JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 158.158.52.178

158.158.52.178 was found in our database!

This IP was reported 267 times. Confidence of Abuse is 0%: ?

ISP	Microsoft Singapore Pte. Ltd.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇪🇸 Spain
City	Madrid, Madrid

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 158.158.52.178

Whois 158.158.52.178

IP Abuse Reports for 158.158.52.178:

This IP address has been reported a total of 267 times from 189 distinct sources. 158.158.52.178 was first reported on February 28th 2026, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 Gem	2026-03-06 23:11:33 (2 months ago)	Unauthorized web scan.	Web App Attack
🇹🇷 rtbh.com.tr	2026-03-04 20:11:53 (3 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇨🇳 ThreatBook.io	2026-03-03 23:47:00 (3 months ago)	ThreatBook Intelligence: Edu,Zombie more details on https://threatbook.io/ip/158.158.52.178 2026-03- ... show more ThreatBook Intelligence: Edu,Zombie more details on https://threatbook.io/ip/158.158.52.178 2026-03-03 21:25:08 /alfa-rex.php7 2026-03-03 21:25:10 //h.php 2026-03-03 21:25:07 /wp-content/plugins/hellopress/wp_filemanager.php 2026-03-03 21:25:08 //koiy.php 2026-03-03 21:25:09 /eauu.php 2026-03-03 21:25:10 //wp-includes/js/tinymce/themes/inlite 2026-03-03 21:25:09 /a2.php 2026-03-03 21:25:09 /bes.php 2026-03-03 21:25:11 /sty.php show less	Web App Attack
Anonymous	2026-03-03 21:14:00 (3 months ago)	Aggressive automated vulnerability scanner from Madrid, Spain. 160+ requests targeting common PHP ba ... show more Aggressive automated vulnerability scanner from Madrid, Spain. 160+ requests targeting common PHP backdoor names and intentional typos of core files, such as "wp-conflg.php" (targeting common misspellings of wp-config.php). Probing for web shells like "xqq.php", "ms-edit.php", and "god.php". The bot operates at high frequency, hitting multiple endpoints per second. Blocked by Wordfence for accessing the "Immediately block" URL list. show less	Brute-Force Bad Web Bot Exploited Host Web App Attack Hacking
🇩🇪 Holger	2026-03-03 19:10:53 (3 months ago)	WordPress WebAttack	Brute-Force Web App Attack
🇺🇸 myagent.site	2026-03-03 16:25:40 (3 months ago)	Blocking for trying to access an exploit file: /z.php	Hacking
🇬🇧 yvoictra	2026-03-03 15:31:15 (3 months ago)	158.158.52.178 - - [03/Mar/2026:16:31:08 +0100] "GET /wp-content/plugins/hellopress/wp_filemanager.p ... show more 158.158.52.178 - - [03/Mar/2026:16:31:08 +0100] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 162 "-" "-" 158.158.52.178 - - [03/Mar/2026:16:31:08 +0100] "GET /alfa-rex.php7 HTTP/1.1" 404 162 "-" "-" 158.158.52.178 - - [03/Mar/2026:16:31:09 +0100] "GET //koiy.php HTTP/1.1" 404 162 "-" "-" 158.158.52.178 - - [03/Mar/2026:16:31:09 +0100] "GET /bes.php HTTP/1.1" 404 162 "-" "-" 158.158.52.178 - - [03/Mar/2026:16:31:09 +0100] "GET /a2.php HTTP/1.1" 404 162 "-" "-" 158.158.52.178 - - [03/Mar/2026:16:31:09 +0100] "GET /eauu.php HTTP/1.1" 404 162 "-" "-" 158.158.52.178 - - [03/Mar/2026:16:31:09 +0100] "GET //wp-includes/js/tinymce/themes/inlite HTTP/1.1" 404 162 "-" "-" 158.158.52.178 - - [03/Mar/2026:16:31:09 +0100] "GET //h.php HTTP/1.1" 404 162 "-" "-" 158.158.52.178 - - [03/Mar/2026:16:31:09 +0100] "GET /myfile.php HTTP/1.1" 404 162 "-" "-" 158.158.52.178 - - [03/Mar/2026:16:31:09 +0100] "GET /sty.php HTTP/1.1" 404 162 "-" "-" 158.158.52.178 - - [03/Mar/2026:16:31:0 ... show less	Brute-Force Web App Attack
🇺🇸 alecj.com	2026-03-03 14:51:26 (3 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-crawl-non_statics	Web App Attack Bad Web Bot
🇧🇪 sid3windr	2026-03-03 14:49:55 (3 months ago)	GET /wp-content/plugins/hellopress/wp_filemanager.php (Tarpitted for 2m10s, wasted 7.73kB)	Web App Attack
🇦🇺 2000cn.com.au	2026-03-03 14:18:05 (3 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing	Web App Attack Hacking
🇳🇱 CryptoYakari	2026-03-03 13:46:42 (3 months ago)	158.158.52.178 - - [03/Mar/2026:16:46:40 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.p ... show more 158.158.52.178 - - [03/Mar/2026:16:46:40 +0300] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.0" 404 7003 "-" "-" 158.158.52.178 - - [03/Mar/2026:16:46:40 +0300] "GET /alfa-rex.php7 HTTP/1.0" 404 3515 "-" "-" 158.158.52.178 - - [03/Mar/2026:16:46:40 +0300] "GET //koiy.php HTTP/1.0" 404 531 "-" "-" 158.158.52.178 - - [03/Mar/2026:16:46:40 +0300] "GET /bes.php HTTP/1.0" 404 531 "-" "-" 158.158.52.178 - - [03/Mar/2026:16:46:40 +0300] "GET /a2.php HTTP/1.0" 404 531 "-" "-" ... show less	Web Spam Blog Spam Web App Attack Bad Web Bot
🇦🇹 penguin-solutions.at	2026-03-03 13:11:28 (3 months ago)	Excessive 403/404 errors ...	Brute-Force Web App Attack
🇺🇸 Mehmet_The_Script_Kiddie	2026-03-03 13:06:03 (3 months ago)	CloudFlare WAF REPORT: //sys.php	Bad Web Bot Web App Attack
🇳🇿 Antinson	2026-03-03 12:45:33 (3 months ago)	Scraping with a high error ratio and request rate	Bad Web Bot
🇩🇪 McClay	2026-03-03 12:19:24 (3 months ago)	HTTP-404 spam:158.158.52.178 - - [03/Mar/2026:13:19:21 +0100] "GET /wp-content/plugins/hellopress/wp ... show more HTTP-404 spam:158.158.52.178 - - [03/Mar/2026:13:19:21 +0100] "GET /wp-content/plugins/hellopress/wp_filemanager.php HTTP/1.1" 404 3811 "-" "-" 158.158.52.178 - - [03/Mar/2026:13:19:21 +0100] "GET /alfa-rex.php7 HTTP/1.1" 404 1017 "-" "-" 158.158.52.178 - - [03/Mar/2026:13:19:21 +0100] "GET /koiy.php HTTP/1.1" 404 212 "-" "-" 158.158.52.178 - - [03/Mar/2026:13:19:21 +0100] "GET /bes.php HTTP/1.1" 404 212 "-" "-" 158.158.52.178 - - [03/Mar/2026:13:19:22 +0100] "GET /a2.php HTTP/1.1" 404 212 "-" "-" 158.158.52.178 - - [03/Mar/2026:13:19:22 +0100] "GET /eauu.php HTTP/1.1" 404 212 "-" "-" 158.158.52.178 - - [03/Mar/2026:13:19:22 +0100] "GET /wp-includes/js/tinymce/themes/inlite HTTP/1.1" 404 1017 "-" "-" 158.158.52.178 - - [03/Mar/2026:13:19:22 +0100] "GET /h.php HTTP/1.1" 404 212 "-" "-" 158.158.52.178 - - [03/Mar/2026:13:19:22 +0100] "GET /myfile.php HTTP/1.1" 404 212 "-" "-" 158.158.52.178 - - [03/Mar/2026:13:19:22 +0100] "GET /sty.php HTTP/1.1" 404 212 "-" "-" 158.158.52.178 - - [03/Mar/2026:13:19:2 ... show less	Web App Attack

Showing 1 to 15 of 267 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 170.238.50.65

🇺🇸 162.216.150.69

🇨🇦 143.110.213.72

🇩🇪 77.91.66.1

🇭🇰 8.217.250.230

🇺🇸 206.189.233.36

🇺🇸 206.189.225.181

🇺🇸 162.216.149.147

🇳🇱 159.223.209.241

🇺🇸 157.245.113.227

🇺🇸 147.185.132.195

🇺🇸 143.244.168.161

🇺🇸 134.122.28.88

🇮🇳 103.77.43.149

🇫🇷 91.196.152.216

🇫🇷 91.196.152.189

🇵🇱 81.210.53.108

🇺🇸 66.132.172.34

🇻🇳 14.231.155.219

🇧🇬 5.188.206.30