JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.173.182.166

52.173.182.166 was found in our database!

This IP was reported 45 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.173.182.166

Whois 52.173.182.166

IP Abuse Reports for 52.173.182.166:

This IP address has been reported a total of 45 times from 34 distinct sources. 52.173.182.166 was first reported on August 29th 2025, and the most recent report was 18 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-02 00:54:41 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 52.173.182.166 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.173.182.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 20:54:38.369367 2026] [security2:error] [pid 12133:tid 12230] [client 52.173.182.166:46484] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.14"] [uri "/.git/config"] [unique_id "ah4pzmzBGZ-vdgYExPGSSwAAAMs"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇴 gtheo99	2026-06-02 00:51:52 (2 days ago)	52.173.182.166 (US/United States/-), 3 distributed cpanel attacks on account [root] in the last 900 ... show more 52.173.182.166 (US/United States/-), 3 distributed cpanel attacks on account [root] in the last 900 secs show less	SSH Brute-Force Hacking
🇯🇵 demonsword	2026-05-09 00:11:53 (3 weeks ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: example.com:443 show less	Open Proxy Port Scan
🇺🇸 Rayulcifer	2026-03-20 02:38:29 (2 months ago)	52.173.182.166 - - [19/Mar/2026:21:36:07 -0500] "CONNECT prj-vnp6yccq-frontend.flames.app:443 HTTP/1 ... show more 52.173.182.166 - - [19/Mar/2026:21:36:07 -0500] "CONNECT prj-vnp6yccq-frontend.flames.app:443 HTTP/1.1" 502 488 "-" "Go-http-client/1.1" 52.173.182.166 - - [19/Mar/2026:21:38:28 -0500] "CONNECT prj-vnp6yccq-frontend.flames.app:443 HTTP/1.1" 502 488 "-" "Go-http-client/1.1" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇺🇸 Rayulcifer	2026-03-17 07:06:33 (2 months ago)	52.173.182.166 - - [17/Mar/2026:02:06:32 -0500] "CONNECT proof.ovh.net:443 HTTP/1.1" 502 488 "-" "-" ... show more 52.173.182.166 - - [17/Mar/2026:02:06:32 -0500] "CONNECT proof.ovh.net:443 HTTP/1.1" 502 488 "-" "-" 52.173.182.166 - - [17/Mar/2026:02:06:32 -0500] "CONNECT speed.cloudflare.com:443 HTTP/1.1" 502 488 "-" "-" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇳🇱 homeshowdomain.nl	2026-01-15 23:02:31 (4 months ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-01-14. show less	Hacking Web App Attack SSH
🇧🇪 cmbplf	2026-01-14 22:09:51 (4 months ago)	161 requests with url.path */.git/config	Brute-Force Bad Web Bot
Anonymous	2026-01-14 20:25:01 (4 months ago)	suspicious request in access.log	Web App Attack
🇺🇸 TPI-Abuse	2026-01-14 20:12:17 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 52.173.182.166 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.173.182.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 14 15:12:14.754407 2026] [security2:error] [pid 27138:tid 27138] [client 52.173.182.166:9261] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rogerg.com"] [uri "/.git/config"] [unique_id "aWf4nt_SLSjGvwHmr3UfcwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Rip	2026-01-14 20:10:55 (4 months ago)	Automated recon attempt targeting restricted and sensitive paths.	Web App Attack
🇺🇸 TPI-Abuse	2026-01-14 19:36:29 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 52.173.182.166 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.173.182.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 14 14:36:21.590612 2026] [security2:error] [pid 19158:tid 19158] [client 52.173.182.166:9293] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cuulphotos.com"] [uri "/.git/config"] [unique_id "aWfwNbunqJVNyQTD8Z9UUQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-14 19:18:08 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 52.173.182.166 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.173.182.166 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 14 14:18:00.923359 2026] [security2:error] [pid 13356:tid 13432] [client 52.173.182.166:9280] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.absurdotron.com"] [uri "/.git/config"] [unique_id "aWfr6KXzDCIQFFHRteDpOQAAAFg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Rayulcifer	2025-12-19 01:05:13 (5 months ago)	52.173.182.166 - - [18/Dec/2025:20:05:12 -0500] "CONNECT proof.ovh.net:443 HTTP/1.1" 502 488 "-" "-" ... show more 52.173.182.166 - - [18/Dec/2025:20:05:12 -0500] "CONNECT proof.ovh.net:443 HTTP/1.1" 502 488 "-" "-" 52.173.182.166 - - [18/Dec/2025:20:05:12 -0500] "CONNECT speed.hetzner.de:443 HTTP/1.1" 502 488 "-" "-" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇨🇳 ThreatBook.io	2025-09-24 22:09:22 (8 months ago)	ThreatBook Intelligence: IDC,Spam more details on https://threatbook.io/ip/52.173.182.166	Web App Attack
Anonymous	2025-08-29 00:36:15 (9 months ago)	Excessive crawling/scraping	Hacking Brute-Force

Showing 31 to 45 of 45 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 103.107.60.45

🇷🇺 178.66.179.146

🇺🇸 146.190.78.195

🇨🇳 117.173.77.121

🇵🇭 112.203.59.121

🇫🇷 91.196.152.188

🇱🇧 77.246.68.172

🇺🇸 76.89.128.40

🇳🇱 20.123.146.94

🇭🇰 223.197.248.209

🇰🇷 121.78.125.123

🇭🇰 103.158.29.100

🇫🇷 84.7.95.215

🇺🇸 52.188.231.113

🇨🇳 14.103.117.97

🇯🇵 207.56.225.202

🇧🇷 186.195.139.33

🇺🇸 167.172.131.35

🇸🇦 167.100.252.134

🇺🇸 162.240.150.48