JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.161.180.235

52.161.180.235 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 64%: ?

64%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Cheyenne, Wyoming

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.161.180.235

Whois 52.161.180.235

IP Abuse Reports for 52.161.180.235:

This IP address has been reported a total of 24 times from 19 distinct sources. 52.161.180.235 was first reported on June 2nd 2026, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 gu-alvareza	2026-06-03 07:05:19 (3 weeks ago)	Spring.Boot.Actuator.Unauthorized.Access	Brute-Force
🇷🇸 Scan	2026-06-03 00:17:10 (3 weeks ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇦🇹 urnilxfgbez	2026-06-02 22:45:00 (3 weeks ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇹🇷 Threat.live	2026-06-02 22:05:03 (3 weeks ago)	Suspicious Connection Attempts	Brute-Force
🇮🇪 AutosOnShow	2026-06-02 22:04:06 (3 weeks ago)	blocked for webapp attack \| path requested: /.env \| seen at 2026-06-02 22:03:06.819 \|	Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 22:01:17 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 52.161.180.235 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.161.180.235 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 18:01:12.562814 2026] [security2:error] [pid 7671:tid 7671] [client 52.161.180.235:61205] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.9"] [uri "/.git/HEAD"] [unique_id "ah9SqOamwsx0iPws8o6jogAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 KPS	2026-06-02 21:34:42 (3 weeks ago)	PortscanM	Port Scan
Anonymous	2026-06-02 20:33:54 (3 weeks ago)	52.161.180.235 - - [02/Jun/2026:20:33:53 +0000] "GET /.env.local HTTP/1.1" 404 400 "-" "Mozilla/5.0 ... show more 52.161.180.235 - - [02/Jun/2026:20:33:53 +0000] "GET /.env.local HTTP/1.1" 404 400 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Bad Web Bot Web App Attack
🇹🇭 MWA SOC	2026-06-02 20:28:15 (3 weeks ago)		Hacking
🇩🇪 sigurg	2026-06-02 20:17:45 (3 weeks ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing	Web App Attack Hacking
🇮🇩 Burayot	2026-06-02 20:03:51 (3 weeks ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 52.161.180.235 (US/United States/-) ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 52.161.180.235 (US/United States/-): 1 in the last 3600 secs show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 19:49:22 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 52.161.180.235 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.161.180.235 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 15:49:16.243018 2026] [security2:error] [pid 19189:tid 19210] [client 52.161.180.235:61485] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.18"] [uri "/.git/config"] [unique_id "ah8zvBahZWVomdqlbwuhPQAAAFM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 RAP	2026-06-02 19:35:14 (3 weeks ago)	2026-06-02 19:35:14 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 19:11:11 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 52.161.180.235 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.161.180.235 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 15:11:07.310169 2026] [security2:error] [pid 9308:tid 9308] [client 52.161.180.235:61457] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.32"] [uri "/.git/HEAD"] [unique_id "ah8qy72QtcSFiHs7yKmCrQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 tedmichalik.com	2026-06-02 19:03:26 (3 weeks ago)	52.161.180.235 - - [02/Jun/2026:15:03:19 -0400] "GET /.git/config HTTP/1.1" 404 496 "-" "Mozilla/5.0 ... show more 52.161.180.235 - - [02/Jun/2026:15:03:19 -0400] "GET /.git/config HTTP/1.1" 404 496 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Web App Attack

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 186.96.183.182

🇪🇬 154.183.180.20

🇺🇸 143.244.163.23

🇻🇳 103.183.119.48

🇺🇸 47.234.138.49

🇺🇸 20.221.72.174

🇮🇳 2404:6800:4000:1003::12c

🇬🇧 213.166.84.44

🇨🇳 111.26.69.160

🇺🇸 66.132.195.28

🇧🇪 34.79.234.73

🇰🇷 222.110.147.58

🇦🇷 190.2.103.57

🇩🇪 8.211.26.207

🇺🇸 195.184.76.32

🇸🇬 82.38.180.128

🇱🇻 81.30.98.62

🇧🇷 69.6.251.43

🇳🇱 45.92.1.134

🇱🇻 81.30.98.158