JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.173.123.151

52.173.123.151 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 81%: ?

81%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.173.123.151

Whois 52.173.123.151

IP Abuse Reports for 52.173.123.151:

This IP address has been reported a total of 24 times from 19 distinct sources. 52.173.123.151 was first reported on April 11th 2026, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 RAP	2026-06-14 10:12:57 (5 days ago)	2026-06-14 10:12:57 UTC Unauthorized activity to TCP port 8443. Web App	Port Scan Web App Attack
🇹🇭 Sawasdee	2026-06-14 07:45:06 (5 days ago)	Unwanted checking 80 or 443 port ...	Bad Web Bot
🇺🇸 xmission.com	2026-06-11 09:08:44 (1 week ago)	Blocked by UFW (TCP on 2096) Source port: 47784 TTL: 51 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 2096) Source port: 47784 TTL: 51 Packet length: 60 TOS: 0x00 This report (for 52.173.123.151) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-07 19:55:43 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 52.173.123.151 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 52.173.123.151 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 15:55:37.430109 2026] [security2:error] [pid 3428:tid 3428] [client 52.173.123.151:24906] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|192.64.150.216\|F\|2"] [data ".env.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "192.64.150.216"] [uri "/.env.backup"] [unique_id "aiXMuVJUMAZcQS1Z1l7BKgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-07 17:39:31 (1 week ago)	Jun 7 13:39:30 localhost kernel: [109199277.176708] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:9 ... show more Jun 7 13:39:30 localhost kernel: [109199277.176708] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=52.173.123.151 DST=[mungedIP2] LEN=60 TOS=0x00 PREC=0x40 TTL=46 ID=17652 DF PROTO=TCP SPT=25555 DPT=2086 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 7 13:39:30 localhost kernel: [109199277.176728] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=52.173.123.151 DST=[mungedIP2] LEN=60 TOS=0x00 PREC=0x40 TTL=46 ID=17652 DF PROTO=TCP SPT=25555 DPT=2086 SEQ=270292196 ACK=0 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405A00402080A9C0F043C000000000103030A) Jun 7 13:39:30 localhost kernel: [109199277.179537] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=52.173.123.151 DST=[mungedIP2] LEN=60 TOS=0x00 PREC=0x40 TTL=45 ID=7987 DF PROTO=TCP SPT=25583 DPT=8443 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 7 13:39:30 localhost kernel: [109199277.183897] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f show less	Port Scan
Anonymous	2026-06-07 16:55:34 (1 week ago)	RdpGuard detected brute-force attempt on HTTP	Brute-Force
🇩🇪 ghostwarriors	2026-06-07 15:50:25 (1 week ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-07 15:05:02 (1 week ago)	suspicious request in access.log	Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 14:48:44 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 52.173.123.151 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.173.123.151 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 10:48:41.432138 2026] [security2:error] [pid 13965:tid 13971] [client 52.173.123.151:25366] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.79"] [uri "/.git/HEAD"] [unique_id "aiWEyVOEkYZpOV-4iBgZBAAAAMM"] show less	Brute-Force Bad Web Bot Web App Attack
🇯🇵 pixelboost.kr	2026-06-07 14:46:24 (1 week ago)	52.173.123.151 - - [07/Jun/2026:23:46:19 +0900] "GET /.git/HEAD HTTP/1.1" 404 181 "-" "Mozilla/5.0 ( ... show more 52.173.123.151 - - [07/Jun/2026:23:46:19 +0900] "GET /.git/HEAD HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 52.173.123.151 - - [07/Jun/2026:23:46:23 +0900] "GET /.env HTTP/1.1" 404 181 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Bad Web Bot Web App Attack
🇺🇸 Starburst SysOp Team	2026-06-07 14:28:16 (1 week ago)	(mod_security-custom) mod_security (id:210492) triggered by 52.173.123.151 (-): 1 in the last 3600 s ... show more (mod_security-custom) mod_security (id:210492) triggered by 52.173.123.151 (-): 1 in the last 3600 secs (0-srv1) show less	Hacking
🇧🇾 lns.bz	2026-06-04 00:01:20 (2 weeks ago)	.env scanning [BY]	Web App Attack
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (2 weeks ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇩🇪 EGP Abuse Dept	2026-06-03 03:41:59 (2 weeks ago)	Scanning for web/db/file exploits on tpc-test-001.mach3builders.nl	SQL Injection Bad Web Bot Web App Attack
🇹🇭 Sawasdee	2026-06-03 03:30:17 (2 weeks ago)	Port Scan ...	Port Scan

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 222.232.176.7

🇰🇷 218.148.106.182

🇸🇬 172.217.43.149

🇫🇮 147.185.133.141

🇨🇳 124.89.119.12

🇫🇷 85.217.140.16

🇫🇷 85.217.140.15

🇱🇹 45.227.254.170

🇺🇸 44.145.236.67

🇺🇸 16.145.49.175

🇨🇳 8.136.189.162

🇷🇴 2.57.121.25

🇸🇬 213.35.107.21

🇧🇷 186.200.104.66

🇵🇹 161.230.217.176

🇺🇸 44.247.0.62

🇭🇰 38.190.210.244

🇬🇧 216.226.76.20

🇻🇳 103.118.28.17

🇫🇷 94.183.188.148