JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.159.227.2

52.159.227.2 was found in our database!

This IP was reported 84 times. Confidence of Abuse is 91%: ?

91%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.159.227.2

Whois 52.159.227.2

IP Abuse Reports for 52.159.227.2:

This IP address has been reported a total of 84 times from 74 distinct sources. 52.159.227.2 was first reported on August 2nd 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇹🇼 kk_it_man	2026-06-11 09:40:11 (2 days ago)		Port Scan
🇨🇿 Countryman	2026-06-11 09:37:28 (2 days ago)	repeated unauthorized connection attempts, host sweep, port scan	Port Scan
🇺🇸 TPI-Abuse	2026-06-11 09:36:42 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 52.159.227.2 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 52.159.227.2 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 05:36:37.816813 2026] [security2:error] [pid 20542:tid 20686] [client 52.159.227.2:41542] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.79"] [uri "/.env"] [unique_id "aiqBpTXO00Tepz7uICMnxQAAAdI"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇷 SOC PR	2026-06-11 08:38:46 (2 days ago)	IPS: WordPress Sensitive System Files Information Disclosure.	Hacking
🇯🇵 pixelboost.kr	2026-06-11 05:42:39 (2 days ago)	52.159.227.2 - - [11/Jun/2026:14:42:38 +0900] "GET /.git/config HTTP/1.1" 404 181 "-" "Mozilla/5.0 ( ... show more 52.159.227.2 - - [11/Jun/2026:14:42:38 +0900] "GET /.git/config HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 52.159.227.2 - - [11/Jun/2026:14:42:39 +0900] "GET /.env HTTP/1.1" 404 118 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" ... show less	Bad Web Bot Web App Attack
🇦🇹 urnilxfgbez	2026-06-10 22:45:00 (3 days ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇬🇧 Deezel	2026-06-10 17:48:00 (3 days ago)	Port scan again , is there any point reporting all these port scans ?	Port Scan
🇺🇸 MPL	2026-06-10 13:38:57 (3 days ago)	tcp port scan (16 or more attempts)	Port Scan
🇺🇸 OceanTreasure	2026-06-10 13:35:14 (3 days ago)	tcp/80; Spring Boot Actuator exposure attempt: "GET /actuator/env" @ 2026-06-10T13:31:45Z [proxy]	Web App Attack
🇩🇪 zupan	2026-06-10 12:43:49 (3 days ago)	Blocked by UFW on vps [2083/tcp] \| SPT: 19220 \| TTL: 37 \| LEN: 60 \| TOS: 0x00 • Reported by: github. ... show more Blocked by UFW on vps [2083/tcp] \| SPT: 19220 \| TTL: 37 \| LEN: 60 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇹🇷 Threat.live	2026-06-10 12:35:02 (3 days ago)	Suspicious Connection Attempts	Brute-Force
Anonymous	2026-06-10 12:04:53 (3 days ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇨🇦 lakered	2026-06-10 10:45:31 (3 days ago)	Detectors: [NGINX] \| Reasons: Nginx Honeypot: Sensitive configuration file search \| Automated scan t ... show more Detectors: [NGINX] \| Reasons: Nginx Honeypot: Sensitive configuration file search \| Automated scan targeting an unauthorized host or default server sinkhole \| Tech Evidence: Incomplete-Browser-Profile (Missing: Accept, Accept-Language), Fake-Chrome-Desktop (No-CH) \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 show less	Port Scan Bad Web Bot Hacking Web App Attack
🇫🇷 ISPLtd	2026-06-06 23:05:57 (1 week ago)	Jun 6 20:05:57 52.159.227.2 TCP SPT=62481 DPT=8080 SYN Jun 6 20:05:57 52.159.227.2 TCP SPT=62480 D ... show more Jun 6 20:05:57 52.159.227.2 TCP SPT=62481 DPT=8080 SYN Jun 6 20:05:57 52.159.227.2 TCP SPT=62480 DPT=1080 SYN Jun 6 20:05:57 52.159.227.2 TCP SPT=62480 DPT=3128 ... show less	Port Scan
🇮🇱 spd.co.il	2026-05-28 05:07:53 (2 weeks ago)	Web application attack detected	Hacking Web App Attack

Showing 1 to 15 of 84 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇪🇸 196.196.150.124

🇩🇪 167.172.104.91

🇬🇧 167.99.199.1

🇳🇱 45.148.10.157

🇺🇸 24.151.55.132

🇺🇦 217.196.174.3

🇺🇸 216.73.216.36

🇹🇼 198.235.24.127

🇲🇾 180.74.84.64

🇨🇳 124.131.156.141

🇹🇼 111.70.49.185

🇬🇧 86.27.78.108

🇬🇧 35.203.210.67

🇺🇸 20.65.194.90

🇬🇧 213.166.84.43

🇲🇽 187.191.48.4

🇺🇸 151.240.106.40

🇺🇸 147.185.132.117

🇰🇷 119.192.210.110

🇧🇩 103.183.62.1