JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.173.162.36

52.173.162.36 was found in our database!

This IP was reported 165 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.173.162.36

Whois 52.173.162.36

IP Abuse Reports for 52.173.162.36:

This IP address has been reported a total of 165 times from 137 distinct sources. 52.173.162.36 was first reported on December 20th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (1 day ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇧🇷 SOC-BR	2026-06-03 07:36:57 (1 day ago)	Attack detected by Fortinet - web_server: HTPasswd.Access - 2026-06-02 16:57:35 - Source Port 45085	Port Scan Hacking
🇹🇷 SeczarSecureOps	2026-06-03 04:11:26 (1 day ago)	Auto-blocked by Seczar SecureOps — Port Scan Detection (7 events in 10min) at 2026-06-03 04:11	Port Scan
🇭🇺 whitehoodie	2026-06-03 04:00:27 (1 day ago)	AUTOMATED REPORT: Tried to access .env file	Hacking Bad Web Bot Web App Attack
🇩🇪 ValtonTahiri	2026-06-03 03:45:06 (1 day ago)	UFW blocked a suspicious connection attempt to a closed or denied port. This activity is commonly as ... show more UFW blocked a suspicious connection attempt to a closed or denied port. This activity is commonly associated with port scanning, service discovery, or automated internet probing. Technical: source_ip=52.173.162.36; proto=TCP; source_port=45532; target_port=8080; flags=SYN show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-03 03:03:18 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 52.173.162.36 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 52.173.162.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 23:03:12.690684 2026] [security2:error] [pid 26496:tid 26496] [client 52.173.162.36:12999] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.144"] [uri "/.git/config"] [unique_id "ah-ZcM-lFVzHYzuk9JuGpAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇪 www.remote24.se	2026-06-03 02:44:55 (2 days ago)	3389BruteforceStormFW21	Brute-Force
🇺🇸 MPL	2026-06-03 02:27:39 (2 days ago)	tcp port scan (14 or more attempts)	Port Scan
🇸🇪 SkyDancer	2026-06-03 02:20:06 (2 days ago)	Multiple intrusion attempts via http/https on known vulnerable url offsets. Attack automatically blo ... show more Multiple intrusion attempts via http/https on known vulnerable url offsets. Attack automatically blocked by SkyDancer Ai(web-X). show less	Hacking Brute-Force
Anonymous	2026-06-03 01:48:10 (2 days ago)	[03/Jun/2026:04:48:08 +0300] 17804512887.560217 52.173.162.36 12567 148.251.76.218 80 [03/Jun/2026:0 ... show more [03/Jun/2026:04:48:08 +0300] 17804512887.560217 52.173.162.36 12567 148.251.76.218 80 [03/Jun/2026:04:48:10 +0300] 178045129010.817346 52.173.162.36 13210 148.251.76.218 80 show less	Web App Attack
🇷🇸 Scan	2026-06-03 00:23:39 (2 days ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 mnsf	2026-06-03 00:05:47 (2 days ago)	Too many Status 50X (11)	Brute-Force Web App Attack
🇺🇸 RAP	2026-06-03 00:03:48 (2 days ago)	2026-06-03 00:03:48 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 23:58:07 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 52.173.162.36 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 52.173.162.36 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 19:58:01.297289 2026] [security2:error] [pid 7578:tid 7578] [client 52.173.162.36:45189] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.180"] [uri "/.git/HEAD"] [unique_id "ah9uCbXXrWnB8RX5wsFRKgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-02 23:53:17 (2 days ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host

Showing 1 to 15 of 165 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 201.77.124.248

🇨🇷 200.119.186.25

🇹🇼 198.235.24.126

🇮🇹 178.239.180.109

🇩🇪 167.94.146.39

🇨🇭 104.244.74.201

🇩🇪 104.23.239.49

🇵🇰 103.134.0.92

🇳🇵 103.126.247.139

🇷🇴 80.94.92.233

🇺🇸 69.112.28.181

🇲🇻 69.94.43.93

🇵🇭 180.195.74.108

🇲🇽 177.248.147.53

🇸🇬 152.32.220.188

🇧🇷 131.72.123.137

🇨🇳 115.190.167.144

🇺🇸 107.173.79.221

🇱🇹 81.30.98.62

🇨🇦 70.67.68.40