JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.153.130.115

52.153.130.115 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Cheyenne, Wyoming

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.153.130.115

Whois 52.153.130.115

IP Abuse Reports for 52.153.130.115:

This IP address has been reported a total of 28 times from 26 distinct sources. 52.153.130.115 was first reported on May 25th 2026, and the most recent report was 16 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-07 22:45:00 (16 hours ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 Rip	2026-06-07 07:01:33 (1 day ago)	Restricted File Access Attempts	Port Scan Web App Attack
🇩🇪 Nightreaver	2026-06-07 06:44:49 (1 day ago)	52.153.130.115 - - [07/Jun/2026:08:44:44 0200] "GET /.env.local HTTP/1.1" 404 457 "-" "Mozilla/5.0 ... show more 52.153.130.115 - - [07/Jun/2026:08:44:44 0200] "GET /.env.local HTTP/1.1" 404 457 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" 52.153.130.115 - - [07/Jun/2026:08:44:45 0200] "GET /.env.production HTTP/1.1" 404 457 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" 52.153.130.115 - - [07/Jun/2026:08:44:46 0200] "GET /.env.backup HTTP/1.1" 404 457 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" 52.153.130.115 - - [07/Jun/2026:08:44:47 0200] "GET /.env.save HTTP/1.1" 404 457 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" 52.153.130.115 - - [07/Jun/2026:08:44:48 0200] "GET /wp-config.php HTTP/1.1" 404 457 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15"[...] show less	Bad Web Bot Web App Attack
🇮🇹 LTM	2026-06-07 06:20:01 (1 day ago)	WebServer - Attempts to exploit	Hacking Brute-Force Web App Attack
🇺🇸 xmission.com	2026-06-07 06:01:10 (1 day ago)	Blocked by UFW (TCP on 2087) Source port: 25699 TTL: 52 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 2087) Source port: 25699 TTL: 52 Packet length: 60 TOS: 0x00 This report (for 52.153.130.115) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇩🇪 EGP Abuse Dept	2026-06-07 05:56:42 (1 day ago)	Scanning for web/db/file exploits on tpc-029.mach3builders.nl	SQL Injection Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 03:43:47 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 52.153.130.115 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.153.130.115 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 23:43:43.181463 2026] [security2:error] [pid 3952:tid 3952] [client 52.153.130.115:25569] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.177"] [uri "/.git/HEAD"] [unique_id "aiTo75lJg_xKmeDqbPIp8gAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MakoWish	2026-06-07 03:02:25 (1 day ago)	Fuzzing for misconfigured web servers.	Hacking Web App Attack
🇫🇷 ingroscart.it	2026-06-07 02:59:08 (1 day ago)	(mod_security) mod_security triggered on hostname [redacted] 52.153.130.115 (US/United States/-)	SQL Injection
🇺🇸 TPI-Abuse	2026-06-07 02:45:25 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 52.153.130.115 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.153.130.115 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 22:45:17.828081 2026] [security2:error] [pid 26191:tid 26191] [client 52.153.130.115:25860] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.139"] [uri "/.git/HEAD"] [unique_id "aiTbPWbnMiuWLjr_6o7whgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-07 02:36:04 (1 day ago)	Bot / scanning and/or hacking attempts: GET /___proxy_subdomain_whm/login/ HTTP/1.1, GET /.htpasswd ... show more Bot / scanning and/or hacking attempts: GET /___proxy_subdomain_whm/login/ HTTP/1.1, GET /.htpasswd HTTP/1.1, GET /.git/config HTTP/1.1, GET /.DS_Store HTTP/1.1, GET /app/config/parameters.yml HTTP/1.1, GET /config.php HTTP/1.1, GET /dump.sql HTTP/1.1, GET /backup.sql HTTP/1.1, GET /.env.local HTTP/1.1, GET /wp-config.php.bak HTTP/1.1, GET /actuator/env HTTP/1.1, GET /config/database.yml HTTP/1.1, GET /phpinfo.php HTTP/1.1, GET /.aws/credentials HTTP/1.1, GET /server-status HTTP/1.1, POST /___proxy_subdomain_whm/login/?login_only=1 HTTP/1.1, GET /.env.production HTTP/1.1 show less	Hacking Web App Attack
🇫🇷 ✨	2026-06-07 02:00:13 (1 day ago)	Domain : hesperuspress.com Rule : env 2026-06-07 01:58:48 W3SVC567 PLESK72 79.171.39.107 GET /.env.l ... show more Domain : hesperuspress.com Rule : env 2026-06-07 01:58:48 W3SVC567 PLESK72 79.171.39.107 GET /.env.local - 80 - 52.153.130.115 HTTP/1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15 - - 79.171.39.107 503 0 0 257 221 181 - - show less	Hacking SQL Injection
Anonymous	2026-06-07 01:39:48 (1 day ago)	RdpGuard detected brute-force attempt on HTTP	Brute-Force
🇷🇸 Scan	2026-06-07 01:30:33 (1 day ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇷🇸 Smel	2026-06-07 01:18:08 (1 day ago)	Unauthorized Probe/Connection, Hack -	Port Scan Hacking

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 216.213.158.112

🇵🇰 202.70.139.241

🇻🇳 180.93.251.158

🇬🇧 178.128.32.203

🇺🇸 170.187.165.139

🇮🇳 122.187.229.35

🇮🇷 78.39.88.236

🇷🇺 78.36.41.213

🇵🇰 39.43.36.123

🇨🇦 20.104.72.215

🇭🇰 2.59.153.172

🇷🇴 2.57.122.234

🇨🇳 223.107.72.234

🇭🇰 220.246.47.145

🇩🇪 213.176.67.121

🇲🇦 154.144.225.226

🇧🇪 130.211.71.113

🇧🇪 35.195.172.69

🇧🇪 35.195.83.229

🇩🇪 34.141.99.68