JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.176.125.112

52.176.125.112 was found in our database!

This IP was reported 173 times. Confidence of Abuse is 53%: ?

53%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.176.125.112

Whois 52.176.125.112

IP Abuse Reports for 52.176.125.112:

This IP address has been reported a total of 173 times from 58 distinct sources. 52.176.125.112 was first reported on September 10th 2025, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 RAP	2026-06-23 16:18:49 (4 days ago)	2026-06-23 16:18:49 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇺🇸 Mainpine	2026-06-23 16:04:27 (4 days ago)	probing for vulnerable web apps	Web App Attack
Anonymous	2026-06-23 15:55:12 (4 days ago)	RdpGuard detected brute-force attempt on HTTP	Brute-Force
🇺🇸 MPL	2026-06-23 15:36:00 (4 days ago)	tcp port scan (16 or more attempts)	Port Scan
🇫🇷 TheHoneyPotter	2026-06-23 13:47:01 (4 days ago)	Honeypot [fc-honeypot]: Empty payload (likely service probe); 2082 [1], 2083 [1], 2086 [1] TCP Repor ... show more Honeypot [fc-honeypot]: Empty payload (likely service probe); 2082 [1], 2083 [1], 2086 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇳🇱 Savvii	2026-06-23 13:41:49 (4 days ago)	20 attempts against mh-misbehave-ban on yam	Brute-Force Bad Web Bot Web App Attack
🇦🇺 aranguren.org	2026-06-23 12:16:32 (4 days ago)	52.176.125.112 - - [23/Jun/2026:22:16:22 +1000] "GET /.git/HEAD HTTP/1.1" 404 986 "-" "Mozilla/5.0 ( ... show more 52.176.125.112 - - [23/Jun/2026:22:16:22 +1000] "GET /.git/HEAD HTTP/1.1" 404 986 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 52.176.125.112 - - [23/Jun/2026:22:16:25 +1000] "GET /.git/logs/HEAD HTTP/1.1" 404 986 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 52.176.125.112 - - [23/Jun/2026:22:16:27 +1000] "GET /.git/refs/heads/master HTTP/1.1" 404 986 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 52.176.125.112 - - [23/Jun/2026:22:16:28 +1000] "GET /.git/refs/heads/main HTTP/1.1" 404 986 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" 52.176.125.112 - - [23/Jun/2026:22:16:30 +1000] "GET /.git/index HTTP/1.1" 404 986 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KH ... show less	Bad Web Bot
Anonymous	2026-06-23 12:01:12 (4 days ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 Rayulcifer	2026-06-19 19:39:22 (1 week ago)	52.176.125.112 - - [19/Jun/2026:14:39:20 -0500] "GET http://ipv4.download.thinkbroadband.com/1MB.zip ... show more 52.176.125.112 - - [19/Jun/2026:14:39:20 -0500] "GET http://ipv4.download.thinkbroadband.com/1MB.zip HTTP/1.1" 403 363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0 Safari/537.36" 52.176.125.112 - - [19/Jun/2026:14:39:20 -0500] "GET http://speedtest.tele2.net/1MB.zip HTTP/1.1" 403 363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0 Safari/537.36" 52.176.125.112 - - [19/Jun/2026:14:39:20 -0500] "GET http://cachefly.cachefly.net/200mb.test HTTP/1.1" 403 363 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0 Safari/537.36" 52.176.125.112 - - [19/Jun/2026:14:39:20 -0500] "CONNECT speed.cloudflare.com:443 HTTP/1.1" 403 344 "-" "-" 52.176.125.112 - - [19/Jun/2026:14:39:21 -0500] "CONNECT proof.ovh.net:443 HTTP/1.1" 403 344 "-" "-" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇩🇪 2048	2026-04-09 01:49:04 (2 months ago)	2026-04-09T02:49:01.393349+01:00 machodeer kernel: [3956161.070001] [UFW BLOCK] IN=ens3 OUT= MAC=RED ... show more 2026-04-09T02:49:01.393349+01:00 machodeer kernel: [3956161.070001] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=52.176.125.112 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=40 ID=58978 DF PROTO=TCP SPT=58446 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-04-09T02:49:02.447800+01:00 machodeer kernel: [3956162.123938] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=52.176.125.112 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=40 ID=58979 DF PROTO=TCP SPT=58446 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-04-09T02:49:03.470830+01:00 machodeer kernel: [3956163.147940] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=52.176.125.112 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=40 ID=58980 DF PROTO=TCP SPT=58446 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 show less	Port Scan
🇺🇸 xmission.com	2026-03-31 04:55:34 (2 months ago)	Blocked by UFW (TCP on 80) Source port: 54027 TTL: 50 Packet length: 60 TOS: 0x00 This report (for ... show more Blocked by UFW (TCP on 80) Source port: 54027 TTL: 50 Packet length: 60 TOS: 0x00 This report (for 52.176.125.112) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇬🇪 gbzret4d	2026-02-20 03:44:11 (4 months ago)	Blocked by CrowdSec. Scenario: crowdsecurity/ssh-bf	Brute-Force SSH
🇺🇸 zakorko7	2026-02-20 03:10:53 (4 months ago)	2026-02-20T05:44:57.404706+03:00 vm3498069.firstbyte.club sshd[65031]: Failed password for root from ... show more 2026-02-20T05:44:57.404706+03:00 vm3498069.firstbyte.club sshd[65031]: Failed password for root from 52.176.125.112 port 52224 ssh2 2026-02-20T05:49:48.422678+03:00 vm3498069.firstbyte.club sshd[65071]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.176.125.112 user=root 2026-02-20T05:49:50.841358+03:00 vm3498069.firstbyte.club sshd[65071]: Failed password for root from 52.176.125.112 port 52224 ssh2 ... show less	Brute-Force SSH
🇳🇱 SchorelWeb	2026-02-20 03:09:20 (4 months ago)	Cluster member (Omitted) (NL/Netherlands/-) said, DENY 52.176.125.112, Reason:[(sshd) Failed SSH log ... show more Cluster member (Omitted) (NL/Netherlands/-) said, DENY 52.176.125.112, Reason:[(sshd) Failed SSH login from 52.176.125.112 (US/United States/-): 3 in the last 3600 secs] show less	Brute-Force SSH
🇩🇪 Honeypot-EU-Fru	2026-02-20 03:08:12 (4 months ago)	Feb 20 04:08:08 [redacted] sshd[1943400]: pam_unix(sshd:auth): authentication failure; logname= uid= ... show more Feb 20 04:08:08 [redacted] sshd[1943400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.176.125.112 user=root Feb 20 04:08:10 [redacted] sshd[1943400]: Failed password ... show less	Brute-Force SSH

Showing 1 to 15 of 173 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 200.68.173.113

🇲🇦 81.192.46.49

🇳🇱 45.148.10.151

🇬🇧 35.203.211.138

🇺🇸 216.25.89.103

🇺🇸 205.210.31.108

🇪🇬 197.47.93.33

🇬🇧 194.164.91.60

🇬🇧 193.8.186.29

🇧🇷 186.26.97.48

🇮🇳 139.167.225.182

🇺🇸 136.62.98.207

🇨🇳 116.179.33.211

🇷🇺 104.28.161.39

🇳🇱 89.248.167.131

🇬🇧 77.72.5.189

🇰🇷 59.16.212.232

🇳🇱 51.158.205.203

🇷🇺 46.8.23.240

🇬🇧 35.203.211.24