JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.154.130.211

52.154.130.211 was found in our database!

This IP was reported 172 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.154.130.211

Whois 52.154.130.211

IP Abuse Reports for 52.154.130.211:

This IP address has been reported a total of 172 times from 88 distinct sources. 52.154.130.211 was first reported on August 23rd 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇸🇪 Per-Erik Runebert	2026-06-15 08:39:53 (1 day ago)	Excessive unauthorized requests	Hacking
🇬🇷 setupgr	2026-06-14 11:35:31 (2 days ago)	52.154.130.211, 2 distributed cpanel attacks on account [root] in the last 86400 secs; Ports: ; Dir ... show more 52.154.130.211, 2 distributed cpanel attacks on account [root] in the last 86400 secs; Ports: ; Direction: inout; Trigger: LF_DISTATTACK; Logs: [2026-06-14 14:35:31 +0300] info [whostmgrd] 172.184.209.150 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 172.184.209.150 [2026-06-14 13:32:14 +0300] info [whostmgrd] 52.154.130.211 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 52.154.130.211 IP Addresses Blocked: 172.184.209.150 show less	Port Scan
🇬🇷 setupgr	2026-06-14 10:32:16 (2 days ago)	(cpanel) Failed cPanel login from 52.154.130.211: 1 in the last 86400 secs; Ports: ; Direction: ino ... show more (cpanel) Failed cPanel login from 52.154.130.211: 1 in the last 86400 secs; Ports: ; Direction: inout; Trigger: LF_TRIGGER; Logs: [2026-06-14 13:32:14 +0300] info [whostmgrd] 52.154.130.211 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 52.154.130.211 show less	Port Scan
🇺🇸 RAP	2026-06-14 06:50:08 (2 days ago)	2026-06-14 06:50:08 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇦🇹 urnilxfgbez	2026-06-11 22:45:00 (4 days ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇨🇭 SOC [GOLINE SA]	2026-06-11 08:36:05 (5 days ago)	IDS Alert: GPL WEB_SERVER 403 Forbidden === ATTACK === Signature: GPL WEB_SERVER 403 Forbidden \| SID ... show more IDS Alert: GPL WEB_SERVER 403 Forbidden === ATTACK === Signature: GPL WEB_SERVER 403 Forbidden \| SID: 2101201 \| Severity: 2 \| Category: Attempted Information Leak === SOURCE === IP: 52.154.130.211 (IPv4) \| Port: 80 \| Country: United States \| ISP: MSFT \| rDNS: None === TARGET === Host: nextcloud.goline.ch \| IP: 52.154.130.211 \| Port: 57832 \| Protocol: TCP \| App: http === RESPONSE === Time: 2026-06-11 08:36:05 \| Action: Blocked show less	Port Scan Hacking Bad Web Bot
🇺🇸 cwytech	2026-06-11 08:30:35 (5 days ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/tactical-rmm-lockdown-high.	Hacking
🇨🇦 eGuest	2026-06-11 08:27:48 (5 days ago)	52.154.130.211 - - [11/Jun/2026:02:27:45 -0600] "GET /wp-config.php HTTP/1.1" 404 844 "-" "Mozilla/5 ... show more 52.154.130.211 - - [11/Jun/2026:02:27:45 -0600] "GET /wp-config.php HTTP/1.1" 404 844 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 52.154.130.211 - - [11/Jun/2026:02:27:47 -0600] "GET /wp-config.php.bak HTTP/1.1" 404 844 "-" "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Mobile Safari/537.36" ... show less	Hacking Web App Attack
🇹🇭 Sawasdee	2026-06-11 08:15:07 (5 days ago)	Unwanted checking 80 or 443 port ...	Bad Web Bot
🇺🇸 MPL	2026-06-11 07:30:43 (5 days ago)	tcp port scan (8 or more attempts)	Port Scan
🇺🇸 RAP	2026-06-11 07:01:50 (5 days ago)	2026-06-11 07:01:50 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇧🇷 SOC PR	2026-06-11 06:36:28 (5 days ago)	IPS: Sensitive Configuration File Disclosure.	Hacking
Anonymous	2026-06-11 06:28:23 (5 days ago)	Honeypot hit: Empty payload (likely service probe); 2087 [4], 2083 [1], 2086 [1], 2082 [1] TCP Repor ... show more Honeypot hit: Empty payload (likely service probe); 2087 [4], 2083 [1], 2086 [1], 2082 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇹🇼 kenny4387	2026-06-11 05:50:00 (5 days ago)	SERVER-WEBAPP .htpasswd access attempt	Web App Attack
Anonymous	2026-06-11 05:47:22 (5 days ago)	52.154.130.211 - - [11/Jun/2026:07:47:21 +0200] "GET /.git/HEAD HTTP/1.1" 402 829 "-" "Mozilla/5.0 ( ... show more 52.154.130.211 - - [11/Jun/2026:07:47:21 +0200] "GET /.git/HEAD HTTP/1.1" 402 829 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" ... show less	Web App Attack

Showing 1 to 15 of 172 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇪 194.132.138.90

🇸🇪 192.121.147.47

🇺🇸 147.185.132.163

🇺🇸 146.70.202.55

🇺🇸 66.132.186.206

🇭🇰 47.86.3.155

🇰🇷 222.232.176.7

🇲🇽 187.216.224.85

🇵🇪 161.132.54.218

🇸🇬 129.226.210.142

🇱🇹 91.224.92.17

🇺🇸 66.132.195.71

🇺🇸 66.132.172.196

🇰🇷 3.36.128.213

🇳🇱 176.65.139.248

🇻🇳 163.61.110.67

🇺🇸 128.199.8.140

🇮🇳 103.175.8.18

🇺🇸 96.236.29.107

🇺🇸 51.81.223.238