JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.190.140.98

52.190.140.98 was found in our database!

This IP was reported 32 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.190.140.98

Whois 52.190.140.98

IP Abuse Reports for 52.190.140.98:

This IP address has been reported a total of 32 times from 28 distinct sources. 52.190.140.98 was first reported on September 1st 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-03 11:06:05 (1 week ago)	Portscan: TCP/2083, TCP/2087, TCP/2082, TCP/2086, TCP/8443, TCP/8080	Port Scan
🇫🇷 ISPLtd	2026-06-03 08:03:30 (1 week ago)	Jun 3 05:03:29 52.190.140.98 TCP SPT=56089 DPT=2083 SYN Jun 3 05:03:29 52.190.140.98 TCP SPT=56109 ... show more Jun 3 05:03:29 52.190.140.98 TCP SPT=56089 DPT=2083 SYN Jun 3 05:03:29 52.190.140.98 TCP SPT=56109 DPT=8080 SYN Jun 3 05:03:29 52.190.140.98 TCP SPT=56097 DPT=2082 ... show less	Port Scan
🇺🇸 RAP	2026-06-03 08:01:47 (1 week ago)	2026-06-03 08:01:47 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 06:33:05 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 52.190.140.98 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 52.190.140.98 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 02:33:00.257789 2026] [security2:error] [pid 7992:tid 7992] [client 52.190.140.98:55456] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.105"] [uri "/.env.production"] [unique_id "ah_KnMAroDbERSbb49ffOwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇪 AutosOnShow	2026-06-03 05:52:05 (1 week ago)	blocked for webapp attack \| path requested: /.git/config \| seen at 2026-06-03 05:51:35.216 \|	Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 05:37:53 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 52.190.140.98 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 52.190.140.98 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 01:37:45.406050 2026] [security2:error] [pid 3898:tid 3898] [client 52.190.140.98:55941] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.155"] [uri "/.git/HEAD"] [unique_id "ah-9qVj8TQmhYn8hffcZhgAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Nov	2026-06-03 05:08:39 (1 week ago)	Unauthorized HTTP access attempt (tcp/80)	Port Scan
🇹🇭 Sawasdee	2026-06-03 04:42:22 (1 week ago)	Port Scan ...	Port Scan
🇺🇸 MPL	2026-06-03 04:32:57 (1 week ago)	tcp port scan (8 or more attempts)	Port Scan
🇺🇸 TPI-Abuse	2026-06-03 04:09:18 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 52.190.140.98 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 52.190.140.98 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 00:09:14.987521 2026] [security2:error] [pid 9126:tid 9126] [client 52.190.140.98:56324] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.183"] [uri "/.git/HEAD"] [unique_id "ah-o6rGBUMjg-2DoauqPXwAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 maxpower	2026-06-03 04:07:16 (1 week ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 52.190.140.98 (US/United States/-): 2 in ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 52.190.140.98 (US/United States/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 52.190.140.98 - - [03/Jun/2026:06:07:07 +0200] "GET /wp-config.php.bak HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Mobile Safari/537.36" "-" host=51.77.95.117 52.190.140.98 - - [03/Jun/2026:06:07:08 +0200] "GET /.aws/credentials HTTP/1.1" 404 10393 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "-" host=51.77.95.117 show less	Port Scan
🇬🇧 PeravixGroup	2026-06-02 14:30:46 (1 week ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
Anonymous	2026-06-02 08:03:42 (1 week ago)	PORT & IP Scan.	Port Scan Brute-Force
🇹🇷 Threat.live	2026-06-02 07:20:04 (1 week ago)	Threat.live: Web Scan	Web App Attack
🇬🇧 ISPLtd	2026-06-02 06:36:45 (1 week ago)	Jun 2 03:36:43 52.190.140.98 TCP SPT=19866 DPT=2087 SYN Jun 2 03:36:43 52.190.140.98 TCP SPT=19888 ... show more Jun 2 03:36:43 52.190.140.98 TCP SPT=19866 DPT=2087 SYN Jun 2 03:36:43 52.190.140.98 TCP SPT=19888 DPT=2083 SYN Jun 2 03:36:43 52.190.140.98 TCP SPT=19737 DPT=2086 ... show less	Port Scan

Showing 1 to 15 of 32 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 47.44.181.11

🇵🇭 202.175.241.170

🇮🇳 182.18.139.237

🇷🇺 178.178.90.90

🇨🇳 117.50.177.222

🇻🇳 116.110.211.28

🇨🇳 112.74.45.130

🇺🇸 107.150.103.12

🇸🇬 103.189.235.114

🇮🇳 95.175.65.122

🇰🇿 92.47.62.38

🇺🇸 69.230.155.90

🇺🇸 64.62.197.107

🇨🇳 36.132.228.6

🇧🇪 34.22.188.16

🇺🇸 18.190.15.50

🇺🇸 2604:a940:300:5b6:0:21::

🇺🇸 2602:fb54:99c::

🇦🇷 200.32.52.150

🇧🇴 181.188.187.140