JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.164.253.247

52.164.253.247 was found in our database!

This IP was reported 85 times. Confidence of Abuse is 0%: ?

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇮🇪 Ireland
City	Dublin, Leinster

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.164.253.247

Whois 52.164.253.247

IP Abuse Reports for 52.164.253.247:

This IP address has been reported a total of 85 times from 70 distinct sources. 52.164.253.247 was first reported on December 18th 2025, and the most recent report was 6 months ago.

Old Reports: The most recent abuse report for this IP address is from 6 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2025-12-25 15:03:55 (6 months ago)	52.164.253.247 - - [18/Dec/2025:17:44:43 +0100] "GET /wp-content/plugins/hellopress/wp_filemanager.p ... show more 52.164.253.247 - - [18/Dec/2025:17:44:43 +0100] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 301 519 "-" "-" 52.164.253.247 - - [18/Dec/2025:17:44:43 +0100] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 301 4063 "-" "-" 52.164.253.247 - - [18/Dec/2025:18:27:00 +0100] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 301 519 "-" "-" ... show less	Bad Web Bot
🇯🇵 beon	2025-12-20 10:48:00 (6 months ago)	This IP was detected once on my original honeypot and also performed automated reconnaissance and vu ... show more This IP was detected once on my original honeypot and also performed automated reconnaissance and vulnerability scanning against my server between 2025-12-19T00:13:29Z UTC and 2025-12-19T00:13:34Z UTC. The honeypot file: /wp-content/plugins/hellopress/wp_filemanager.php. The targeted paths included examples such as: /get.php, /dhlshipments.php, /index4.php, /panelx.php, /bekle.php, /auths.php and others. Multiple requests used filenames that resemble PHP web shells or exploitation payloads. The behavior is consistent with an automated directory and CMS reconnaissance scan, not normal user browsing. This IP appears to be performing malicious probing and should be treated as suspicious or blocked. show less	Hacking Brute-Force Web App Attack
🇳🇱 homeshowdomain.nl	2025-12-19 23:01:08 (6 months ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2025-12-18. show less	Hacking Web App Attack SSH
🇫🇷 IRISIO	2025-12-19 08:47:35 (6 months ago)	scans/SQL injection/spam posts : 256 queries	SQL Injection Web App Attack
🇺🇸 octageeks.com	2025-12-19 05:07:39 (6 months ago)	Wordpress malicious attack:[octascan]	Web App Attack
🇬🇧 [email protected]	2025-12-19 01:02:13 (6 months ago)	...	Brute-Force SSH
🇦🇺 MAGIC	2025-12-19 00:04:44 (6 months ago)	VM5 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇸🇪 KIDOS	2025-12-18 23:59:06 (6 months ago)	CrowdSec detected malicious activity	DDoS Attack
🇳🇱 Roderic	2025-12-18 23:41:43 (6 months ago)	(apache-scanners) Failed apache-scanners trigger with match [redacted])	Port Scan
🇫🇷 mrcrassi	2025-12-18 23:31:48 (6 months ago)	Triggered Cloudflare WAF (botFight) from IE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET ... show more Triggered Cloudflare WAF (botFight) from IE. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: /auths.php UA: Empty string This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇮🇩 Burayot	2025-12-18 23:20:28 (6 months ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 52.164.253.247 (IE/Ireland/-): 1 in ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 52.164.253.247 (IE/Ireland/-): 1 in the last 3600 secs show less	Web App Attack
🇩🇪 Mykola Spesivtsev	2025-12-18 23:18:41 (6 months ago)	HTTP Tarpit detected bot activity:TargetPort:80, Path:/wp-content/plugins/hellopress/wp_filemanager. ... show more HTTP Tarpit detected bot activity:TargetPort:80, Path:/wp-content/plugins/hellopress/wp_filemanager.php, Method:GET, UA:N/A show less	Port Scan Bad Web Bot Web App Attack
Anonymous	2025-12-18 23:10:36 (6 months ago)	52.164.253.247 - - [19/Dec/2025:00:10:36 +0100] "GET /wp-content/plugins/hellopress/wp_filemanager.p ... show more 52.164.253.247 - - [19/Dec/2025:00:10:36 +0100] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 403 3707 ... show less	Web App Attack
🇩🇪 kranem	2025-12-18 23:00:23 (6 months ago)	Triggered Cloudflare WAF from IE. Action taken: BLOCK ASN: 8075 (MICROSOFT-CORP-MSN-AS-BLOCK) Protoc ... show more Triggered Cloudflare WAF from IE. Action taken: BLOCK ASN: 8075 (MICROSOFT-CORP-MSN-AS-BLOCK) Protocol: HTTP/1.1 (GET method) Endpoint: /dhlshipments.php Timestamp: 2025-12-18T21:37:52Z User-Agent: empty show less	Bad Web Bot
🇳🇱 homeshowdomain.nl	2025-12-18 22:59:25 (6 months ago)	Auto-ban: >3000 req/min op 2025-12-18	Hacking Web App Attack SSH

Showing 1 to 15 of 85 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2607:f8b0:4864:20::1043

🇨🇴 190.0.63.226

🇺🇸 172.203.251.111

🇧🇷 170.239.108.21

🇨🇳 139.227.161.141

🇩🇪 69.5.169.87

🇫🇷 54.37.100.111

🇫🇷 2a02:c207:2316:3579::1

🇺🇸 216.26.227.96

🇳🇱 193.176.31.231

🇺🇸 172.253.210.81

🇧🇪 104.199.50.32

🇨🇳 101.34.218.190

🇷🇺 94.19.18.95

🇺🇸 69.49.246.176

🇺🇸 48.217.64.148

🇺🇸 45.132.115.140

🇬🇧 37.143.61.84

🇨🇳 221.229.218.50

🇸🇬 206.189.158.96