🇨🇴 161.18.250.157

🇺🇸 147.185.132.84

🇺🇸 147.185.132.64

🇭🇰 125.215.199.37

🇷🇴 109.100.14.222

🇫🇷 91.231.89.11

🇺🇸 64.62.156.66

🇺🇸 49.51.187.20