JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.173.162.103

52.173.162.103 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 44%: ?

44%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.173.162.103

Whois 52.173.162.103

IP Abuse Reports for 52.173.162.103:

This IP address has been reported a total of 19 times from 16 distinct sources. 52.173.162.103 was first reported on August 13th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇯🇵 SentinalX by uzumaru	2026-06-29 04:05:26 (1 day ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: ptlogin.4399.com:443 show less	Open Proxy Port Scan
🇨🇳 pengpeng	2026-06-03 05:23:48 (3 weeks ago)	monitor: on VM-0-7-ubuntu \| port: 443 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporter	Port Scan
🇺🇸 ISPLtd	2026-06-03 03:59:02 (3 weeks ago)	Jun 3 00:58:48 52.173.162.103 TCP SPT=60416 DPT=2082 SYN Jun 3 00:58:48 52.173.162.103 TCP SPT=604 ... show more Jun 3 00:58:48 52.173.162.103 TCP SPT=60416 DPT=2082 SYN Jun 3 00:58:48 52.173.162.103 TCP SPT=60417 DPT=2087 SYN Jun 3 00:58:48 52.173.162.103 TCP SPT=60417 DPT=8080 SYN ... show less	Port Scan
Anonymous	2026-06-03 02:44:37 (3 weeks ago)	Shorewall log file match.	Port Scan
🇷🇸 Scan	2026-06-03 02:12:18 (3 weeks ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇬🇧 PeravixGroup	2026-06-03 00:10:55 (3 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
Anonymous	2026-06-02 07:00:00 (4 weeks ago)	SSH Brute-Force	DDoS Attack Port Scan Hacking Brute-Force SSH
🇺🇸 Starburst SysOp Team	2026-06-02 06:58:51 (4 weeks ago)	(mod_security-custom) mod_security (id:210492) triggered by 52.173.162.103 (-): 1 in the last 3600 s ... show more (mod_security-custom) mod_security (id:210492) triggered by 52.173.162.103 (-): 1 in the last 3600 secs (0-srv1) show less	Hacking
🇺🇸 brantknudson.org	2026-06-02 04:39:25 (4 weeks ago)	Request path 'GET /.git/HEAD HTTP/1.1'	Web App Attack Hacking
🇫🇷 pm33	2026-06-02 03:36:43 (4 weeks ago)	Probing for resource vulnerabilities HTTP(S)	Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 03:00:54 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 52.173.162.103 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.173.162.103 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 23:00:49.979338 2026] [security2:error] [pid 29694:tid 29694] [client 52.173.162.103:28664] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.188"] [uri "/.git/HEAD"] [unique_id "ah5HYX0EI3N78cmD3Ess7AAAACk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Ano_Nym	2026-06-02 02:57:04 (4 weeks ago)	CrowdSec IDS alert on VPS 217.154.115.19 (DE). Scenario: crowdsecurity/http-sensitive-files	Web App Attack
🇬🇧 djboddington	2026-06-02 02:29:43 (4 weeks ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇫🇷 otiima	2026-02-12 13:20:55 (4 months ago)	Feb 12 13:20:54 box sshd[756392]: Failed password for root from 52.173.162.103 port 23383 ssh2 Feb 1 ... show more Feb 12 13:20:54 box sshd[756392]: Failed password for root from 52.173.162.103 port 23383 ssh2 Feb 12 13:20:51 box sshd[756392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.173.162.103 user=root Feb 12 13:20:54 box sshd[756392]: Failed password for root from 52.173.162.103 port 23383 ssh2 ... show less	Brute-Force SSH
🇫🇷 otiima	2026-02-12 12:40:51 (4 months ago)	Feb 12 12:40:47 box sshd[751427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 ... show more Feb 12 12:40:47 box sshd[751427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.173.162.103 user=root Feb 12 12:40:50 box sshd[751427]: Failed password for root from 52.173.162.103 port 23104 ssh2 ... show less	Brute-Force SSH

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 185.247.137.25

🇧🇷 45.229.91.34

🇵🇰 223.123.124.124

🇨🇳 221.182.110.8

🇵🇱 166.88.60.164

🇩🇿 105.107.212.7

🇻🇳 103.153.75.186

🇩🇪 80.187.97.126

🇸🇪 51.20.252.164

🇹🇭 49.231.182.3

🇳🇱 45.198.224.115

🇬🇧 35.203.210.208

🇩🇪 2a09:bac5:2a95:2464::3a0:28

🇧🇷 200.141.47.190

🇨🇴 200.118.81.70

🇨🇳 180.107.108.41

🇺🇸 162.216.149.11

🇭🇰 154.23.185.75

🇺🇸 104.248.234.155

🇳🇱 104.248.80.12