JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.190.140.96

52.190.140.96 was found in our database!

This IP was reported 24 times. Confidence of Abuse is 31%: ?

31%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.190.140.96

Whois 52.190.140.96

IP Abuse Reports for 52.190.140.96:

This IP address has been reported a total of 24 times from 17 distinct sources. 52.190.140.96 was first reported on August 2nd 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 xmission.com	2026-06-17 21:25:10 (2 days ago)	Blocked by UFW (TCP on 37888) Source port: 48128 TTL: 116 Packet length: 40 TOS: 0x00 This report ( ... show more Blocked by UFW (TCP on 37888) Source port: 48128 TTL: 116 Packet length: 40 TOS: 0x00 This report (for 52.190.140.96) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇷🇺 rutoriusrut	2026-06-16 03:10:00 (3 days ago)	Сказочный иди*т, который пытался занести обратный шелл через уязвимость в WP.	Web App Attack Hacking SQL Injection
🇬🇧 PeravixGroup	2026-06-03 08:14:57 (2 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇩🇪 big-cloud.nl	2026-05-23 09:11:07 (3 weeks ago)	Try to access /config/.env	Web App Attack
Anonymous	2026-05-23 07:50:15 (3 weeks ago)	(PERMBLOCK) 52.190.140.96 (US/United States/-) has had more than 4 temp blocks in the last 86400 sec ... show more (PERMBLOCK) 52.190.140.96 (US/United States/-) has had more than 4 temp blocks in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_PERMBLOCK_COUNT; Logs: show less	Port Scan
Anonymous	2026-05-23 06:49:34 (3 weeks ago)	(caddyscan) Scanner path probe from 52.190.140.96 (US/United States/-): 5 in the last 3600 secs; Por ... show more (caddyscan) Scanner path probe from 52.190.140.96 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:06:48:46 +0000] "GET /@fs/.env.production?import&raw HTTP/1.1" [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:06:48:46 +0000] "GET /@fs/.env.test?import&raw HTTP/1.1" [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:06:48:46 +0000] "GET /@fs/.git/config?import&raw HTTP/1.1" [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:06:48:46 +0000] "GET /@fs/.git/config?import?raw HTTP/1.1" [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:06:49:29 +0000] "GET /config/.env HTTP/1.1" show less	Port Scan
Anonymous	2026-05-23 05:48:21 (3 weeks ago)	(caddyscan) Scanner path probe from 52.190.140.96 (US/United States/-): 5 in the last 3600 secs; Por ... show more (caddyscan) Scanner path probe from 52.190.140.96 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:05:48:15 +0000] "GET /config/.env HTTP/1.1" [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:05:48:15 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:05:48:16 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:05:48:16 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:05:48:16 +0000] "GET /.env HTTP/1.1" show less	Port Scan
Anonymous	2026-05-23 04:45:57 (3 weeks ago)	(caddyscan) Scanner path probe from 52.190.140.96 (US/United States/-): 5 in the last 3600 secs; Por ... show more (caddyscan) Scanner path probe from 52.190.140.96 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:04:45:55 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:04:45:55 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:04:45:55 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:04:45:55 +0000] "GET /@fs/.env?import&raw HTTP/1.1" [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:04:45:55 +0000] "GET /@fs/.env.local?import&raw HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-23 03:44:54 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 52.190.140.96 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 52.190.140.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 23:44:47.101377 2026] [security2:error] [pid 18756:tid 18775] [client 52.190.140.96:21442] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "boracayboats.com"] [uri "/.env"] [unique_id "ahEirz2Cbz5YCxAAT5XUSAAAAIY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-23 03:44:49 (3 weeks ago)	(caddyscan) Scanner path probe from 52.190.140.96 (US/United States/-): 5 in the last 3600 secs; Por ... show more (caddyscan) Scanner path probe from 52.190.140.96 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:03:44:46 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:03:44:46 +0000] "GET /config/.env HTTP/1.1" [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:03:44:46 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:03:44:47 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 52.190.140.96 - - [23/May/2026:03:44:47 +0000] "GET /.env HTTP/1.1" show less	Port Scan
🇺🇸 Rayulcifer	2026-04-14 13:51:57 (2 months ago)	52.190.140.96 - - [14/Apr/2026:08:51:56 -0500] "GET http://httpbin.org/ip HTTP/1.1" 200 874 "-" "axi ... show more 52.190.140.96 - - [14/Apr/2026:08:51:56 -0500] "GET http://httpbin.org/ip HTTP/1.1" 200 874 "-" "axios/1.14.0" 52.190.140.96 - - [14/Apr/2026:08:51:56 -0500] "GET http://httpbin.org/get HTTP/1.1" 200 874 "-" "axios/1.14.0" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇺🇸 pduggusa	2026-02-22 00:53:44 (3 months ago)	Detected attacking dugganusa.com at 2026-02-22T00:53:44.521Z \| Attack: Web Service \| Source: DugganU ... show more Detected attacking dugganusa.com at 2026-02-22T00:53:44.521Z \| Attack: Web Service \| Source: DugganUSA PreCog auto-block show less	Hacking
🇺🇸 pduggusa	2026-02-22 00:23:05 (3 months ago)	Detected attacking dugganusa.com at 2026-02-22T00:23:05.672Z \| Attack: Web Service \| Source: DugganU ... show more Detected attacking dugganusa.com at 2026-02-22T00:23:05.672Z \| Attack: Web Service \| Source: DugganUSA PreCog auto-block show less	Hacking
🇧🇾 StatsMe	2026-01-20 22:57:53 (4 months ago)	2026-01-20T13:50:11.683704+0300 ET SCAN NMAP -sS window 1024	Port Scan
🇺🇸 sumnone	2026-01-20 13:45:17 (4 months ago)	Port probing on unauthorized port 2083	Port Scan Hacking Exploited Host

Showing 1 to 15 of 24 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 205.210.31.177

🇺🇸 147.185.132.33

🇩🇪 69.5.169.111

🇮🇹 216.128.11.25

🇺🇸 199.195.254.215

🇧🇪 198.235.24.246

🇷🇴 193.46.255.86

🇧🇷 191.185.78.37

🇺🇸 184.105.247.202

🇺🇸 162.216.150.177

🇺🇸 162.216.149.92

🇦🇹 141.101.105.75

🇮🇳 139.59.58.168

🇧🇷 131.221.133.6

🇨🇳 111.26.62.37

🇵🇰 103.170.178.253

🇦🇴 102.213.34.99

🇺🇸 98.92.167.187

🇳🇱 93.123.109.184

🇵🇱 87.251.64.176