JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.173.109.189

52.173.109.189 was found in our database!

This IP was reported 125 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.173.109.189

Whois 52.173.109.189

IP Abuse Reports for 52.173.109.189:

This IP address has been reported a total of 125 times from 113 distinct sources. 52.173.109.189 was first reported on June 13th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Site.eu	2026-06-15 20:23:42 (3 days ago)	Excessive multi-domain requests	Brute-Force
Anonymous	2026-06-14 19:08:49 (4 days ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: US, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: US, Attack patterns: WordPress scanning, Malicious User-Agent show less	Bad Web Bot Web App Attack
🇳🇱 JCB	2026-06-14 17:07:00 (4 days ago)	52.173.109.189 - - [14/Jun/2026:01:00:04 +0300] "GET /crgio.php HTTP/1.1" 404 456 "-" "-" 52.173.10 ... show more 52.173.109.189 - - [14/Jun/2026:01:00:04 +0300] "GET /crgio.php HTTP/1.1" 404 456 "-" "-" 52.173.109.189 - - [14/Jun/2026:01:00:04 +0300] "GET /drykl.php HTTP/1.1" 404 456 "-" "-" ... show less	Web App Attack
🇬🇧 openstrike.co.uk	2026-06-14 05:13:36 (4 days ago)	142 attacks on PHP URLs: GET /whv.php HTTP/1.1	Web App Attack
🇭🇺 DumaNet	2026-06-14 03:47:00 (4 days ago)	Web app attack attempts, scanning for vulnerability. Date: 2026 Jun 14. 00:25:22 Source IP: 52.173 ... show more Web app attack attempts, scanning for vulnerability. Date: 2026 Jun 14. 00:25:22 Source IP: 52.173.109.189 Portion of the log(s): 52.173.109.189 - [14/Jun/2026:00:25:21 +0200] "GET /async.php HTTP/1.1" 404 153 "-" "-" 52.173.109.189 - [14/Jun/2026:00:25:21 +0200] "GET /hg.php HTTP/1.1" 404 153 "-" "-" 52.173.109.189 - [14/Jun/2026:00:25:20 +0200] "GET /xpass.php HTTP/1.1" 404 153 "-" "-" 52.173.109.189 - [14/Jun/2026:00:25:20 +0200] "GET /10266.php HTTP/1.1" 404 153 "-" "-" 52.173.109.189 - [14/Jun/2026:00:25:20 +0200] "GET /upgrade.php HTTP/1.1" 404 153 "-" "-" 52.173.109.189 - [14/Jun/2026:00:25:20 +0200] "GET /malo.php HTTP/1.1" 404 153 "-" "-" 52.173.109.189 - [14/Jun/2026:00:25:20 +0200] "GET /awi.php HTTP/1.1" 404 153 "-" "-" 52.173.109.189 - [14/Jun/2026:00:25:19 +0200] "GET /abt.php HTTP/1.1" 404 153 "-" "-" 52.173.109.189 - [14/Jun/2026:00:25:19 +0200] "GET /mnkalo.php HTTP/1.1" 404 153 "-" "-" 52.173.109.189 - [14/Jun/2026:00:25:19 +0200] "GET /chn.php HTTP/1.1" 404 153 "-" "-" show less	Web App Attack
🇭🇺 DumaNet	2026-06-14 03:23:00 (4 days ago)	Web app attack attempts, scanning for vulnerability. Date: 2026 Jun 14. 00:03:38 Source IP: 52.173 ... show more Web app attack attempts, scanning for vulnerability. Date: 2026 Jun 14. 00:03:38 Source IP: 52.173.109.189 Portion of the log(s): 52.173.109.189 - [14/Jun/2026:00:03:38 +0200] "GET /wefile.php HTTP/1.1" 404 153 "-" "-" 52.173.109.189 - [14/Jun/2026:00:03:37 +0200] "GET /wp-ver.php HTTP/1.1" 404 153 "-" "-" 52.173.109.189 - [14/Jun/2026:00:03:37 +0200] "GET /wp-der.php HTTP/1.1" 404 153 "-" "-" 52.173.109.189 - [14/Jun/2026:00:03:37 +0200] "GET /wmore1.php HTTP/1.1" 404 153 "-" "-" 52.173.109.189 - [14/Jun/2026:00:03:37 +0200] "GET /ff.php HTTP/1.1" 404 153 "-" "-" 52.173.109.189 - [14/Jun/2026:00:03:37 +0200] "GET /vx.php HTTP/1.1" 404 153 "-" "-" 52.173.109.189 - [14/Jun/2026:00:03:37 +0200] "GET /aevly.php HTTP/1.1" 404 153 "-" "-" 52.173.109.189 - [14/Jun/2026:00:03:36 +0200] "GET /wp-thi.php HTTP/1.1" 404 153 "-" "-" 52.173.109.189 - [14/Jun/2026:00:03:36 +0200] "GET /mifta.php HTTP/1.1" 404 153 "-" "-" 52.173.109.189 - [14/Jun/2026:00:03:36 +0200] "GET /wp-sing.php HTTP/1.1" 404 153 show less	Web App Attack
🇬🇧 SilverZippo	2026-06-14 00:00:53 (4 days ago)	Web App Attack	Web App Attack
🇩🇪 Philister11	2026-06-13 23:59:24 (4 days ago)	CrowdSec: crowdsecurity/http-wordpress-scan (US/AS8075)	Web App Attack
🇮🇪 Coolnagour	2026-06-13 23:48:32 (4 days ago)	http-probing: /this_is_a_new_hello_world.php	Web App Attack
🇺🇸 jormaster3k	2026-06-13 23:42:51 (4 days ago)	Attack against Apache (too many 404s)	Web App Attack
🇵🇱 lns.bz	2026-06-13 23:25:18 (4 days ago)	Web app attack [PL.Lu]	Exploited Host Web App Attack
🇫🇷 AGEPCom	2026-06-13 23:18:56 (5 days ago)	Smart-Ban: IP bannie via score AbuseIPDB	Brute-Force Web App Attack
🇩🇪 IVski	2026-06-13 23:04:49 (5 days ago)	IVski WAF \| WordPress scanner detected - probing wp-content, xmlrpc or wp-login	Port Scan Brute-Force Web App Attack
🇩🇪 raph	2026-06-13 23:03:59 (5 days ago)	[Wordpress] crawler /wp-admin/, /wp-content/, etc.	Bad Web Bot Web App Attack
🇵🇱 itsvic.dev	2026-06-13 23:01:47 (5 days ago)	52.173.109.189 - - [13/Jun/2026:23:01:46 +0000] "GET /login?returnUrl=%2Fwp-content%2Fplugins%2Fhell ... show more 52.173.109.189 - - [13/Jun/2026:23:01:46 +0000] "GET /login?returnUrl=%2Fwp-content%2Fplugins%2Fhellopress%2Fwp_filemanager.php HTTP/1.1" 200 9670 "-" "-" 52.173.109.189 - - [13/Jun/2026:23:01:46 +0000] "GET /login?returnUrl=%2Fthis_is_a_new_hello_world.php HTTP/1.1" 200 9670 "-" "-" 52.173.109.189 - - [13/Jun/2026:23:01:47 +0000] "GET /login?returnUrl=%2Fclassgoto24.php HTTP/1.1" 200 9670 "-" "-" ... show less	Brute-Force Web App Attack

Showing 1 to 15 of 125 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 123.58.198.35

🇸🇪 81.226.129.67

🇳🇱 45.148.10.157

🇺🇸 216.25.89.117

🇫🇷 193.32.126.232

🇦🇪 145.241.123.102

🇵🇰 110.93.224.226

🇮🇩 103.146.202.84

🇬🇧 92.27.101.99

🇯🇵 37.19.205.241

🇺🇸 35.254.244.123

🇷🇴 2.57.122.238

🇬🇧 2a06:4880:8000::b5

🇭🇺 85.155.242.167

🇱🇹 81.30.98.142

🇨🇭 37.120.213.13

🇧🇷 143.95.209.223

🇫🇮 77.105.161.120

🇫🇷 43.96.110.129

🇺🇸 216.25.89.77