JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.165.59.6

52.165.59.6 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 35%: ?

35%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.165.59.6

Whois 52.165.59.6

IP Abuse Reports for 52.165.59.6:

This IP address has been reported a total of 14 times from 13 distinct sources. 52.165.59.6 was first reported on September 10th 2025, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 dynamix	2026-06-10 14:06:56 (1 hour ago)	Multiple WAF Violations	Web App Attack
🇩🇪 raspi4	2026-06-10 13:09:15 (2 hours ago)	Fail2Ban Ban Triggered	Brute-Force Web App Attack
Anonymous	2026-06-10 12:35:59 (2 hours ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇩🇪 dpsbs	2026-06-10 11:57:10 (3 hours ago)	multiple ips intrustions detected	Hacking
🇩🇪 Tamsy	2026-06-10 10:53:39 (4 hours ago)	HTTPD - Web Application scripting attack	Web App Attack
🇺🇸 octageeks.com	2026-04-10 04:06:35 (2 months ago)	Wordpress malicious attack:[octablocked]	Web App Attack
🇳🇴 Abuse Buster	2026-04-09 10:03:02 (2 months ago)	52.165.59.6 - - [09/Apr/2026:12:03:00 +0200] "GET /.git/config HTTP/2.0" 404 22 "-" "Mozilla/5.0 (Wi ... show more 52.165.59.6 - - [09/Apr/2026:12:03:00 +0200] "GET /.git/config HTTP/2.0" 404 22 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 52.165.59.6 - - [09/Apr/2026:12:03:01 +0200] "GET /.git/credentials HTTP/2.0" 404 22 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 52.165.59.6 - - [09/Apr/2026:12:03:01 +0200] "GET /.git-credentials HTTP/2.0" 404 22 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" 52.165.59.6 - - [09/Apr/2026:12:03:01 +0200] "GET /.gitconfig HTTP/2.0" 404 22 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-04-09 09:16:51 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 52.165.59.6 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 52.165.59.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 09 05:16:45.223578 2026] [security2:error] [pid 3543548:tid 3543648] [client 52.165.59.6:37888] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ehealthpass.com"] [uri "/.git/config"] [unique_id "addufZxAIOYvUjWG2N2lngAAAZc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-09 09:15:02 (2 months ago)	suspicious request in access.log	Web App Attack
Anonymous	2026-04-09 09:05:57 (2 months ago)	Blocked: Reason='Suspicious traffic score=80 (review-based detection)'; Requests=16	Hacking
🇧🇪 cmbplf	2026-04-09 08:34:45 (2 months ago)	110 requests with url.path */auth.json	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-04-09 07:03:20 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 52.165.59.6 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 52.165.59.6 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 09 03:03:15.207686 2026] [security2:error] [pid 247148:tid 247148] [client 52.165.59.6:38018] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fbgroupads.com"] [uri "/.git/config"] [unique_id "addPM8q9gMhdgpuajQnnIQAAAAs"], referer: https://news.ycombinator.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Rayulcifer	2026-04-06 20:26:24 (2 months ago)	52.165.59.6 - - [06/Apr/2026:15:26:20 -0500] "CONNECT ghostyservices.xyz:443 HTTP/1.1" 502 488 "-" " ... show more 52.165.59.6 - - [06/Apr/2026:15:26:20 -0500] "CONNECT ghostyservices.xyz:443 HTTP/1.1" 502 488 "-" "-" 52.165.59.6 - - [06/Apr/2026:15:26:20 -0500] "\x16\x03\x01" 400 392 "-" "-" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇬🇧 Silly Development	2025-09-10 05:23:35 (9 months ago)	Malicious activity detected from 8075 MICROSOFT-CORP-MSN-AS-BLOCK towards host panel.sillydev.co.uk ... show more Malicious activity detected from 8075 MICROSOFT-CORP-MSN-AS-BLOCK towards host panel.sillydev.co.uk (GET HTTP/1.1) @ 2025-09-10T05:23:35Z (246 occurrences) show less	DDoS Attack Exploited Host

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇭 222.127.52.229

🇰🇷 221.161.235.168

🇵🇱 87.251.64.158

🇨🇳 221.231.222.28

🇲🇽 186.96.145.241

🇺🇸 172.234.199.75

🇨🇳 171.83.42.17

🇮🇩 69.5.0.120

🇮🇪 20.82.167.128

🇰🇷 211.37.174.180

🇩🇪 209.38.226.123

🇧🇷 185.100.215.213

🇺🇸 148.105.15.247

🇧🇷 143.208.98.107

🇺🇸 136.107.49.199

🇨🇳 106.12.241.195

🇭🇰 103.56.115.187

🇳🇱 85.11.167.30

🇺🇸 66.228.38.158

🇺🇸 35.171.117.160