JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.176.124.233

52.176.124.233 was found in our database!

This IP was reported 35 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.176.124.233

Whois 52.176.124.233

IP Abuse Reports for 52.176.124.233:

This IP address has been reported a total of 35 times from 28 distinct sources. 52.176.124.233 was first reported on December 9th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-17 03:07:05 (1 day ago)	Port Scan detected from 52.176.124.233 (US/United States/-). 5 hits in the last 0 seconds	Brute-Force Port Scan
🇩🇪 Hary74656	2026-06-17 02:41:40 (1 day ago)	[Wed Jun 17 04:41:21.561334 2026] [security2:error] [pid 16707:tid 16807] [client 52.176.124.233:475 ... show more [Wed Jun 17 04:41:21.561334 2026] [security2:error] [pid 16707:tid 16807] [client 52.176.124.233:47521] [client 52.176.124.233] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.git/ found within REQUEST_FILENAME: /.git/head"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "78.46.107.184"] [uri "/.git/HEAD"] [unique_id "ajIJUY702T39hq4BwyKKoAAABCA"] [Wed Jun 17 04:41:22.883050 2026] [security2:error] [pid 16333:tid 16481] [client 52.176.124.233:47522] [client 52.176.124.233] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "/.git/" at REQUEST_FILENAME. [file "/usr/s ... show less	Web App Attack
🇫🇷 sthoyer.de	2026-06-17 00:49:06 (1 day ago)	Jun 17 02:49:04 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd: ... show more Jun 17 02:49:04 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=52.176.124.233 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=16975 DF PROTO=TCP SPT=47913 DPT=2078 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 17 02:49:04 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=52.176.124.233 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=10201 DF PROTO=TCP SPT=47920 DPT=2082 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 17 02:49:04 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=52.176.124.233 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=17760 DF PROTO=TCP SPT=47907 DPT=2083 WINDOW=64240 RES=0x00 SYN URGP=0 Jun 17 02:49:04 sthoyer kernel: [IPTables-Dropped-I] IN=eth0 OUT= MAC=00:50:56:43:00:af:c0:69:11:cd:10:f7:08:00 SRC=52.176.124.233 DST=173.212.223.67 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=19561 DF PROTO=TCP SPT=47893 DPT=2086 WI ... show less	Port Scan
🇷🇸 Scan	2026-06-17 00:33:40 (1 day ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇯🇵 S.O.B.A. Dev.	2026-06-09 21:56:27 (1 week ago)	Persistent port scanning or vulnerability scanning	Port Scan
Anonymous	2026-06-09 21:50:11 (1 week ago)	52.176.124.233 - - [09/Jun/2026:21:50:10 +0000] "GET /.git/config HTTP/1.1" 404 6974 "-" "Mozilla/5. ... show more 52.176.124.233 - - [09/Jun/2026:21:50:10 +0000] "GET /.git/config HTTP/1.1" 404 6974 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ... show less	Brute-Force Web App Attack
Anonymous	2026-06-09 20:48:21 (1 week ago)	Port Scan detected from 52.176.124.233 (US/United States/-). 5 hits in the last 0 seconds	Brute-Force Port Scan
🇹🇷 Threat.live	2026-06-09 19:45:02 (1 week ago)	Suspicious Connection Attempts	Brute-Force
🇩🇪 dispaisyenterprises	2026-06-09 19:04:02 (1 week ago)	Honeypot [fra-de-honeypot]: Empty payload (likely service probe); 2087 [1], 2086 [1], 2082 [1] TCP R ... show more Honeypot [fra-de-honeypot]: Empty payload (likely service probe); 2087 [1], 2086 [1], 2082 [1] TCP Reported by DisPaisy Enterprises (dispaisy.systems) using: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-09 18:45:35 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 52.176.124.233 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.176.124.233 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 14:45:29.641346 2026] [security2:error] [pid 25612:tid 25612] [client 52.176.124.233:27283] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.212"] [uri "/.git/HEAD"] [unique_id "aihfSfQefVal0yIekf2JPwAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 RH5	2026-06-09 18:16:30 (1 week ago)	Restricted URL probing (/.git) (UTC 2026-06-09 18:16)	Web App Attack
🇦🇹 urnilxfgbez	2026-06-03 22:45:00 (2 weeks ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇺🇸 anon333	2026-06-03 02:36:30 (2 weeks ago)	Invalid HTTP port 80 probes to server T2236	Hacking Exploited Host
🇷🇸 Scan	2026-06-03 01:57:59 (2 weeks ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-03 00:42:36 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 52.176.124.233 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.176.124.233 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 20:42:30.983404 2026] [security2:error] [pid 22383:tid 22383] [client 52.176.124.233:44106] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.114"] [uri "/.git/HEAD"] [unique_id "ah94dvHoCqKqXZFQhkofsAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 35 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 213.166.84.61

🇳🇱 176.65.149.220

🇳🇱 209.38.53.37

🇨🇱 186.64.123.124

🇸🇬 142.91.102.187

🇫🇷 62.210.142.64

🇫🇷 51.68.236.93

🇺🇦 31.148.28.219

🇶🇦 20.173.116.24

🇰🇷 1.214.214.114

🇨🇳 180.153.236.111

🇵🇰 124.29.214.246

🇪🇪 195.222.7.74

🇲🇾 180.74.84.64

🇺🇸 154.83.197.169

🇸🇬 128.199.231.249

🇸🇬 103.187.146.33

🇻🇳 103.98.149.56

🇺🇸 45.59.161.159

🇺🇸 43.135.134.180