JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.161.50.35

52.161.50.35 was found in our database!

This IP was reported 570 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Cheyenne, Wyoming

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.161.50.35

Whois 52.161.50.35

IP Abuse Reports for 52.161.50.35:

This IP address has been reported a total of 570 times from 57 distinct sources. 52.161.50.35 was first reported on November 18th 2025, and the most recent report was 14 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (14 hours ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 gu-alvareza	2026-06-03 07:05:29 (1 day ago)	Spring.Boot.Actuator.Unauthorized.Access	Brute-Force
🇺🇸 aks4226	2026-06-03 04:09:01 (1 day ago)	Attacking common web applications. (n01)	Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 04:03:48 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 52.161.50.35 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 52.161.50.35 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 00:03:43.708351 2026] [security2:error] [pid 30865:tid 30865] [client 52.161.50.35:22145] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.30"] [uri "/.git/HEAD"] [unique_id "ah-nn1WxL6GGbpPyrQ7e2wAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 RAP	2026-06-03 03:59:03 (1 day ago)	2026-06-03 03:59:03 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇧🇾 lns.bz	2026-06-03 02:59:05 (1 day ago)	Too many 404 requests [BY]	Web App Attack
Anonymous	2026-06-03 02:19:20 (1 day ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇩🇪 masterguru	2026-06-03 02:10:43 (1 day ago)	. Matched phrase "/.git/" at REQUEST_URI. (210492-145)	Web App Attack
🇺🇸 xmission.com	2026-06-03 01:31:45 (1 day ago)	Blocked by UFW (TCP on 2087) Source port: 22237 TTL: 52 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 2087) Source port: 22237 TTL: 52 Packet length: 60 TOS: 0x00 This report (for 52.161.50.35) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-03 01:25:24 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 52.161.50.35 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 52.161.50.35 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 21:25:18.928271 2026] [security2:error] [pid 11854:tid 11854] [client 52.161.50.35:22240] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.17"] [uri "/.git/HEAD"] [unique_id "ah-CfloIlHl-za55n9qG_wAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 psauxit	2026-06-03 01:07:58 (1 day ago)	Fail2Ban - UFW port probing on unauthorized port	Port Scan
🇫🇷 ✨	2026-06-03 01:01:19 (1 day ago)	Domain : www50.verysecuresites.net Rule : env 2026-06-03 01:00:22 W3SVC286 PLESK76 217.194.212.7 GET ... show more Domain : www50.verysecuresites.net Rule : env 2026-06-03 01:00:22 W3SVC286 PLESK76 217.194.212.7 GET /.env.local - 80 - 52.161.50.35 HTTP/1.1 Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0 - - 217.194.212.7 500 0 2 242 175 181 - - show less	Hacking SQL Injection
🇺🇸 TPI-Abuse	2026-06-03 00:26:40 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 52.161.50.35 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 52.161.50.35 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 20:26:33.622142 2026] [security2:error] [pid 7957:tid 7957] [client 52.161.50.35:21716] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.76"] [uri "/.git/HEAD"] [unique_id "ah90uVS86SmJFQWVDVYW0AAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇸 Scan	2026-06-03 00:23:42 (1 day ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇧🇬 pa4080	2026-06-03 00:18:40 (1 day ago)	Detected by ModSecurity. Host header is an IP address, Request URI: /___proxy_subdomain_whm/login/?l ... show more Detected by ModSecurity. Host header is an IP address, Request URI: /___proxy_subdomain_whm/login/?login_only=1 show less	Hacking Web App Attack

Showing 1 to 15 of 570 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 185.202.108.108

🇪🇨 160.20.167.227

🇺🇸 140.99.190.156

🇺🇸 140.99.190.133

🇮🇳 117.204.18.147

🇺🇸 109.105.210.105

🇺🇸 107.20.255.194

🇮🇳 103.155.56.18

🇱🇹 81.30.98.49

🇷🇴 80.94.92.166

🇸🇬 74.114.28.22

🇺🇸 72.167.39.225

🇺🇸 34.135.200.178

🇩🇪 185.242.3.226

🇮🇷 185.226.119.178

🇺🇸 140.99.190.229

🇺🇸 140.99.190.170

🇺🇸 140.99.190.60

🇺🇸 140.99.190.4

🇷🇴 89.32.41.43