JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.190.141.34

52.190.141.34 was found in our database!

This IP was reported 38 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.190.141.34

Whois 52.190.141.34

IP Abuse Reports for 52.190.141.34:

This IP address has been reported a total of 38 times from 27 distinct sources. 52.190.141.34 was first reported on April 12th 2026, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 Peregrine	2026-06-05 03:20:29 (3 hours ago)	Fail2Ban Jail s2: tomcat-honeypot \| Evidence: - 52.190.141.34 - - [02/Jun/2026:22:46:02 -0300] "GET ... show more Fail2Ban Jail s2: tomcat-honeypot \| Evidence: - 52.190.141.34 - - [02/Jun/2026:22:46:02 -0300] "GET /.env HTTP/1.1" 404 414 - 52.190.141.34 - - [02/Jun/2026:22:46:04 -0300] "GET /.env.production HTTP/1.1" 404 414 - 52.190.141.34 - - [02/Jun/2026:22:46:05 -0300] "GET /.env.backup HTTP/1.1" 404 414 - 52.190.141.34 - - [02/Jun/2026:22:46:07 -0300] "GET /.env.save HTTP/1.1" 404 414 show less	Bad Web Bot
🇧🇷 Peregrine	2026-06-04 03:20:07 (1 day ago)	Fail2Ban Jail s2: tomcat-honeypot \| Evidence: - 52.190.141.34 - - [02/Jun/2026:22:46:02 -0300] "GET ... show more Fail2Ban Jail s2: tomcat-honeypot \| Evidence: - 52.190.141.34 - - [02/Jun/2026:22:46:02 -0300] "GET /.env HTTP/1.1" 404 414 - 52.190.141.34 - - [02/Jun/2026:22:46:04 -0300] "GET /.env.production HTTP/1.1" 404 414 - 52.190.141.34 - - [02/Jun/2026:22:46:05 -0300] "GET /.env.backup HTTP/1.1" 404 414 - 52.190.141.34 - - [02/Jun/2026:22:46:07 -0300] "GET /.env.save HTTP/1.1" 404 414 show less	Bad Web Bot
🇧🇪 sid3windr	2026-06-03 02:11:42 (2 days ago)	GET /.env (Tarpitted for , wasted 120B)	Web App Attack
🇷🇸 Scan	2026-06-03 01:55:29 (2 days ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇧🇷 Peregrine	2026-06-03 01:46:09 (2 days ago)	Fail2Ban Jail s2: tomcat-honeypot \| Evidence: - 52.190.141.34 - - [02/Jun/2026:22:46:02 -0300] "GET ... show more Fail2Ban Jail s2: tomcat-honeypot \| Evidence: - 52.190.141.34 - - [02/Jun/2026:22:46:02 -0300] "GET /.env HTTP/1.1" 404 414 - 52.190.141.34 - - [02/Jun/2026:22:46:04 -0300] "GET /.env.production HTTP/1.1" 404 414 - 52.190.141.34 - - [02/Jun/2026:22:46:05 -0300] "GET /.env.backup HTTP/1.1" 404 414 - 52.190.141.34 - - [02/Jun/2026:22:46:07 -0300] "GET /.env.save HTTP/1.1" 404 414 show less	Bad Web Bot
🇨🇦 aks4226	2026-06-03 01:34:17 (2 days ago)	Bot search, attacking common web applications.	Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 01:26:59 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 52.190.141.34 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 52.190.141.34 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 21:26:52.216622 2026] [security2:error] [pid 26831:tid 26853] [client 52.190.141.34:5093] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.83"] [uri "/.git/HEAD"] [unique_id "ah-C3KGltwYzfV1W7iOXNwAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MPL	2026-06-03 01:08:18 (2 days ago)	tcp port scan (14 or more attempts)	Port Scan
Anonymous	2026-06-03 01:03:45 (2 days ago)	PORT & IP Scan.	Port Scan Brute-Force
🇺🇸 TPI-Abuse	2026-06-03 00:36:38 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 52.190.141.34 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 52.190.141.34 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 20:36:35.113637 2026] [security2:error] [pid 17743:tid 17743] [client 52.190.141.34:4924] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.194"] [uri "/.env.save"] [unique_id "ah93E4eSIhc8VA5S26fmXAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 RAP	2026-06-03 00:23:06 (2 days ago)	2026-06-03 00:23:06 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇺🇸 technash	2026-06-03 00:20:00 (2 days ago)	Port scanning detection [Fortinet/Sentinel]. Deny/drop traffic.	Port Scan
🇺🇸 TPI-Abuse	2026-06-02 22:50:37 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 52.190.141.34 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 52.190.141.34 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 18:50:32.092853 2026] [security2:error] [pid 24119:tid 24119] [client 52.190.141.34:5122] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.245"] [uri "/.git/HEAD"] [unique_id "ah9eOEHpOAtE-H-nPGv68QAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇹 urnilxfgbez	2026-06-02 22:45:00 (2 days ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇫🇷 omartin	2026-06-02 22:42:35 (2 days ago)	Critical Vulnerability Scan detected	Hacking Brute-Force Exploited Host Web App Attack

Showing 1 to 15 of 38 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 143.244.57.121

🇻🇳 113.166.127.6

🇷🇺 103.76.55.227

🇺🇸 52.146.20.92

🇬🇧 193.32.209.238

🇨🇴 181.78.84.11

🇨🇦 173.176.68.228

🇭🇰 101.36.127.86

🇺🇸 72.18.83.212

🇷🇺 45.91.64.7

🇧🇪 34.79.10.185

🇲🇽 201.140.123.130

🇲🇴 182.93.50.90

🇨🇳 117.33.242.180

🇵🇱 104.28.161.152

🇺🇸 75.102.23.159

🇫🇮 74.125.46.144

🇪🇸 46.6.124.216

🇺🇸 40.124.175.39

🇿🇦 4.221.162.168