JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.188.225.249

52.188.225.249 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 48%: ?

48%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.188.225.249

Whois 52.188.225.249

IP Abuse Reports for 52.188.225.249:

This IP address has been reported a total of 11 times from 9 distinct sources. 52.188.225.249 was first reported on June 7th 2026, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 knock	2026-06-17 04:57:00 (5 days ago)	Knock-Knock honeypot brute-force: proto8 (259 total hits)	Brute-Force
Anonymous	2026-06-16 00:14:15 (6 days ago)	Banned by Fail2Ban on server	Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 21:15:24 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 52.188.225.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.188.225.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 17:15:20.939069 2026] [security2:error] [pid 15059:tid 15059] [client 52.188.225.249:38852] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tristarus.com"] [uri "/.env"] [unique_id "ajBraFl3YfRztrDcQshMrQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Octopuce	2026-06-15 04:09:01 (1 week ago)	Aggressive web search of vulnerable pages: /.env /.env.local /config.yml /application.yml /database. ... show more Aggressive web search of vulnerable pages: /.env /.env.local /config.yml /application.yml /database.yml ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 23:29:20 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 52.188.225.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.188.225.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 19:29:13.682065 2026] [security2:error] [pid 22163:tid 22163] [client 52.188.225.249:46142] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.mariettacaseyclub.org"] [uri "/.env"] [unique_id "ai85SS05VJm6O6FMcEIE3wAAACE"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-06-14 20:38:22 (1 week ago)	178 requests with url.path phpinfo.php 155 requests with url.path config.json	Brute-Force Bad Web Bot
🇩🇪 enjoyably	2026-06-14 18:52:32 (1 week ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇩🇪 Bedios GmbH	2026-06-09 10:55:47 (1 week ago)	Login credentials theft attempt	Hacking
🇩🇪 ghostwarriors	2026-06-08 02:50:22 (2 weeks ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇺🇸 theblocker	2026-06-07 12:21:44 (2 weeks ago)	Hacking Attempts	Brute-Force Hacking
🇺🇸 TPI-Abuse	2026-06-07 09:08:49 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 52.188.225.249 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.188.225.249 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 05:08:45.758881 2026] [security2:error] [pid 4393:tid 4412] [client 52.188.225.249:42188] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.79"] [uri "/.env"] [unique_id "aiU1HQ3QLtRcg7ZtGgaDnQAAAJE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 110.252.211.131

🇧🇷 205.164.235.149

🇧🇷 179.198.232.165

🇫🇷 163.5.241.27

🇺🇸 159.183.114.182

🇨🇦 96.44.152.170

🇳🇱 91.92.40.7

🇱🇹 81.30.98.144

🇮🇳 61.2.169.104

🇰🇷 59.21.37.60

🇺🇦 31.41.70.71

🇺🇸 13.221.164.219

🇫🇮 5.181.168.59

🇹🇼 220.134.44.71

🇺🇿 213.230.93.159

🇳🇱 212.192.216.2

🇩🇪 212.30.36.170

🇧🇪 207.175.61.8

🇲🇾 202.165.29.123

🇳🇱 195.26.87.217