JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.238.213.109

52.238.213.109 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.238.213.109

Whois 52.238.213.109

IP Abuse Reports for 52.238.213.109:

This IP address has been reported a total of 31 times from 30 distinct sources. 52.238.213.109 was first reported on June 16th 2026, and the most recent report was 16 seconds ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 Burayot	2026-06-16 12:16:20 (16 seconds ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 52.238.213.109 (US/United States/-) ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 52.238.213.109 (US/United States/-): 1 in the last 3600 secs show less	Web App Attack
🇩🇪 IVski	2026-06-16 12:13:39 (2 minutes ago)	IVski WAF \| WordPress scanner detected - probing wp-content, xmlrpc or wp-login	Port Scan Brute-Force Web App Attack
🇳🇱 Site.eu	2026-06-16 12:08:32 (8 minutes ago)	Excessive multi-domain requests	Brute-Force
Anonymous	2026-06-16 12:06:21 (10 minutes ago)	Blocked: Reason='Vulnerability probing — PHP scan detected (144/60 min)'; Requests=144	Port Scan
🇲🇾 Rizzy	2026-06-16 12:01:27 (15 minutes ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇬🇧 consul.to	2026-06-16 12:00:43 (15 minutes ago)	Web attack/malicious scanning detected	Web App Attack
🇬🇷 setupgr	2026-06-16 11:54:13 (22 minutes ago)	(mod_security) mod_security (id:1000001) triggered by 52.238.213.109: 1 in the last 86400 secs; Port ... show more (mod_security) mod_security (id:1000001) triggered by 52.238.213.109: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Tue Jun 16 14:54:13.632524 2026] [security2:error] [pid 2210293:tid 2210376] [client 52.238.213.109:11791] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/wp-content/plugins/hellopress/wp_filemanager.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "93"] [id "1000001"] [msg "Bad file blocked: /wp-content/plugins/hellopress/wp_filemanager.php"] [severity "CRITICAL"] [tag "security"] [hostname "pankoskal.gr"] [uri "/wp-content/plugins/hellopress/wp_filemanager.php"] [unique_id "ajE5ZdMtn8QwdXQy9m4uGQAAAUY"] show less	Port Scan
🇫🇷 dynamix	2026-06-16 11:53:45 (22 minutes ago)	Multiple WAF Violations	Web App Attack
Anonymous	2026-06-16 11:53:12 (23 minutes ago)	Bot / seems abusive / Apache connections: 29	DDoS Attack Web Spam Bad Web Bot Web App Attack
🇪🇸 pipeline.es	2026-06-16 11:43:09 (33 minutes ago)	Web scanning / probing for vulnerable paths \| URL: /wander.php \| Evidence: 52.238.213.109 - - [16/Ju ... show more Web scanning / probing for vulnerable paths \| URL: /wander.php \| Evidence: 52.238.213.109 - - [16/Jun/2026:13:41:47 +0200] \"GET /wander.php HTTP/1.1\" 404 16 \"-\" \"-\" GEOIP_COUNTRY_CODE=US \| ASN: MICROSOFT-CORP-MSN-AS-BLOCK \| Country: US show less	Port Scan Web App Attack
Anonymous	2026-06-16 11:41:51 (34 minutes ago)	[ssd5.kdns.gr] httpd-404: sites=cancelletto.gr; logs=/var/log/httpd/domains/cancelletto.gr.log; samp ... show more [ssd5.kdns.gr] httpd-404: sites=cancelletto.gr; logs=/var/log/httpd/domains/cancelletto.gr.log; samples=/xjhob.php \| /z43agz.php \| /a.php show less	Web App Attack
🇩🇪 iNetWorker	2026-06-16 11:37:12 (39 minutes ago)	trolling for resource vulnerabilities	Web App Attack
🇫🇷 masterguru	2026-06-16 11:36:46 (39 minutes ago)	Too much 404 requests in 1 minute. Operator GE matched 10 at IP:block_script. (46020-195)	Hacking
🇩🇪 FeG Deutschland	2026-06-16 11:36:13 (40 minutes ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 24	Exploited Host Web App Attack
🇦🇺 paulshipley.com.au	2026-06-16 11:33:54 (42 minutes ago)	underconstruction.paulshipley.info:443 52.238.213.109 - - [16/Jun/2026:21:33:31 +1000] "GET /wp-cont ... show more underconstruction.paulshipley.info:443 52.238.213.109 - - [16/Jun/2026:21:33:31 +1000] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 4722 "-" "-" underconstruction.paulshipley.info:443 52.238.213.109 - - [16/Jun/2026:21:33:32 +1000] "GET /this_is_a_new_hello_world.php HTTP/1.1" 404 466 "-" "-" underconstruction.paulshipley.info:443 52.238.213.109 - - [16/Jun/2026:21:33:33 +1000] "GET /x.php HTTP/1.1" 404 466 "-" "-" underconstruction.paulshipley.info:443 52.238.213.109 - - [16/Jun/2026:21:33:35 +1000] "GET /wss.php HTTP/1.1" 404 466 "-" "-" underconstruction.paulshipley.info:443 52.238.213.109 - - [16/Jun/2026:21:33:36 +1000] "GET /ultra.php HTTP/1.1" 404 466 "-" "-" underconstruction.paulshipley.info:443 52.238.213.109 - - [16/Jun/2026:21:33:36 +1000] "GET /Ar.php HTTP/1.1" 404 466 "-" "-" underconstruction.paulshipley.info:443 52.238.213.109 - - [16/Jun/2026:21:33:36 +1000] "GET /wpconf.php HTTP/1.1" 404 466 "-" "-" underconstruction.paulshipley.info:443 52.238 ... show less	Web App Attack

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 187.191.48.23

🇯🇵 183.76.187.21

🇩🇪 178.105.1.255

🇸🇦 169.148.18.53

🇸🇬 146.190.83.66

🇨🇳 144.123.15.82

🇨🇳 115.190.166.75

🇾🇪 82.114.181.151

🇧🇬 79.124.49.174

🇧🇬 78.128.112.6

🇺🇸 47.88.93.232

🇷🇺 5.3.146.57

🇰🇷 211.46.188.16

🇺🇸 208.84.100.113

🇳🇱 185.242.226.87

🇺🇸 138.197.97.170

🇻🇳 125.235.237.24

🇨🇳 117.185.181.178

🇻🇳 103.98.152.181

🇳🇱 89.248.167.131