JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.159.226.3

52.159.226.3 was found in our database!

This IP was reported 43 times. Confidence of Abuse is 80%: ?

80%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.159.226.3

Whois 52.159.226.3

IP Abuse Reports for 52.159.226.3:

This IP address has been reported a total of 43 times from 34 distinct sources. 52.159.226.3 was first reported on September 16th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 RAP	2026-06-07 14:52:01 (1 day ago)	2026-06-07 14:52:01 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇩🇪 Teufel100	2026-06-07 14:36:47 (1 day ago)	ModSecurity rejected a query'	Brute-Force Hacking Web App Attack
🇺🇸 Starburst SysOp Team	2026-06-07 14:04:18 (1 day ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-stl2-17)	Hacking Bad Web Bot
🇺🇸 micropedro	2026-06-07 12:27:04 (1 day ago)	6 incidents: web scanning/attack, port scanning. Ports: 2082/TCP(1), 2083/TCP(1), 2086/TCP(1), 2087/ ... show more 6 incidents: web scanning/attack, port scanning. Ports: 2082/TCP(1), 2083/TCP(1), 2086/TCP(1), 2087/TCP(1), 8080/TCP(1). First: 2026-06-07 08:27, Last: 2026-06-07 08:27 UTC. Triggers: ufw-repeater,non-public-port,port-trap,recidive,firewall-tcp,firewall-http. show less	Port Scan Brute-Force Web App Attack
🇺🇸 kuroneko_omu	2026-06-07 11:32:56 (1 day ago)	Fail2Ban <webattack> jail detected 5 attempts against 52.159.226.3.	DDoS Attack Hacking Brute-Force Web App Attack
🇹🇷 Threat.live	2026-05-29 00:25:03 (1 week ago)	Threat.live: Web Scan	Web App Attack
🇺🇸 pduggusa	2026-05-15 05:52:23 (3 weeks ago)	Detected attacking dugganusa.com at 2026-05-15T05:52:23.487Z \| Attack: Web Service \| Source: DugganU ... show more Detected attacking dugganusa.com at 2026-05-15T05:52:23.487Z \| Attack: Web Service \| Source: DugganUSA PreCog auto-block show less	Hacking DDoS Attack
🇺🇸 pduggusa	2026-05-15 04:48:39 (3 weeks ago)	Detected attacking dugganusa.com at 2026-05-15T04:48:39.507Z \| Attack: Web Service \| Source: DugganU ... show more Detected attacking dugganusa.com at 2026-05-15T04:48:39.507Z \| Attack: Web Service \| Source: DugganUSA PreCog auto-block show less	Hacking DDoS Attack
🇺🇸 pduggusa	2026-05-15 03:50:34 (3 weeks ago)	Detected attacking dugganusa.com at 2026-05-15T03:50:34.588Z \| Attack: Web Service \| Source: DugganU ... show more Detected attacking dugganusa.com at 2026-05-15T03:50:34.588Z \| Attack: Web Service \| Source: DugganUSA PreCog auto-block show less	Hacking DDoS Attack
🇮🇳 evicky2002	2026-05-13 07:18:32 (3 weeks ago)	Confirmed malicious by STILWaters CTI platform (score=100, sources=1)	Hacking Brute-Force SSH
🇨🇴 adalbertoreyes.org	2026-05-07 23:04:23 (1 month ago)	CategoryPortScan	Port Scan
🇨🇴 adalbertoreyes.org	2026-05-06 21:11:25 (1 month ago)	CategoryPortScan	Port Scan
🇺🇸 technojoe99	2026-05-06 12:36:15 (1 month ago)	Exploit scan from 52.159.226.3. POST /wp/xmlrpc.php HTTP/1.1.	Web App Attack
🇺🇸 TPI-Abuse	2026-05-06 12:09:29 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 52.159.226.3 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 52.159.226.3 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 06 08:09:25.265686 2026] [security2:error] [pid 32265:tid 32265] [client 52.159.226.3:48919] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 52.159.226.3 (+1 hits since last alert)\|tractiondrive.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tractiondrive.com"] [uri "/wp/xmlrpc.php"] [unique_id "afsvdQFfb-sf8rbc8wviJAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Lentini	2026-05-06 12:06:29 (1 month ago)	visuitslagen.nl: malicious request:/wp/xmlrpc.php	Web App Attack

Showing 1 to 15 of 43 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 180.211.96.58

🇩🇪 138.197.180.134

🇰🇷 114.202.253.7

🇻🇳 103.143.207.18

🇩🇪 69.5.169.146

🇺🇸 66.132.224.15

🇧🇷 45.205.1.211

🇺🇸 2602:fb54:1400::1ab

🇧🇷 201.2.140.186

🇳🇱 178.250.1.93

🇺🇸 147.185.132.142

🇨🇳 113.137.36.239

🇮🇳 98.70.50.166

🇩🇪 69.5.169.44

🇺🇸 65.49.1.80

🇮🇳 43.228.166.225

🇧🇪 35.205.218.221

🇰🇷 8.230.18.145

🇷🇴 2.57.122.238

🇺🇸 184.105.139.122