This IP address has been reported a total of
85
times from
70 distinct
sources.
52.164.253.247 was first reported on
, and the most recent report was
.
Old Reports:
The most recent abuse report for this IP address is from
. It is possible that this IP is no longer involved in abusive activities.
This IP was detected once on my original honeypot and also performed automated reconnaissance and vu ...
show moreThis IP was detected once on my original honeypot and also performed automated reconnaissance and vulnerability scanning against my server between 2025-12-19T00:13:29Z UTC and 2025-12-19T00:13:34Z UTC.
The honeypot file: /wp-content/plugins/hellopress/wp_filemanager.php.
The targeted paths included examples such as: /get.php, /dhlshipments.php, /index4.php, /panelx.php, /bekle.php, /auths.php and others.
Multiple requests used filenames that resemble PHP web shells or exploitation payloads.
The behavior is consistent with an automated directory and CMS reconnaissance scan, not normal user browsing.
This IP appears to be performing malicious probing and should be treated as suspicious or blocked.
show less
Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ...
show moreAuto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2025-12-18.
show less
LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 52.164.253.247 (IE/Ireland/-): 1 in ...
show moreLF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 52.164.253.247 (IE/Ireland/-): 1 in the last 3600 secs
show less