JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.141.56.159

52.141.56.159 was found in our database!

This IP was reported 166 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇰🇷 Korea (the Republic of)
City	Seoul, Seoul

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.141.56.159

Whois 52.141.56.159

IP Abuse Reports for 52.141.56.159:

This IP address has been reported a total of 166 times from 135 distinct sources. 52.141.56.159 was first reported on June 28th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 Ivo Vynckier	2026-06-29 15:10:00 (2 hours ago)	52.141.56.159 - - [28/Jun/2026:21:10:04 +0200] "GET /inputs.php HTTP/1.1" 404 47 "-" "Mozilla/5.0 (W ... show more 52.141.56.159 - - [28/Jun/2026:21:10:04 +0200] "GET /inputs.php HTTP/1.1" 404 47 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 52.141.56.159 - - [28/Jun/2026:21:10:04 +0200] "GET /ioxi-o.php HTTP/1.1" 404 47 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 52.141.56.159 - - [28/Jun/2026:21:10:05 +0200] "GET /function/function.php HTTP/1.1" 404 2155 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" show less	Web App Attack
Anonymous	2026-06-29 14:03:22 (3 hours ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: KR, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: KR, Attack patterns: WordPress scanning show less	Bad Web Bot Web App Attack
🇬🇧 openstrike.co.uk	2026-06-29 05:14:26 (12 hours ago)	216 attacks on PHP URLs: GET /wp-content/plugins/index.php HTTP/1.1	Web App Attack
🇲🇽 octageeks.com	2026-06-29 04:12:17 (13 hours ago)	Wordpress malicious attack:[octaflood]	Web App Attack
Anonymous	2026-06-28 22:05:04 (19 hours ago)	Unknown PHP script access detected by Fail2Ban	Web App Attack
Anonymous	2026-06-28 21:22:05 (20 hours ago)	52.141.56.159 - - [28/Jun/2026:23:22:00 +0200] "GET /inputs.php HTTP/1.1" 404 5615 52.141.56.159 - - ... show more 52.141.56.159 - - [28/Jun/2026:23:22:00 +0200] "GET /inputs.php HTTP/1.1" 404 5615 52.141.56.159 - - [28/Jun/2026:23:22:01 +0200] "GET /ioxi-o.php HTTP/1.1" 404 5615 52.141.56.159 - - [28/Jun/2026:23:22:01 +0200] "GET /function/function.php HTTP/1.1" 404 578 52.141.56.159 - - [28/Jun/2026:23:22:02 +0200] "GET /rip.php HTTP/1.1" 404 578 52.141.56.159 - - [28/Jun/2026:23:22:02 +0200] "GET /admin.php HTTP/1.1" 404 578 52.141.56.159 - - [28/Jun/2026:23:22:02 +0200] "GET /wp-content/uploads/index.php HTTP/1.1" 404 578 52.141.56.159 - - [28/Jun/2026:23:22:02 +0200] "GET /cache.php HTTP/1.1" 404 578 52.141.56.159 - - [28/Jun/2026:23:22:03 +0200] "GET /themes.php HTTP/1.1" 404 578 52.141.56.159 - - [28/Jun/2026:23:22:03 +0200] "GET /an.php HTTP/1.1" 404 578 52.141.56.159 - - [28/Jun/2026:23:22:03 +0200] "GET /index/function.php HTTP/1.1" 404 578 ... show less	Web Spam Web App Attack
🇫🇷 bazter.pro	2026-06-28 21:01:05 (20 hours ago)	Fail2Ban: plesk-bot-aggressive - 15 failures	Port Scan Bad Web Bot Web App Attack
🇳🇴 doofy	2026-06-28 20:54:30 (20 hours ago)	[Sun Jun 28 22:53:56.403764 2026] [access_compat:error] [pid 2769409:tid 2769498] [client 52.141.56. ... show more [Sun Jun 28 22:53:56.403764 2026] [access_compat:error] [pid 2769409:tid 2769498] [client 52.141.56.159:15887] AH01797: client denied by server configuration: /www/famjohnsen.no/wp-content/uploads/index.php [Sun Jun 28 22:54:28.634108 2026] [access_compat:error] [pid 2769409:tid 2769507] [client 52.141.56.159:15887] AH01797: client denied by server configuration: /www/famjohnsen.no/wp-content/uploads/index.php [Sun Jun 28 22:54:28.900328 2026] [access_compat:error] [pid 2769409:tid 2769508] [client 52.141.56.159:15887] AH01797: client denied by server configuration: /www/famjohnsen.no/wp-content/themes/admin.php [Sun Jun 28 22:54:29.160877 2026] [access_compat:error] [pid 2769409:tid 2769499] [client 52.141.56.159:15887] AH01797: client denied by server configuration: /www/famjohnsen.no/wp-content/themes/index.php [Sun Jun 28 22:54:29.417209 2026] [access_compat:error] [pid 2769409:tid 2769493] [client 52.141.56.159:15887] AH01797: client denied by server configuration: /www/famjohnsen ... show less	Brute-Force Web App Attack
🇩🇪 Prodscape	2026-06-28 20:48:33 (20 hours ago)	(WPLOGIN) WP Login Attack 52.141.56.159 (KR/South Korea/-): 5 in the last 86400 secs; Ports: ; Dire ... show more (WPLOGIN) WP Login Attack 52.141.56.159 (KR/South Korea/-): 5 in the last 86400 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER show less	Port Scan
Anonymous	2026-06-28 20:43:36 (20 hours ago)	GET /inputs.php HTTP/1.1 GET /inputs.php HTTP/1.1 GET /inputs.php HTTP/1.1	Bad Web Bot Web App Attack
Anonymous	2026-06-28 20:40:36 (21 hours ago)	52.141.56.159 - - [28/Jun/2026:22:40:11 +0200] "GET /inputs.php HTTP/1.1" 404 32660 52.141.56.159 - ... show more 52.141.56.159 - - [28/Jun/2026:22:40:11 +0200] "GET /inputs.php HTTP/1.1" 404 32660 52.141.56.159 - - [28/Jun/2026:22:40:13 +0200] "GET /ioxi-o.php HTTP/1.1" 404 29048 52.141.56.159 - - [28/Jun/2026:22:40:15 +0200] "GET /function/function.php HTTP/1.1" 404 29047 52.141.56.159 - - [28/Jun/2026:22:40:18 +0200] "GET /rip.php HTTP/1.1" 404 29047 52.141.56.159 - - [28/Jun/2026:22:40:20 +0200] "GET /admin.php HTTP/1.1" 404 29047 52.141.56.159 - - [28/Jun/2026:22:40:23 +0200] "GET /cache.php HTTP/1.1" 404 29046 52.141.56.159 - - [28/Jun/2026:22:40:25 +0200] "GET /themes.php HTTP/1.1" 404 29046 52.141.56.159 - - [28/Jun/2026:22:40:27 +0200] "GET /an.php HTTP/1.1" 404 29048 52.141.56.159 - - [28/Jun/2026:22:40:30 +0200] "GET /index/function.php HTTP/1.1" 404 29046 52.141.56.159 - - [28/Jun/2026:22:40:32 +0200] "GET /randkeyword.PhP7 HTTP/1.1" 404 30397 ... show less	Web Spam Web App Attack
🇳🇱 CryptoYakari	2026-06-28 20:39:04 (21 hours ago)	52.141.56.159 - - [28/Jun/2026:23:38:58 +0300] "GET /inputs.php HTTP/1.0" 404 4097 "-" "Mozilla/5.0 ... show more 52.141.56.159 - - [28/Jun/2026:23:38:58 +0300] "GET /inputs.php HTTP/1.0" 404 4097 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 52.141.56.159 - - [28/Jun/2026:23:38:59 +0300] "GET /ioxi-o.php HTTP/1.0" 404 531 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 52.141.56.159 - - [28/Jun/2026:23:38:59 +0300] "GET /function/function.php HTTP/1.0" 404 3515 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 52.141.56.159 - - [28/Jun/2026:23:38:59 +0300] "GET /rip.php HTTP/1.0" 404 531 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 52.141.56.159 - - [28/Jun/2026:23:39:00 +0300] "GET /admin.php HTTP/1.0" 404 531 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari ... show less	Web Spam Blog Spam Web App Attack Bad Web Bot
🇩🇪 pscriptos	2026-06-28 20:35:03 (21 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/appsec-vpatch	Web App Attack
🇬🇧 Mendip_Defender	2026-06-28 20:33:22 (21 hours ago)	52.141.56.159 - - [28/Jun/2026:21:33:13 +0100] "GET /.trash7206/index.php HTTP/1.1" 404 4985 "-" "Mo ... show more 52.141.56.159 - - [28/Jun/2026:21:33:13 +0100] "GET /.trash7206/index.php HTTP/1.1" 404 4985 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 52.141.56.159 - - [28/Jun/2026:21:33:14 +0100] "GET /.well-known/logs233/index.php?p= HTTP/1.1" 404 4985 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" 52.141.56.159 - - [28/Jun/2026:21:33:14 +0100] "GET /wp-content/themes/haha.php HTTP/1.1" 404 4985 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" ... show less	Hacking Web App Attack
🇩🇪 macrob	2026-06-28 20:30:02 (21 hours ago)	2026/06/28 20:29:58 [error] 359958#359958: 336877510 access forbidden by rule, client: 52.141.56.15 ... show more 2026/06/28 20:29:58 [error] 359958#359958: 336877510 access forbidden by rule, client: 52.141.56.159, server: binixo.com.ua, request: "GET /admin.php HTTP/1.1", host: "binixo.com.ua" 2026/06/28 20:29:58 [error] 359958#359958: 336877510 access forbidden by rule, client: 52.141.56.159, server: binixo.com.ua, request: "GET /wp-content/uploads/index.php HTTP/1.1", host: "binixo.com.ua" 2026/06/28 20:30:00 [error] 359958#359958: 336877510 access forbidden by rule, client: 52.141.56.159, server: binixo.com.ua, request: "GET /wp-admin/user.php HTTP/1.1", host: "binixo.com.ua" ... show less	Web App Attack

Showing 1 to 15 of 166 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇳 197.5.145.150

🇬🇧 195.140.214.26

🇰🇷 125.137.115.145

🇩🇪 91.107.130.2

🇳🇱 91.92.40.13

🇨🇳 58.50.196.53

🇲🇾 47.250.89.137

🇨🇦 45.194.92.42

🇩🇪 194.187.176.4

🇬🇧 193.163.125.95

🇰🇷 52.231.68.47

🇺🇸 47.47.84.174

🇺🇸 20.65.226.8

🇹🇼 1.163.68.243

🇨🇳 218.28.78.67

🇲🇽 189.203.97.29

🇸🇪 155.4.244.107

🇨🇳 58.210.15.210

🇳🇱 45.148.10.147

🇬🇧 45.82.76.131