JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.159.228.210

52.159.228.210 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 82%: ?

82%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.159.228.210

Whois 52.159.228.210

IP Abuse Reports for 52.159.228.210:

This IP address has been reported a total of 26 times from 22 distinct sources. 52.159.228.210 was first reported on August 15th 2025, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇦 Tanados	2026-06-22 02:30:02 (8 hours ago)	Blocked by UFW [2087/tcp] Source port: 26251 TTL: 47 Packet length: 60 TOS: 0x00 This report was ge ... show more Blocked by UFW [2087/tcp] Source port: 26251 TTL: 47 Packet length: 60 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 xmission.com	2026-06-22 02:08:35 (8 hours ago)	Blocked by UFW (TCP on 8080) Source port: 26241 TTL: 52 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 8080) Source port: 26241 TTL: 52 Packet length: 60 TOS: 0x00 This report (for 52.159.228.210) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇩🇪 maxpower	2026-06-22 01:16:16 (9 hours ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 52.159.228.210 (US/United States/-): 2 i ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 52.159.228.210 (US/United States/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 52.159.228.210 - - [22/Jun/2026:03:16:10 +0200] "GET /wp-config.php.bak HTTP/1.1" 403 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" "-" host=51.89.20.64 52.159.228.210 - - [22/Jun/2026:03:16:13 +0200] "GET /.aws/credentials HTTP/1.1" 404 10388 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "-" host=51.89.20.64 show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-22 00:48:08 (10 hours ago)	(mod_security) mod_security (id:210492) triggered by 52.159.228.210 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.159.228.210 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 20:48:02.662346 2026] [security2:error] [pid 23940:tid 23940] [client 52.159.228.210:25622] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.101"] [uri "/.git/logs/HEAD"] [unique_id "ajiGQgKQzg5r4yeiW7Es_gAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇸 Scan	2026-06-22 00:43:25 (10 hours ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 RAP	2026-06-21 22:03:50 (13 hours ago)	2026-06-21 22:03:50 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇳🇱 Selckie	2026-06-19 10:35:02 (3 days ago)	fail2ban: NGINX unusual impact	Web App Attack
🇮🇩 sockominfo	2026-06-17 14:00:53 (4 days ago)	Suspicious URL access.. Threat Score: 5.1/10 (MEDIUM). Confidence: 40%. CVSS v3.1: 2.9/10 (Low). CVS ... show more Suspicious URL access.. Threat Score: 5.1/10 (MEDIUM). Confidence: 40%. CVSS v3.1: 2.9/10 (Low). CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. Bayesian Probability: 40%. MITRE ATT&CK: T1016 (System Network Configuration Discovery). Tactic: TA0001. Freshness: Fresh. Source Reputation: UNKNOWN. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Web App Attack
🇮🇩 sockominfo	2026-06-17 13:00:09 (4 days ago)	Suspicious URL access.. Threat Score: 3.9/10 (LOW). Reported by TangerangKota-CSIRT	Hacking Web App Attack
🇹🇷 Threat.live	2026-06-17 11:35:03 (4 days ago)	Suspicious Connection Attempts	Brute-Force
🇷🇺 punctualsuspension968	2026-06-02 06:10:04 (2 weeks ago)	blocked by ufw on TCP 8443	Port Scan
🇺🇸 RAP	2026-06-02 05:25:25 (2 weeks ago)	2026-06-02 05:25:25 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
Anonymous	2026-06-02 05:03:44 (2 weeks ago)	PORT & IP Scan.	Port Scan Brute-Force
🇹🇭 Sawasdee	2026-06-02 05:02:26 (2 weeks ago)	Port Scan ...	Port Scan
🇫🇷 polido	2026-06-02 02:53:03 (2 weeks ago)	Unauthorized connection attempt to port 443 from 52.159.228.210	Port Scan

Showing 1 to 15 of 26 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 2a01:4f8:c010:8b36::1

🇪🇹 196.188.93.169

🇳🇱 160.119.76.34

🇺🇸 104.26.12.38

🇨🇳 59.61.184.119

🇧🇷 43.164.195.160

🇺🇸 2607:f8b0:4004:c07::127

🇸🇪 171.25.158.70

🇵🇪 138.59.67.12

🇨🇳 129.211.229.121

🇺🇸 98.10.45.32

🇧🇬 79.124.58.98

🇩🇪 69.5.169.36

🇹🇭 45.194.70.254

🇺🇸 20.168.5.222

🇸🇦 5.110.44.75

🇩🇪 213.209.159.238

🇳🇱 185.93.89.144

🇮🇳 103.195.81.146

🇩🇪 94.156.232.89