JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.157.2.246

52.157.2.246 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 62%: ?

62%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.157.2.246

Whois 52.157.2.246

IP Abuse Reports for 52.157.2.246:

This IP address has been reported a total of 22 times from 17 distinct sources. 52.157.2.246 was first reported on January 6th 2026, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇸🇪 adaml1324	2026-06-02 17:50:37 (4 days ago)	Web application exploit probing From server logs: DIRECT_IP_HTTPS ip=[attacker] time=02/Jun/2026:08 ... show more Web application exploit probing From server logs: DIRECT_IP_HTTPS ip=[attacker] time=02/Jun/2026:08:47:35 +0200 DIRECT_IP_HTTPS ip=[attacker] time=02/Jun/2026:08:47:37 +0200 DIRECT_IP_HTTPS ip=[attacker] time=02/Jun/2026:08:47:38 +0200 DIRECT_IP_HTTPS ip=[attacker] time=02/Jun/2026:08:47:45 +0200 2026-06-02 08:47:46 (direkt-IP) GET /wp-config.php HTTP/1.1 [444 Blockerad] show less	Web App Attack
🇸🇪 EmK530	2026-06-02 12:33:02 (4 days ago)	URL flagged by RegEx: /.aws/credentials	Web App Attack
🇺🇸 RAP	2026-06-02 12:17:02 (4 days ago)	2026-06-02 12:17:02 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
Anonymous	2026-06-02 10:00:02 (4 days ago)	suspicious request in access.log	Web App Attack
Anonymous	2026-06-02 09:42:50 (4 days ago)	Hit honeypot r.	Port Scan Hacking Exploited Host
🇫🇷 masterguru	2026-06-02 09:20:53 (4 days ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 52.157.2.246 (US/United States/-): 1 in the la ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 52.157.2.246 (US/United States/-): 1 in the last 3600 secs (0-197) show less	Hacking
🇺🇸 Nova Reed	2026-06-02 08:36:37 (4 days ago)	Jun 2 16:35:50 racknerd-df72780 kernel: [4751067.704011] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:e8:9 ... show more Jun 2 16:35:50 racknerd-df72780 kernel: [4751067.704011] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:e8:95:3e:20:d8:0b:13:e1:41:08:00 SRC=52.157.2.246 DST=67.215.241.238 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=26183 DF PROTO=TCP SPT=57225 DPT=2087 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 2 16:36:35 racknerd-df72780 kernel: [4751112.076676] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:e8:95:3e:20:d8:0b:13:e1:41:08:00 SRC=52.157.2.246 DST=67.215.241.238 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=3207 DF PROTO=TCP SPT=57229 DPT=2087 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 2 16:36:36 racknerd-df72780 kernel: [4751113.080221] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:e8:95:3e:20:d8:0b:13:e1:41:08:00 SRC=52.157.2.246 DST=67.215.241.238 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=49820 DF PROTO=TCP SPT=57216 DPT=2086 WINDOW=64240 RES=0x00 SYN URGP=0 ... show less	Brute-Force SSH
Anonymous	2026-06-02 07:46:02 (4 days ago)	Bot / scanning and/or hacking attempts: GET /config.php HTTP/1.1, GET /.DS_Store HTTP/1.1, GET /.env ... show more Bot / scanning and/or hacking attempts: GET /config.php HTTP/1.1, GET /.DS_Store HTTP/1.1, GET /.env.save HTTP/1.1, GET /actuator/env HTTP/1.1, GET /.env.production HTTP/1.1, GET /server-status HTTP/1.1, GET /backup.sql HTTP/1.1, GET /app/config/parameters.yml HTTP/1.1, GET /.htpasswd HTTP/1.1 show less	Hacking Web App Attack
🇸🇬 anotherwatcher	2026-06-02 07:07:49 (5 days ago)	bad bot	Bad Web Bot
🇩🇪 guldkage	2026-06-02 07:03:21 (5 days ago)	Unauthorized connection attempt detected from IP address 52.157.2.246 to port 8443 (ger-03) [g]	Brute-Force Exploited Host
🇳🇱 homeshowdomain.nl	2026-04-11 22:01:57 (1 month ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-04-10. show less	Web App Attack SSH Hacking
🇳🇱 homeshowdomain.nl	2026-04-10 21:59:15 (1 month ago)	Auto-ban: >3000 req/min op 2026-04-10	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-04-10 20:18:34 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 52.157.2.246 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 52.157.2.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 10 16:18:27.655265 2026] [security2:error] [pid 531352:tid 531352] [client 52.157.2.246:42914] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thepinman.org"] [uri "/.git/config"] [unique_id "adlbE7MOcVmaAE-lO8E-PQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-10 19:43:33 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 52.157.2.246 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 52.157.2.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 10 15:43:28.996740 2026] [security2:error] [pid 2350856:tid 2350856] [client 52.157.2.246:42648] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thechoicesy.com"] [uri "/.git/config"] [unique_id "adlS4EBTK821XpCHuEZWRgAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 interbiznw.com	2026-04-10 19:23:19 (1 month ago)	malicious-web-requests-vulnerability-scanning	Hacking Brute-Force Exploited Host Web App Attack

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 152.42.219.80

🇰🇷 125.139.124.120

🇺🇿 194.107.115.199

🇧🇴 190.181.25.210

🇭🇰 165.154.45.135

🇺🇸 157.254.174.96

🇻🇳 118.70.182.193

🇷🇺 89.223.69.22

🇳🇱 85.11.167.11

🇱🇹 81.30.98.142

🇧🇬 79.124.49.70

🇫🇷 62.84.183.157

🇮🇹 57.131.50.125

🇧🇪 34.62.95.223

🇨🇳 220.205.123.19

🇹🇼 210.61.48.101

🇪🇨 186.4.240.226

🇺🇸 172.234.199.93

🇮🇳 103.163.105.130

🇻🇳 103.159.54.61