JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.154.129.156

52.154.129.156 was found in our database!

This IP was reported 221 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.154.129.156

Whois 52.154.129.156

IP Abuse Reports for 52.154.129.156:

This IP address has been reported a total of 221 times from 190 distinct sources. 52.154.129.156 was first reported on June 1st 2026, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 barbarella	2026-06-02 10:11:34 (1 day ago)	Hacking attempt (GET //cgi-bin/admin.php)	Hacking Web App Attack
🇫🇷 Guardian	2026-06-02 10:10:04 (1 day ago)	Multi abuses [2]: Scanning for installed WordPress and vulnerabilities, Unauthorized connection atte ... show more Multi abuses [2]: Scanning for installed WordPress and vulnerabilities, Unauthorized connection attempt / Port scanning 52.154.129.156 [02/Jun/2026:10:10:03] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 52.154.129.156 [02/Jun/2026:10:10:03] "GET /this_is_a_new_hello_world.php HTTP/1.1" show less	Port Scan Web App Attack
🇩🇪 bescared	2026-06-02 10:06:48 (1 day ago)	F2B - Malicious activity detected. URL Probing. -8ff06ede-	Hacking Bad Web Bot Web App Attack
🇮🇹 ciccio diddo	2026-06-02 10:06:30 (1 day ago)	CMS/WP Exploit multiple 404 port:Tcp/80,443	Brute-Force Web App Attack
🇩🇪 4server	2026-06-02 10:02:16 (1 day ago)	[TueJun0212:02:11.8127722026][security2:error][pid4160215:tid4160319][client52.154.129.156:0]ModSecu ... show more [TueJun0212:02:11.8127722026][security2:error][pid4160215:tid4160319][client52.154.129.156:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"modules/mod_simplefileuploadv1\\\\\\\\.3\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_rules/99_asl_jitp.conf\"][line\"640\"][id\"390746\"][rev\"1\"][msg\"Atomicorp.comWAFRules-VirtualJustInTimePatch:KnownVulnerableJoomlaSimpleFileUploadv1.3Accessblocked\"][hostname\"autodiscover.modularss.com\"][uri\"/modules/mod_simplefileuploadv1.3/elements/filemanager.php\"][unique_id\"ah6qI6wlXFsvLj_7-0Fy4QAAAFM\"] show less	Port Scan Brute-Force Web App Attack
🇫🇮 Kimmo Rieskaniemi	2026-06-02 10:01:46 (1 day ago)	CrowdSec triggered crowdsecurity/http-probing	Web App Attack Hacking
🇬🇧 venus.launch.bz	2026-06-02 10:01:06 (1 day ago)	(wpscan) WordPress probe detected from 52.154.129.156 (US/United States/-)	Hacking
🇸🇰 iplusv	2026-06-02 10:00:07 (1 day ago)	Automatic report from IV firewall log.	Port Scan Hacking Brute-Force
🇺🇸 TPI-Abuse	2026-06-02 09:59:37 (1 day ago)	(mod_security) mod_security (id:210730) triggered by 52.154.129.156 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 52.154.129.156 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 05:59:31.653109 2026] [security2:error] [pid 6788:tid 6788] [client 52.154.129.156:64784] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|xtrl.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "xtrl.com"] [uri "/home/tancedi1/public_html/xtrl.com"] [unique_id "ah6pg5WeAp2eS7nnLD4AqQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-02 09:58:53 (1 day ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing	Web App Attack Hacking
Anonymous	2026-06-02 09:56:08 (1 day ago)	SPARSDE WEBEXPLOIT 52.154.129.156 (52.154.129.156)	Web App Attack
🇫🇷 EDSL	2026-06-02 09:55:42 (1 day ago)	[mail.edsl.fr] Blocked by SysWarden Firewall (Web Attack)	Web App Attack Hacking Port Scan
🇩🇪 KiekerJan	2026-06-02 09:51:10 (1 day ago)	52.154.129.156 - - [02/Jun/2026:11:51:08 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.p ... show more 52.154.129.156 - - [02/Jun/2026:11:51:08 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 301 162 "-" "-" 52.154.129.156 - - [02/Jun/2026:11:51:09 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 146 "-" "-" ... show less	Web App Attack
Anonymous	2026-06-02 09:46:18 (1 day ago)	Attempted search for exploits and vulnerabilities detected by fail2ban ...	Port Scan Brute-Force
🇮🇩 soc-yk	2026-06-02 09:42:11 (1 day ago)	Type: web_scanning Risk: 100 Events: 99 Evidence: - Automated hostile web probing detected - Repeat ... show more Type: web_scanning Risk: 100 Events: 99 Evidence: - Automated hostile web probing detected - Repeated web scanning activity observed - Multi-event operational persistence identified - Threat escalation behavior observed show less	Web App Attack

Showing 106 to 120 of 221 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 2804:30f8:229:c400:e07d:cabc:10d3:ff77

🇺🇸 185.180.141.10

🇲🇽 177.229.209.2

🇺🇸 82.26.162.39

🇺🇸 64.62.197.157

🇺🇸 45.79.207.13

🇿🇼 197.221.232.44

🇺🇸 195.184.76.12

🇸🇬 193.37.32.43

🇯🇵 172.105.218.179

🇺🇸 143.110.141.191

🇸🇬 129.226.95.93

🇮🇳 98.70.48.241

🇺🇸 3.131.24.55

🇺🇸 216.133.145.160

🇧🇷 187.8.120.90

🇺🇸 185.180.141.8

🇬🇧 165.232.104.200

🇺🇸 143.59.90.82

🇻🇺 138.226.239.10