JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.161.57.36

52.161.57.36 was found in our database!

This IP was reported 34 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Cheyenne, Wyoming

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.161.57.36

Whois 52.161.57.36

IP Abuse Reports for 52.161.57.36:

This IP address has been reported a total of 34 times from 27 distinct sources. 52.161.57.36 was first reported on June 2nd 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (1 week ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
Anonymous	2026-06-03 11:06:14 (1 week ago)	Portscan: TCP/2087 (2x), TCP/80, TCP/8080 (2x), TCP/8443 (2x), TCP/2082 (2x), TCP/2086, TCP/443, TCP ... show more Portscan: TCP/2087 (2x), TCP/80, TCP/8080 (2x), TCP/8443 (2x), TCP/2082 (2x), TCP/2086, TCP/443, TCP/2083 (2x) show less	Port Scan
🇩🇪 check-the-sum.fr	2026-06-03 06:32:13 (1 week ago)	Port Scanning	Port Scan
🇺🇸 TPI-Abuse	2026-06-03 06:11:52 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 52.161.57.36 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 52.161.57.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 02:11:45.290942 2026] [security2:error] [pid 25247:tid 25247] [client 52.161.57.36:27162] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.4"] [uri "/.git/config"] [unique_id "ah_Fob2Dn9ZAzMFNvzHuyAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 NXTwoThou	2026-06-03 06:10:39 (1 week ago)	/___proxy_subdomain_whm/login/%3Flogin_only=1	Web App Attack
🇺🇸 MPL	2026-06-03 05:51:57 (1 week ago)	tcp port scan (8 or more attempts)	Port Scan
🇬🇧 Don Felip	2026-06-03 05:47:15 (1 week ago)	Web Exploiter - Banned by Fail2Ban	Hacking Web App Attack
🇨🇳 Peter Yu	2026-06-03 05:18:57 (1 week ago)		Bad Web Bot Web App Attack
🇧🇾 lns.bz	2026-06-03 04:51:08 (1 week ago)	Too many 404 requests [BY]	Web App Attack
🇬🇧 PeravixGroup	2026-06-03 04:34:08 (1 week ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇺🇸 MPL	2026-06-03 04:15:14 (1 week ago)	tcp port scan (4 or more attempts)	Port Scan
🇸🇪 nekopavel	2026-06-03 03:57:33 (1 week ago)	52.161.57.36 - - [03/Jun/2026:05:57:26 +0200]"GET /.git/config HTTP/1.1" 301 162"-" 78.69.8.25 "Mozi ... show more 52.161.57.36 - - [03/Jun/2026:05:57:26 +0200]"GET /.git/config HTTP/1.1" 301 162"-" 78.69.8.25 "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36""0.000" "-""Cheyenne" "US" 52.161.57.36 - - [03/Jun/2026:05:57:28 +0200]"GET /.env.local HTTP/1.1" 301 162"-" 78.69.8.25 "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Mobile Safari/537.36""0.000" "-""Cheyenne" "US" 52.161.57.36 - - [03/Jun/2026:05:57:30 +0200]"GET /.env.production HTTP/1.1" 301 162"-" 78.69.8.25 "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36""0.000" "-""Cheyenne" "US" ... show less	Hacking Bad Web Bot Web App Attack
🇹🇷 Threat.live	2026-06-03 03:20:05 (1 week ago)	Suspicious Connection Attempts	Brute-Force
Anonymous	2026-06-03 03:06:35 (1 week ago)	52.161.57.36 (US/United States/-), 5 distributed cpanel attacks on account [root] in the last 600 se ... show more 52.161.57.36 (US/United States/-), 5 distributed cpanel attacks on account [root] in the last 600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: [2026-06-02 21:03:27 -0600] info [whostmgrd] 52.161.57.36 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect [2026-06-02 21:02:01 -0600] info [whostmgrd] 48.211.211.43 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect [2026-06-02 21:01:43 -0600] info [whostmgrd] 48.211.211.43 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect [2026-06-02 21:06:30 -0600] info [whostmgrd] 74.235.127.160 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect [2026-06-02 21:03:46 -0600] info [whostmgrd] 52.161.57.36 - root "POST /login/?login_only=1 HTTP/1.1" FAILED LOGIN whostmgrd: user password incorrect IP Addresses Blocked: show less	Port Scan
🇩🇪 big-cloud.nl	2026-06-03 01:09:50 (1 week ago)	Try to access /.git/HEAD	Web App Attack

Showing 1 to 15 of 34 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 198.244.183.55

🇧🇷 179.42.35.230

🇯🇵 158.179.189.113

🇸🇪 94.255.255.26

🇫🇷 91.231.89.234

🇰🇬 77.235.20.52

🇺🇸 64.62.156.186

🇺🇸 64.62.156.185

🇳🇱 45.142.193.105

🇭🇰 45.142.154.108

🇺🇸 45.33.26.204

🇧🇬 5.188.206.66

🇮🇹 204.216.216.117

🇸🇬 172.188.218.162

🇩🇪 167.94.145.20

🇮🇳 103.51.223.3

🇮🇹 88.147.30.59

🇺🇸 71.236.93.75

🇺🇸 65.49.1.182

🇺🇸 3.130.168.2