JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.165.251.249

52.165.251.249 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 61%: ?

61%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.165.251.249

Whois 52.165.251.249

IP Abuse Reports for 52.165.251.249:

This IP address has been reported a total of 18 times from 15 distinct sources. 52.165.251.249 was first reported on October 20th 2025, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-02 22:45:00 (2 weeks ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 TPI-Abuse	2026-06-02 20:55:06 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 52.165.251.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.165.251.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 16:55:00.778107 2026] [security2:error] [pid 758:tid 758] [client 52.165.251.249:25665] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.228"] [uri "/.git/HEAD"] [unique_id "ah9DJNYabR-hx6BYpBQtOAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 bescared	2026-06-02 20:07:26 (2 weeks ago)	F2B - Malicious activity detected. Excessive port scans. -151302cd-	Port Scan
🇺🇸 RAP	2026-06-02 18:04:50 (2 weeks ago)	2026-06-02 18:04:50 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 17:08:14 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 52.165.251.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.165.251.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 13:08:06.249036 2026] [security2:error] [pid 6391:tid 6391] [client 52.165.251.249:25665] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.43"] [uri "/.git/config"] [unique_id "ah8N9uZcRgthahgEeMbqrgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 PeravixGroup	2026-06-02 16:49:51 (2 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇹🇷 Threat.live	2026-06-02 06:40:09 (2 weeks ago)	Suspicious Connection Attempts	Brute-Force
🇺🇸 TPI-Abuse	2026-06-02 06:32:13 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 52.165.251.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.165.251.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 02:32:09.208295 2026] [security2:error] [pid 23863:tid 23863] [client 52.165.251.249:62756] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.161"] [uri "/.git/HEAD"] [unique_id "ah546YEZI5bg6ymSKwmfVAAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Teufel100	2026-06-02 05:43:07 (2 weeks ago)	ModSecurity rejected a query'	Brute-Force Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 04:53:06 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 52.165.251.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.165.251.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 00:52:58.237433 2026] [security2:error] [pid 32598:tid 32615] [client 52.165.251.249:63822] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.18"] [uri "/.git/config"] [unique_id "ah5hqvICtUeT5dH_IWCoSgAAAE4"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Spiderpiggy	2026-06-02 04:32:13 (2 weeks ago)	Automatically reported via Blackhole honeypot on phpbbextnl.be. Attempted access to restricted endpo ... show more Automatically reported via Blackhole honeypot on phpbbextnl.be. Attempted access to restricted endpoint: /config/database.yml show less	Brute-Force Bad Web Bot SSH
🇩🇪 Skyrider	2026-06-02 04:26:37 (2 weeks ago)	crowdsecurity/http-sensitive-files	Hacking
🇫🇷 Dechavanne	2026-06-02 02:00:15 (2 weeks ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇷🇸 Scan	2026-06-02 01:58:52 (2 weeks ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇦🇷 Bruno	2026-06-02 01:50:10 (2 weeks ago)	Port Scanner: 52.165.251.249	Port Scan

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.163.125.150

🇩🇪 161.35.19.218

🇺🇸 135.237.123.227

🇧🇩 118.179.184.125

🇩🇪 69.5.169.157

🇷🇺 185.70.129.186

🇺🇬 154.0.131.67

🇮🇩 147.139.182.140

🇧🇩 118.179.89.140

🇧🇩 118.179.39.39

🇧🇷 108.165.63.136

🇺🇸 104.223.21.20

🇮🇹 82.51.158.253

🇭🇷 82.23.221.19

🇩🇪 69.5.169.138

🇭🇰 47.83.174.230

🇬🇧 2a06:4884:5000::61

🇮🇳 223.190.81.161

🇱🇧 185.134.178.19

🇷🇺 185.70.131.215