JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.176.138.197

52.176.138.197 was found in our database!

This IP was reported 72 times. Confidence of Abuse is 92%: ?

92%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.176.138.197

Whois 52.176.138.197

IP Abuse Reports for 52.176.138.197:

This IP address has been reported a total of 72 times from 48 distinct sources. 52.176.138.197 was first reported on September 14th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 SpaceHost-Server	2026-06-02 22:35:12 (1 day ago)		Brute-Force Web App Attack
Anonymous	2026-06-02 11:10:13 (1 day ago)	automatically banned	Brute-Force Web App Attack
🇺🇸 SuperCores Hosting	2026-06-02 10:34:29 (1 day ago)	[2026-06-02 10:34:29.752049] TELNET/8080 Unautorized connection, Suspicious Mirai Botnet.	IoT Targeted Brute-Force Hacking Port Scan DDoS Attack
🇺🇸 Ocean Ascents	2026-06-02 10:03:43 (1 day ago)	Probe for vulnerabilities. Path attempted: /wp-config.php	Web App Attack
🇮🇪 AutosOnShow	2026-06-02 09:53:05 (1 day ago)	blocked for webapp attack \| path requested: /.env \| seen at 2026-06-02 09:52:32.183 \|	Web App Attack
🇳🇱 Yachiyo Runami	2026-06-02 09:48:33 (1 day ago)	Port Scan on Honeypot \| Ports: 8080/HTTP-proxy, 80/HTTP \| Proto: TCP(2) \| Flags: all SYN \| TTL: 47 \| ... show more Port Scan on Honeypot \| Ports: 8080/HTTP-proxy, 80/HTTP \| Proto: TCP(2) \| Flags: all SYN \| TTL: 47 \| Len: 60B(2x) \| Win: 64240(2) \| F2B/ufw-honeypot@2026-06-02T09:48:33Z show less	Port Scan Hacking
🇳🇱 BIV	2026-06-02 09:48:28 (1 day ago)	Honeypot multi-source hit. Sources: tpot:Honeytrap,tpot:P0f,tpot:Suricata. Ports: 2083,8080. Automat ... show more Honeypot multi-source hit. Sources: tpot:Honeytrap,tpot:P0f,tpot:Suricata. Ports: 2083,8080. Automated tiered (T-Pot+DShield). show less	Port Scan Hacking Bad Web Bot
🇺🇸 MPL	2026-06-02 09:11:50 (1 day ago)	tcp port scan (14 or more attempts)	Port Scan
🇬🇧 PeravixGroup	2026-06-02 07:30:02 (1 day ago)	Imunify360 WAF block (graylisted)	Web App Attack
🇷🇴 gtheo99	2026-06-02 06:59:54 (1 day ago)	52.176.138.197 (US/United States/-), 2 distributed cpanel attacks on account [root] in the last 900 ... show more 52.176.138.197 (US/United States/-), 2 distributed cpanel attacks on account [root] in the last 900 secs show less	SSH Brute-Force Hacking
Anonymous	2026-06-02 06:58:14 (1 day ago)	Fail2Ban triggered	Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 06:49:57 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 52.176.138.197 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.176.138.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 02:49:52.478626 2026] [security2:error] [pid 16239:tid 16239] [client 52.176.138.197:62497] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.207"] [uri "/.git/HEAD"] [unique_id "ah59EJganHIwYVdh_oFjYgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇱 spd.co.il	2026-05-27 19:07:43 (1 week ago)	Web application attack detected	Hacking Web App Attack
🇮🇳 evicky2002	2026-04-30 13:04:10 (1 month ago)	Confirmed malicious by STILWaters CTI platform (score=100, sources=1)	Hacking Brute-Force SSH
🇺🇸 octageeks.com	2026-04-14 04:06:29 (1 month ago)	Wordpress malicious attack:[sshd]	Web App Attack

Showing 1 to 15 of 72 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 213.171.208.232

🇹🇼 198.235.24.52

🇨🇴 191.97.12.90

🇬🇪 178.134.175.115

🇧🇷 177.11.17.179

🇮🇳 103.119.240.77

🇹🇷 78.187.94.82

🇩🇪 45.135.194.83

🇸🇬 43.172.195.186

🇺🇸 35.90.96.201

🇩🇪 3.65.182.10

🇲🇽 201.149.53.243

🇹🇼 198.235.24.48

🇹🇼 198.235.24.46

🇹🇼 198.235.24.45

🇬🇹 181.78.109.48

🇰🇭 175.100.107.238

🇫🇮 147.185.133.171

🇦🇪 139.185.55.154

🇯🇵 125.205.192.214