JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.161.177.70

52.161.177.70 was found in our database!

This IP was reported 33 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Cheyenne, Wyoming

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.161.177.70

Whois 52.161.177.70

IP Abuse Reports for 52.161.177.70:

This IP address has been reported a total of 33 times from 23 distinct sources. 52.161.177.70 was first reported on April 27th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 sid3windr	2026-06-04 19:53:31 (1 day ago)	GET /.DS_Store (Tarpitted for 1d15h8m28s, wasted 8.06MB)	Web App Attack
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (2 days ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇧🇷 SOC-BR	2026-06-03 07:36:04 (3 days ago)	Attack detected by Fortinet - applications3: Spring.Boot.Actuator.Unauthorized.Access - 2026-06-02 1 ... show more Attack detected by Fortinet - applications3: Spring.Boot.Actuator.Unauthorized.Access - 2026-06-02 19:36:38 - Source Port 17607 show less	Port Scan Hacking
🇺🇸 gu-alvareza	2026-06-03 07:05:29 (3 days ago)	Spring.Boot.Actuator.Unauthorized.Access	Brute-Force
🇧🇪 boxed-it	2026-06-03 06:55:13 (3 days ago)	GET /config/database.yml (Tarpitted for , wasted 120B)	Web App Attack
🇦🇺 dyln	2026-06-03 06:11:49 (3 days ago)	Dyls honeypot brute-force: proto8 (8 total hits)	Brute-Force
🇺🇸 MPL	2026-06-03 05:47:40 (3 days ago)	tcp ports: 80,2083 (2 or more attempts)	Port Scan
🇺🇸 TPI-Abuse	2026-06-03 04:17:27 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 52.161.177.70 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 52.161.177.70 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 00:17:21.019935 2026] [security2:error] [pid 10075:tid 10075] [client 52.161.177.70:17045] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.12"] [uri "/.git/config"] [unique_id "ah-q0ZnFP7SDMBpn9xr8BQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 03:49:23 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 52.161.177.70 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 52.161.177.70 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 23:49:19.319310 2026] [security2:error] [pid 18249:tid 18249] [client 52.161.177.70:15845] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.137"] [uri "/.git/HEAD"] [unique_id "ah-kP2Hcg-3J_e-iSJqgewAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-03 03:38:27 (3 days ago)	Portscan: TCP/2087, TCP/2082, TCP/8080, TCP/2086, TCP/8443, TCP/2083	Port Scan
Anonymous	2026-06-03 03:37:44 (3 days ago)	52.161.177.70 (US/United States/-), 5 distributed cpanel attacks on account [root] in the last 3600 ... show more 52.161.177.70 (US/United States/-), 5 distributed cpanel attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: [2026-06-03 13:37:38 +1000] info [whostmgrd] 154.50.31.21 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect [2026-06-03 13:31:49 +1000] info [whostmgrd] 52.161.177.70 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect [2026-06-03 13:04:06 +1000] info [whostmgrd] 172.208.153.227 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect [2026-06-03 13:32:05 +1000] info [whostmgrd] 52.161.177.70 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect [2026-06-03 13:04:40 +1000] info [whostmgrd] 172.208.153.227 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect IP Addresses Blocked: 154.50.31.21 (KH/Cambodia/-) show less	Port Scan
🇬🇧 PeravixGroup	2026-06-03 03:10:02 (3 days ago)	Imunify360 WAF block (graylisted)	Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 02:43:42 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 52.161.177.70 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 52.161.177.70 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 22:43:39.647946 2026] [security2:error] [pid 12563:tid 12563] [client 52.161.177.70:17600] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.151"] [uri "/.git/config"] [unique_id "ah-U2_mYXxgRE-ItVDhNagAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇹🇭 Sawasdee	2026-06-03 02:21:04 (3 days ago)	Unwanted checking 80 or 443 port ...	Bad Web Bot
Anonymous	2026-06-03 01:52:36 (3 days ago)	Jun 2 21:52:35 localhost kernel: [108796871.392047] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:9 ... show more Jun 2 21:52:35 localhost kernel: [108796871.392047] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=52.161.177.70 DST=[mungedIP2] LEN=60 TOS=0x00 PREC=0x40 TTL=45 ID=18405 DF PROTO=TCP SPT=16351 DPT=2087 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 2 21:52:35 localhost kernel: [108796871.392068] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=52.161.177.70 DST=[mungedIP2] LEN=60 TOS=0x00 PREC=0x40 TTL=45 ID=18405 DF PROTO=TCP SPT=16351 DPT=2087 SEQ=2351562197 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405A00402080A6AEAFB30000000000103030A) Jun 2 21:52:35 localhost kernel: [108796871.399263] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=52.161.177.70 DST=[mungedIP2] LEN=60 TOS=0x00 PREC=0x40 TTL=43 ID=41160 DF PROTO=TCP SPT=16351 DPT=2082 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 2 21:52:35 localhost kernel: [108796871.401023] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0 show less	Port Scan

Showing 1 to 15 of 33 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇴 129.222.203.206

🇮🇷 2.180.239.137

🇺🇸 192.186.191.213

🇺🇸 192.3.50.114

🇨🇳 122.228.231.141

🇰🇷 112.216.108.62

🇺🇸 20.169.91.83

🇺🇸 2602:fb54:97e::

🇳🇱 212.192.216.2

🇱🇹 188.69.225.188

🇭🇰 150.5.141.198

🇨🇳 123.166.162.213

🇨🇳 115.56.158.246

🇺🇸 66.132.172.128

🇺🇸 45.61.184.228

🇨🇳 8.154.2.19

🇷🇺 5.164.6.184

🇸🇬 2404:6800:4003:c1a::127

🇹🇭 203.154.158.195

🇵🇦 190.140.113.110