JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.154.132.178

52.154.132.178 was found in our database!

This IP was reported 44 times. Confidence of Abuse is 92%: ?

92%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.154.132.178

Whois 52.154.132.178

IP Abuse Reports for 52.154.132.178:

This IP address has been reported a total of 44 times from 36 distinct sources. 52.154.132.178 was first reported on September 14th 2025, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 femboy.cat	2026-06-09 06:10:10 (4 days ago)	Port scan to tcp/9849 from 52.154.132.178	Brute-Force
Anonymous	2026-06-07 15:03:52 (6 days ago)	PORT & IP Scan.	Port Scan Brute-Force
🇺🇸 NXTwoThou	2026-06-06 23:21:38 (6 days ago)	/___proxy_subdomain_whm/login/%3Flogin_only=1	Web App Attack
🇸🇪 Juha Jurvanen	2026-06-06 23:08:13 (6 days ago)	RdpGuard detected brute-force attempt on HTTP	Brute-Force
🇬🇧 sandra361	2026-06-06 21:02:02 (6 days ago)	Port scan detected: 7 attempts across 7 ports (2082,2083,2086,2087,80,8080,8443). \| Evidence: GHOST_ ... show more Port scan detected: 7 attempts across 7 ports (2082,2083,2086,2087,80,8080,8443). \| Evidence: GHOST_SCAN:IN=enp1s0f0 OUT= SRC=52.154.132.178 LEN=60 TOS=0x00 PREC=0x00 TTL=40 ID=20437 DF PROTO=TCP SPT=36556 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-06 20:12:26 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 52.154.132.178 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.154.132.178 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 16:12:22.217612 2026] [security2:error] [pid 7630:tid 7630] [client 52.154.132.178:37164] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.67"] [uri "/.git/HEAD"] [unique_id "aiR_JucTlRQqg4fv7_IoiwAAACM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Starburst SysOp Team	2026-06-06 19:32:54 (6 days ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-stl2-17)	Hacking Bad Web Bot
🇵🇱 Wepted	2026-06-06 19:30:58 (6 days ago)	Port scan detected by honeypot	Port Scan Hacking
🇺🇸 OceanTreasure	2026-06-06 19:15:12 (6 days ago)	tcp/80; Spring Boot Actuator exposure attempt: "GET /actuator/env" @ 2026-06-06T19:07:39Z [azure]	Web App Attack
🇫🇷 dynamix	2026-06-06 18:57:43 (6 days ago)	Multiple WAF Violations	Web App Attack
🇦🇺 aranguren.org	2026-06-06 18:34:56 (6 days ago)	52.154.132.178 - - [07/Jun/2026:04:34:51 +1000] "GET /.git/HEAD HTTP/1.1" 404 986 "-" "Mozilla/5.0 ( ... show more 52.154.132.178 - - [07/Jun/2026:04:34:51 +1000] "GET /.git/HEAD HTTP/1.1" 404 986 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" 52.154.132.178 - - [07/Jun/2026:04:34:52 +1000] "GET /.git/config HTTP/1.1" 404 986 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 52.154.132.178 - - [07/Jun/2026:04:34:52 +1000] "GET /.env HTTP/1.1" 404 986 "-" "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Mobile Safari/537.36" 52.154.132.178 - - [07/Jun/2026:04:34:53 +1000] "GET /.env.local HTTP/1.1" 404 986 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 52.154.132.178 - - [07/Jun/2026:04:34:54 +1000] "GET /.env.production HTTP/1.1" 404 986 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Versio ... show less	Bad Web Bot
🇷🇴 gtheo99	2026-06-06 18:13:46 (6 days ago)	(cpanel) Failed cPanel login from 52.154.132.178 (US/United States/-): 2 in the last 900 secs	Brute-Force Web App Attack
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (1 week ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇹🇷 Threat.live	2026-06-03 04:15:03 (1 week ago)	Suspicious Connection Attempts	Brute-Force
Anonymous	2026-06-03 03:57:29 (1 week ago)	[Tue Jun 02 23:57:23.966797 2026] [php7:error] [pid 1469763] [client 52.154.132.178:49359] script '/ ... show more [Tue Jun 02 23:57:23.966797 2026] [php7:error] [pid 1469763] [client 52.154.132.178:49359] script '/var/www/html/phpinfo.php' not found or unable to stat [Tue Jun 02 23:57:29.231610 2026] [php7:error] [pid 1469765] [client 52.154.132.178:49362] script '/var/www/html/config.php' not found or unable to stat ... show less	Brute-Force Web App Attack SSH

Showing 1 to 15 of 44 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.235

🇳🇱 176.65.139.103

🇨🇦 35.183.24.150

🇺🇸 3.16.151.235

🇩🇪 213.209.159.158

🇩🇪 213.209.159.11

🇺🇸 193.19.109.175

🇧🇷 191.233.234.186

🇺🇸 147.185.132.230

🇺🇸 64.225.60.187

🇦🇺 54.206.113.83

🇲🇾 47.254.213.222

🇷🇴 2.57.122.238

🇨🇳 124.89.89.146

🇱🇻 91.105.20.128

🇩🇪 77.64.178.219

🇺🇸 66.132.195.27

🇭🇰 43.161.217.219

🇦🇺 34.151.162.60

🇺🇸 2602:80d:1007::6d