JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.165.251.243

52.165.251.243 was found in our database!

This IP was reported 54 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.165.251.243

Whois 52.165.251.243

IP Abuse Reports for 52.165.251.243:

This IP address has been reported a total of 54 times from 39 distinct sources. 52.165.251.243 was first reported on November 28th 2025, and the most recent report was 18 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇵🇱 webadmin	2026-06-14 20:56:51 (18 minutes ago)		Web App Attack
🇺🇸 cwytech	2026-06-14 20:17:44 (57 minutes ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/pf-geofence-high.	Hacking
🇹🇷 SeczarSecureOps	2026-06-14 19:51:21 (1 hour ago)	Auto-blocked by Seczar SecureOps — Port Scan Detection (8 events in 10min) at 2026-06-14 19:51	Port Scan
Anonymous	2026-06-14 18:41:58 (2 hours ago)	Fail2Ban triggered	Web App Attack
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (1 week ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇬🇧 PeravixGroup	2026-06-03 05:05:01 (1 week ago)	Imunify360 WAF block (graylisted)	Web App Attack
🇯🇵 VXG-NET	2026-06-03 04:40:38 (1 week ago)	port=80, indicator_type=info-leak	Hacking
Anonymous	2026-06-03 03:50:08 (1 week ago)	Honeypot hit: Empty payload (likely service probe); 2087 [1] TCP Reported by: https://github.com/sef ... show more Honeypot hit: Empty payload (likely service probe); 2087 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
Anonymous	2026-06-03 03:19:31 (1 week ago)	Unauthorized access (tcp/443/https)	Port Scan Web App Attack
🇫🇮 pixiekat	2026-06-03 02:08:49 (1 week ago)	[Wed Jun 03 03:08:41.385881 2026] [authz_core:error] [pid 202128:tid 202178] [client 52.165.251.243: ... show more [Wed Jun 03 03:08:41.385881 2026] [authz_core:error] [pid 202128:tid 202178] [client 52.165.251.243:62862] AH01630: client denied by server configuration: /var/www/html/.env.backup [Wed Jun 03 03:08:43.096057 2026] [authz_core:error] [pid 202128:tid 202156] [client 52.165.251.243:62867] AH01630: client denied by server configuration: /var/www/html/.env.save [Wed Jun 03 03:08:44.555723 2026] [authz_core:error] [pid 202128:tid 202158] [client 52.165.251.243:62871] AH01630: client denied by server configuration: /var/www/html/wp-config.php [Wed Jun 03 03:08:46.486740 2026] [authz_core:error] [pid 202128:tid 202160] [client 52.165.251.243:62863] AH01630: client denied by server configuration: /var/www/html/.aws [Wed Jun 03 03:08:48.421126 2026] [authz_core:error] [pid 202128:tid 202157] [client 52.165.251.243:62894] AH01630: client denied by server configuration: /var/www/html/config ... show less	Brute-Force
🇨🇭 ALPHANET	2026-06-03 02:03:53 (1 week ago)	web exploits	Hacking Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 00:31:58 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 52.165.251.243 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.165.251.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 20:31:54.160892 2026] [security2:error] [pid 11230:tid 11230] [client 52.165.251.243:62888] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.200"] [uri "/wp-config.php"] [unique_id "ah91-glQKWq2cBLpoQxt9gAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇸 Scan	2026-06-03 00:10:38 (1 week ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-02 23:24:37 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 52.165.251.243 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.165.251.243 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 19:24:30.725541 2026] [security2:error] [pid 18267:tid 18318] [client 52.165.251.243:63003] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.24"] [uri "/.git/config"] [unique_id "ah9mLi-Wf9YNeaj1_DfS1gAAAUE"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 PeravixGroup	2026-06-02 22:59:46 (1 week ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot

Showing 1 to 15 of 54 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 220.202.112.131

🇧🇷 205.210.31.214

🇲🇩 188.214.144.172

🇨🇳 183.200.28.67

🇸🇬 101.47.141.35

🇸🇬 101.47.141.25

🇹🇷 89.252.131.17

🇺🇦 45.130.81.57

🇫🇷 35.181.60.164

🇺🇸 205.210.31.97

🇧🇪 198.235.24.179

🇹🇼 198.235.24.54

🇺🇦 185.254.196.141

🇵🇹 149.88.20.96

🇺🇸 135.237.127.54

🇳🇬 102.88.137.145

🇸🇬 101.47.141.246

🇸🇬 101.47.141.239

🇸🇬 101.47.141.215

🇺🇸 98.113.185.247