JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.154.132.164

52.154.132.164 was found in our database!

This IP was reported 49 times. Confidence of Abuse is 76%: ?

76%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.154.132.164

Whois 52.154.132.164

IP Abuse Reports for 52.154.132.164:

This IP address has been reported a total of 49 times from 24 distinct sources. 52.154.132.164 was first reported on July 18th 2025, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 sumnone	2026-06-14 16:49:54 (5 days ago)	Port probing on unauthorized port 4000	Port Scan Hacking Exploited Host
Anonymous	2026-06-14 16:37:48 (5 days ago)	52.154.132.164 detected on srv02	Port Scan
🇺🇸 xmission.com	2026-06-14 15:05:28 (5 days ago)	Blocked by UFW (TCP on 80) Source port: 35987 TTL: 50 Packet length: 60 TOS: 0x00 This report (for ... show more Blocked by UFW (TCP on 80) Source port: 35987 TTL: 50 Packet length: 60 TOS: 0x00 This report (for 52.154.132.164) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇹🇷 SeczarSecureOps	2026-06-14 14:44:21 (5 days ago)	Auto-blocked by Seczar SecureOps — Port Scan Detection (14 events in 10min) at 2026-06-14 14:44	Port Scan
🇦🇹 urnilxfgbez	2026-06-11 22:45:00 (1 week ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇦🇹 centurion	2026-06-11 02:01:05 (1 week ago)	Unauthorized attempt on coresecret [8880/tcp] Source port: 60416 TTL: 36 Packet length: 60 TOS: 0x00 ... show more Unauthorized attempt on coresecret [8880/tcp] Source port: 60416 TTL: 36 Packet length: 60 TOS: 0x00 https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-11 00:16:28 (1 week ago)	(mod_security) mod_security (id:949110) triggered by 52.154.132.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:949110) triggered by 52.154.132.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 20:16:23.162534 2026] [security2:error] [pid 11999:tid 11999] [client 52.154.132.164:60417] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "192.64.150.240"] [uri "/.git/config"] [unique_id "ain-V6qoPo1Gjt6b6uJdtwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 gu-alvareza	2026-06-10 07:06:02 (1 week ago)	Spring.Boot.Actuator.Unauthorized.Access	Brute-Force
🇷🇸 Scan	2026-06-10 03:02:17 (1 week ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇩🇪 Tamsy	2026-06-10 02:55:15 (1 week ago)	HTTPD - Web Application scripting attack	Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 02:52:52 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 52.154.132.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.154.132.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 22:52:47.799121 2026] [security2:error] [pid 2062:tid 2062] [client 52.154.132.164:29729] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.14"] [uri "/.git/HEAD"] [unique_id "aijRfxwrwZN8qs2NALQlDwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 Slackin' Jack	2026-06-01 17:27:40 (2 weeks ago)	Triggered honeypot on port 2082. (52.154.132.164)	Port Scan
🇬🇧 PeravixGroup	2026-06-01 16:55:11 (2 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇺🇸 bulkvm.com	2026-06-01 16:30:43 (2 weeks ago)	[bulkvm.com/honeypot] HTTP port scan. Port: 19488, Time: 2026-06-01 16:30:38 UTC	Port Scan
🇫🇮 6kilowatti	2026-06-01 16:03:19 (2 weeks ago)	2026-06-01T19:03:18.716400+03:00 mummo kernel: [UFW BLOCK] IN=enp0s25 OUT= MAC=6c:62:6d:d6:a5:bc:00: ... show more 2026-06-01T19:03:18.716400+03:00 mummo kernel: [UFW BLOCK] IN=enp0s25 OUT= MAC=6c:62:6d:d6:a5:bc:00:00:5e:00:01:58:08:00 SRC=52.154.132.164 DST=83.148.240.21 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=3875 DF PROTO=TCP SPT=19488 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 ... show less	Port Scan

Showing 1 to 15 of 49 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇱🇧 185.222.51.2

🇱🇹 81.30.98.62

🇮🇳 59.179.31.237

🇳🇱 176.65.139.105

🇺🇸 173.88.13.197

🇷🇴 80.94.92.130

🇳🇱 45.198.224.115

🇳🇱 45.148.10.151

🇭🇰 199.45.154.179

🇧🇷 189.56.0.19

🇬🇧 185.216.145.169

🇺🇸 147.185.132.126

🇬🇪 134.19.248.210

🇨🇳 118.81.203.242

🇩🇪 69.5.169.224

🇺🇸 45.79.181.94

🇺🇸 40.76.116.231

🇳🇱 195.178.110.30

🇬🇧 193.176.29.30

🇺🇸 172.178.115.138