JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.176.22.166

52.176.22.166 was found in our database!

This IP was reported 205 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.176.22.166

Whois 52.176.22.166

IP Abuse Reports for 52.176.22.166:

This IP address has been reported a total of 205 times from 171 distinct sources. 52.176.22.166 was first reported on June 1st 2026, and the most recent report was 6 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Safronus	2026-06-01 19:11:44 (3 days ago)	Banned by fail2ban jail=nginx-noscript match=$f2bV_matches	Bad Web Bot Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-01 19:05:02 (3 days ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [wa01]	Hacking Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-01 19:04:46 (3 days ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: US, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: US, Attack patterns: WordPress scanning, Webshell probing, Malicious User-Agent show less	Bad Web Bot Web App Attack
🇩🇪 joharikop	2026-06-01 18:53:33 (3 days ago)	Exploit scanning detected by fail2ban on nginx reverse proxy (wp-admin, .env, shell probes, phpmyadm ... show more Exploit scanning detected by fail2ban on nginx reverse proxy (wp-admin, .env, shell probes, phpmyadmin) show less	Web App Attack
🇸🇬 Cloudkul Cloudkul	2026-06-01 18:53:15 (3 days ago)	Attempted Not Found (404 status code) requests on our application, more than 30% of their total requ ... show more Attempted Not Found (404 status code) requests on our application, more than 30% of their total requests. show less	Brute-Force Web App Attack
🇺🇸 Operator873	2026-06-01 18:37:14 (3 days ago)	2026/06/01 13:37:12 [error] 2076233#0: 3546965 access forbidden by rule, client: 52.176.22.166, ser ... show more 2026/06/01 13:37:12 [error] 2076233#0: 3546965 access forbidden by rule, client: 52.176.22.166, server: [OBFUSCATED], request: "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1", host: "mailadmin.ntars.net" 2026/06/01 13:37:12 [error] 2076233#0: 3546965 access forbidden by rule, client: 52.176.22.166, server: [OBFUSCATED], request: "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1", host: "mailadmin.ntars.net" 2026/06/01 13:37:12 [error] 2076233#0: 3546965 access forbidden by rule, client: 52.176.22.166, server: [OBFUSCATED], request: "GET /error.php HTTP/1.1", host: "mailadmin.ntars.net" 2026/06/01 13:37:12 [error] 2076233#0: 3546965 access forbidden by rule, client: 52.176.22.166, server: [OBFUSCATED], request: "GET /error.php HTTP/1.1", host: "mailadmin.ntars.net" 2026/06/01 13:37:12 [error] 2076233#0: 3546965 access forbidden by rule, client: 52.176.22.166, server: [OBFUSCATED], request: "GET /wpo.php HTTP/1.1", host: "mailadmin.ntars ... show less	Brute-Force Web App Attack
🇺🇸 antlac1	2026-06-01 18:34:29 (3 days ago)	crowdsecurity/http-backdoors-attempts	Brute-Force Web App Attack
🇩🇪 pscriptos	2026-06-01 18:33:32 (3 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing	Web App Attack Hacking
🇺🇸 helios.live	2026-06-01 18:17:18 (3 days ago)	2026/06/01 18:17:17 [error] 2760965#2760965: 1538121 FastCGI sent in stderr: "Primary script unknow ... show more 2026/06/01 18:17:17 [error] 2760965#2760965: 1538121 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 52.176.22.166, server: staging.kocerroxy.com, request: "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php8.3-fpm-staging.sock:", host: "staging.kocerroxy.com" 2026/06/01 18:17:17 [error] 2760965#2760965: 1538121 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 52.176.22.166, server: staging.kocerroxy.com, request: "GET /error.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php8.3-fpm-staging.sock:", host: "staging.kocerroxy.com" 2026/06/01 18:17:17 [error] 2760965#2760965: 1538121 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 52.176.22.166, server: staging.kocerroxy.com, request: "GET /wpo.php HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php8.3-fpm-staging ... show less	Web App Attack
🇺🇸 abenage	2026-06-01 18:07:16 (3 days ago)	52.176.22.166 - - [01/Jun/2026:12:07:15 -0600] "GET /wp-content/plugins/hellopress/wp_filemanager.ph ... show more 52.176.22.166 - - [01/Jun/2026:12:07:15 -0600] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 162 "-" "-" show less	Bad Web Bot Web App Attack
Anonymous	2026-06-01 18:02:13 (3 days ago)	Web attack	Bad Web Bot Web App Attack
🇨🇿 ptlab	2026-06-01 18:00:04 (3 days ago)	Detected wp_admin attack from WP-host.	Hacking Web App Attack
🇩🇪 raph	2026-06-01 17:59:02 (3 days ago)	[Wordpress] crawler /wp-admin/, /wp-content/, etc.	Bad Web Bot Web App Attack
🇺🇸 WellSpring	2026-06-01 17:56:34 (3 days ago)	Automated probe detected by Ody Sentinel / WellSpr.ing. Type: wordpress_content. Path: /wp-content/p ... show more Automated probe detected by Ody Sentinel / WellSpr.ing. Type: wordpress_content. Path: /wp-content/plugins/hellopress/wp_filemanager.php. Auto-blocked after threshold exceeded. Dossier: https://wellspr.ing/dossier/sentinel-52-176-22-166 show less	Web App Attack
🇳🇿 Antinson	2026-06-01 17:54:11 (3 days ago)	Scraping with a high error ratio and request rate	Bad Web Bot

Showing 46 to 60 of 205 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 209.97.134.111

🇧🇪 198.235.24.252

🇪🇸 79.116.23.158

🇺🇸 66.132.172.238

🇲🇾 49.124.205.169

🇳🇱 45.148.10.157

🇮🇳 4.213.224.194

🇮🇶 212.237.119.146

🇫🇮 147.185.133.154

🇨🇳 120.235.58.48

🇨🇳 118.145.102.69

🇷🇴 80.94.92.182

🇬🇧 80.44.58.47

🇩🇪 46.249.99.46

🇨🇦 35.203.79.239

🇺🇸 2607:f8b0:4002:c00::12c

🇺🇸 195.184.76.213

🇫🇮 147.185.133.78

🇳🇱 80.61.63.86

🇪🇸 79.117.115.43