JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.159.228.211

52.159.228.211 was found in our database!

This IP was reported 360 times. Confidence of Abuse is 87%: ?

87%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.159.228.211

Whois 52.159.228.211

IP Abuse Reports for 52.159.228.211:

This IP address has been reported a total of 360 times from 205 distinct sources. 52.159.228.211 was first reported on January 17th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-17 22:45:00 (3 days ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇷🇸 Scan	2026-06-17 00:31:32 (4 days ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
Anonymous	2026-06-16 22:16:49 (4 days ago)	[email.tmg.gr] httpd-suspicious-path: sites=global; logs=/var/log/httpd/access_log; samples=/.git/HE ... show more [email.tmg.gr] httpd-suspicious-path: sites=global; logs=/var/log/httpd/access_log; samples=/.git/HEAD \| /.git/logs/HEAD \| /.git/refs/heads/master show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 20:46:46 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 52.159.228.211 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.159.228.211 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 16:46:41.142637 2026] [security2:error] [pid 21214:tid 21214] [client 52.159.228.211:45125] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.19"] [uri "/.git/HEAD"] [unique_id "ajG2MQhdNirt-VRfLofm-QAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 webadmin	2026-06-16 20:33:19 (4 days ago)		Web App Attack
🇫🇮 geot	2026-06-12 15:27:53 (1 week ago)	GET /.git/config HTTP/1.1 GET /config.php HTTP/1.1 GET /wp-config.php HTTP/1.1 GET /.htpasswd HTTP/1 ... show more GET /.git/config HTTP/1.1 GET /config.php HTTP/1.1 GET /wp-config.php HTTP/1.1 GET /.htpasswd HTTP/1.1 GET /backup.sql HTTP/1.1 GET /.git/HEAD HTTP/1.1 GET /.aws/credentials HTTP/1.1 GET /actuator/env HTTP/1.1 GET /.env HTTP/1.1 GET /.env.save HTTP/1.1 GET /server-status HTTP/1.1 show less	Hacking Bad Web Bot Web App Attack
🇺🇸 BSG Webmaster	2026-06-10 07:00:06 (1 week ago)	Port scanning (Port 443)	Port Scan Hacking
🇫🇮 TrafficAnalyser	2026-06-10 03:11:49 (1 week ago)	Port scanning	Port Scan
Anonymous	2026-06-10 03:06:56 (1 week ago)	(NGINX) Security rule triggered from 52.159.228.211 (US/United States/-): 5 in the last 3600 secs	Web App Attack
🇩🇪 marcel-knorr.de	2026-06-10 01:19:55 (1 week ago)	[MK-Root1] Blocked by UFW	Brute-Force Port Scan
🇳🇱 DrLex0	2026-06-10 00:42:41 (1 week ago)	Poking for git configs and env files 52.159.228.211 443 - [10/Jun/2026:00:42:38 +0000] "GET /.git/H ... show more Poking for git configs and env files 52.159.228.211 443 - [10/Jun/2026:00:42:38 +0000] "GET /.git/HEAD HTTP/1.1" 404 5965 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 52.159.228.211 443 - [10/Jun/2026:00:42:39 +0000] "GET /.git/config HTTP/1.1" 404 5965 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 52.159.228.211 443 - [10/Jun/2026:00:42:41 +0000] "GET /.env HTTP/1.1" 404 5965 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-10 00:28:00 (1 week ago)	vulnerabilities scan	Port Scan Hacking Web App Attack
🇷🇸 Scan	2026-06-10 00:19:58 (1 week ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇫🇷 dynamix	2026-06-09 23:42:54 (1 week ago)	Multiple WAF Violations	Web App Attack
🇺🇸 MPL	2026-06-09 23:41:26 (1 week ago)	tcp/2087	Port Scan

Showing 1 to 15 of 360 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇦 143.110.217.244

🇷🇴 141.98.83.240

🇨🇳 120.53.2.123

🇻🇳 42.119.84.16

🇺🇸 20.106.182.213

🇲🇩 2620:171:73:f001:9999::48

🇮🇩 180.252.147.158

🇭🇰 154.221.25.72

🇮🇳 143.110.190.22

🇻🇳 125.212.159.232

🇮🇩 117.102.86.226

🇺🇸 107.175.69.109

🇺🇸 66.132.195.54

🇰🇷 49.246.68.220

🇺🇸 20.163.15.220

🇲🇩 2620:171:73:f003:9999::50

🇭🇰 210.177.143.61

🇫🇷 185.177.72.29

🇬🇧 143.110.173.243

🇻🇳 113.177.239.252