JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 158.158.49.166

158.158.49.166 was found in our database!

This IP was reported 380 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Singapore Pte. Ltd.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇪🇸 Spain
City	Madrid, Madrid

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 158.158.49.166

Whois 158.158.49.166

IP Abuse Reports for 158.158.49.166:

This IP address has been reported a total of 380 times from 308 distinct sources. 158.158.49.166 was first reported on June 25th 2026, and the most recent report was 57 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 Ivo Vynckier	2026-06-26 09:45:00 (57 minutes ago)	158.158.49.166 - - [25/Jun/2026:14:44:00 +0200] "GET /7.php HTTP/1.1" 301 291 "-" "-" 158.158.49.16 ... show more 158.158.49.166 - - [25/Jun/2026:14:44:00 +0200] "GET /7.php HTTP/1.1" 301 291 "-" "-" 158.158.49.166 - - [25/Jun/2026:14:44:00 +0200] "GET /faze.php HTTP/1.1" 301 294 "-" "-" 158.158.49.166 - - [25/Jun/2026:14:44:00 +0200] "GET /011i.php HTTP/1.1" 301 294 "-" "-" 158.158.49.166 - - [25/Jun/2026:14:44:00 +0200] "GET /axds.php HTTP/1.1" 301 294 "-" "-" 158.158.49.166 - - [25/Jun/2026:14:44:00 +0200] "GET /nz.php HTTP/1.1" 301 292 "-" "-" 158.158.49.166 - - [25/Jun/2026:14:44:00 +0200] "GET /biufile.php HTTP/1.1" 301 297 "-" "-" 158.158.49.166 - - [25/Jun/2026:14:44:00 +0200] "GET /asdf.php HTTP/1.1" 301 294 "-" "-" 158.158.49.166 - - [25/Jun/2026:14:44:00 +0200] "GET /solo1.php HTTP/1.1" 301 295 "-" "-" 158.158.49.166 - - [25/Jun/2026:14:44:01 +0200] "GET /Q1.php HTTP/1.1" 301 292 "-" "-" 158.158.49.166 - - [25/Jun/2026:14:44:01 +0200] "GET /Q3.php HTTP/1.1" 301 292 "-" "-" show less	Web App Attack
🇵🇹 furaredesPT	2026-06-26 08:37:46 (2 hours ago)	Probe targeting /wp-content/plugins/hellopress/wp_filemanager.php and /wp-config.php.	Bad Web Bot Web App Attack
🇳🇱 JCB	2026-06-26 08:23:00 (2 hours ago)	158.158.49.166 - - [26/Jun/2026:01:02:23 +0300] "GET /Q1.php HTTP/1.1" 404 236 "-" "-" 158.158.49.1 ... show more 158.158.49.166 - - [26/Jun/2026:01:02:23 +0300] "GET /Q1.php HTTP/1.1" 404 236 "-" "-" 158.158.49.166 - - [26/Jun/2026:01:02:23 +0300] "GET /Q3.php HTTP/1.1" 404 236 "-" "-" ... show less	Web App Attack
Anonymous	2026-06-26 08:03:15 (2 hours ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: ES, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: ES, Attack patterns: WordPress scanning, Backup file probing, Cloud secrets probing show less	Bad Web Bot Web App Attack
🇬🇧 openstrike.co.uk	2026-06-26 05:16:18 (5 hours ago)	536 attacks on PHP URLs: GET /aa.php HTTP/1.1	Web App Attack
Anonymous	2026-06-26 05:05:43 (5 hours ago)	<jail> banned by fail2ban	Brute-Force Web App Attack
🇲🇽 octageeks.com	2026-06-26 04:11:50 (6 hours ago)	Wordpress malicious attack:[octascan]	Web App Attack
🇫🇷 service Informatique	2026-06-26 04:00:37 (6 hours ago)	index.php	Web App Attack
🇩🇪 SiyCah	2026-06-26 03:00:01 (7 hours ago)	IP banned by fail2ban; banned in jail apache-auth. Report generated by fail2abuseipdb.	Hacking Brute-Force Web App Attack
Anonymous	2026-06-26 02:10:13 (8 hours ago)	IncogNET WAF local CrowdSec decision. Scenario=crowdsecurity/http-probing; Action=ban; Events=11; Ho ... show more IncogNET WAF local CrowdSec decision. Scenario=crowdsecurity/http-probing; Action=ban; Events=11; Hosts=gate.isp.llc; Paths=//like.php,/06.php,/asasx.php,/fs.php,/lv.php,/myfile.php,/scxy.php,/wmore1.php; Country=ES; ASN=8075 MICROSOFT-CORP-MSN-AS-BLOCK show less	Port Scan Web App Attack
🇺🇸 Hmorrin	2026-06-26 01:16:10 (9 hours ago)		Port Scan
Anonymous	2026-06-26 01:09:03 (9 hours ago)	IncogNET WAF local CrowdSec decision. Scenario=crowdsecurity/http-wordpress-scan; Action=ban; Events ... show more IncogNET WAF local CrowdSec decision. Scenario=crowdsecurity/http-wordpress-scan; Action=ban; Events=4; Hosts=gate.isp.llc; Paths=/wp-aothait.php,/wp-good.php,/wp-kd4xalrg7m.php,/wp-sing.php; Country=ES; ASN=8075 MICROSOFT-CORP-MSN-AS-BLOCK show less	Port Scan Web App Attack
Anonymous	2026-06-26 01:04:18 (9 hours ago)	WordPress plugin direct access attempt: 158.158.49.166 - - [26/Jun/2026:02:04:18 +0100] "GET /wp-co ... show more WordPress plugin direct access attempt: 158.158.49.166 - - [26/Jun/2026:02:04:18 +0100] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 200 234 "-" "Unknown" show less	Hacking Web App Attack
🇫🇷 Lacrimosa99	2026-06-26 01:02:06 (9 hours ago)	158.158.49.166 - - [26/Jun/2026:03:02:03 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.p ... show more 158.158.49.166 - - [26/Jun/2026:03:02:03 +0200] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 6285 "-" "-" 158.158.49.166 - - [26/Jun/2026:03:02:06 +0200] "GET /db.php HTTP/1.1" 404 267 "-" "-" 158.158.49.166 - - [26/Jun/2026:03:02:06 +0200] "GET /rrdbtjru.php HTTP/1.1" 404 267 "-" "-" ... show less	Web Spam
🇬🇧 andypiper	2026-06-26 01:01:58 (9 hours ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack

Showing 1 to 15 of 380 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 66.132.172.225

🇺🇸 173.26.188.215

🇸🇬 165.232.167.88

🇸🇪 155.4.244.179

🇮🇩 103.189.116.229

🇱🇰 103.21.164.230

🇧🇬 79.124.56.238

🇵🇪 38.226.149.0

🇺🇸 35.197.47.72

🇳🇱 5.253.57.82

🇺🇸 2400:cb00:1220:1000:6a1d:ec73:effb:8337

🇦🇪 217.165.78.12

🇩🇪 213.209.159.242

🇩🇪 213.209.159.225

🇪🇸 80.240.127.199

🇳🇱 45.198.224.5

🇬🇧 35.203.210.87

🇮🇳 34.93.128.179

🇻🇳 14.0.16.103

🇧🇷 187.180.167.186