AbuseIPDB » 52.189.238.83

Check an IP Address, Domain Name, or Subnet

e.g. 44.200.40.195, microsoft.com, or 5.188.10.0/24

52.189.238.83 was found in our database!

This IP was reported 82 times. Confidence of Abuse is 96%: ?

96%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
Domain Name	microsoft.com
Country	Australia
City	Melbourne, Victoria

IP info including ISP, Usage Type, and Location provided by IP2Location. Updated monthly.

Report 52.189.238.83

Whois 52.189.238.83

IP Abuse Reports for 52.189.238.83:

This IP address has been reported a total of 82 times from 38 distinct sources. 52.189.238.83 was first reported on May 17th 2022, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago. It is possible that this IP is no longer involved in abusive activities.

Reporter	Date	Comment	Categories
sebaro11	25 May 2022	Portscan on 80/TCP blocked by UFW	Port Scan
sebaro11	24 May 2022	Portscan on 80/TCP blocked by UFW	Port Scan
CrystalMaker	23 May 2022	Vulnerability scan - GET /.env	Hacking
sdos.es	23 May 2022	"Restricted File Access Attempt - Matched Data: /.env found within REQUEST_FILENAME: /.env"	Web App Attack
Anonymous	23 May 2022		DNS Compromise DDoS Attack
networknoise.xyz	22 May 2022	PORT : 443 \| https://networknoise.xyz/?filter=IP:GB92fHVTSAtUThp2QA%3D%3D	Port Scan
ut-addicted.com	22 May 2022	\[Mon May 23 02:33:41.422189 2022\] \[:error\] \[pid 18392:tid 139915310360320\] \[client 52.189.238 ... show more\[Mon May 23 02:33:41.422189 2022\] \[:error\] \[pid 18392:tid 139915310360320\] \[client 52.189.238.83:57811\] \[client 52.189.238.83\] ModSecurity: Access denied with code 403 \(phase 2\). Operator GE matched 5 at TX:anomaly_score. \[file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-949-BLOCKING-EVALUATION.conf"\] \[line "57"\] \[id "949110"\] \[msg "Inbound Anomaly Score Exceeded \(Total Score: 8\)"\] \[severity "CRITICAL"\] \[tag "application-multi"\] \[tag "language-multi"\] \[tag "platform-multi"\] \[tag "attack-generic"\] \[hostname "78.46.187.162"\] \[uri "/.env"\] \[unique_id "YorWZU4ECWOSoNJVZWQ9KQAAAMo"\] show less	Brute-Force Web App Attack
Pornomens	22 May 2022	52.189.238.83 - - [23/May/2022:01:17:14 +0200] "GET /.env HTTP/1.1" 403 473 "-" "Mozilla/5.0 (X11; L ... show more52.189.238.83 - - [23/May/2022:01:17:14 +0200] "GET /.env HTTP/1.1" 403 473 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 52.189.238.83 - - [23/May/2022:01:17:15 +0200] "POST / HTTP/1.1" 403 473 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" 52.189.238.83 - - [23/May/2022:01:17:17 +0200] "GET /.env HTTP/1.1" 403 5420 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" ... show less	Web App Attack
Ba-Yu	22 May 2022	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
Thaliruth	22 May 2022	[22/May/2022:19:49:28.848011 +0200] Yop3qDHJeJ4My03RLkvHjwAAAFM 52.189.238.83 36268 92.205.56.40 708 ... show more[22/May/2022:19:49:28.848011 +0200] Yop3qDHJeJ4My03RLkvHjwAAAFM 52.189.238.83 36268 92.205.56.40 7080 ... show less	Hacking
ChillScanner	22 May 2022	1 probe(s) @ TCP(80)	Port Scan
QUADEMU Abuse	22 May 2022	[New] Noxious/Nuisible/вредоносный Host.	Port Scan Brute-Force
HoneyPot-DE	22 May 2022	Tried to access .env file	Web App Attack
geot	21 May 2022	GET /.env HTTP/1.1 POST / HTTP/1.1	Hacking Web App Attack
why_u_doin_this	21 May 2022	52.189.238.83 - - [21/May/2022:21:06:16 +0800] Method:[GET] ReqUri:[/.env] Host:[<HOSTIP>] RAddr:[52 ... show more52.189.238.83 - - [21/May/2022:21:06:16 +0800] Method:[GET] ReqUri:[/.env] Host:[<HOSTIP>] RAddr:[52.189.238.83] code=301 bytes=169 Refer:[-] UA:[Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36] forward:"-" "-" ; "-" ... show less	Web Spam Port Scan