JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.159.229.48

52.159.229.48 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 68%: ?

68%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.159.229.48

Whois 52.159.229.48

IP Abuse Reports for 52.159.229.48:

This IP address has been reported a total of 29 times from 19 distinct sources. 52.159.229.48 was first reported on September 26th 2025, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 MPL	2026-06-17 05:05:29 (3 days ago)	tcp port scan (10 or more attempts)	Port Scan
🇬🇧 pearbright	2026-06-17 03:50:31 (4 days ago)	2026-06-17T03:48:48.091973+00:00 srv740043 kernel: [2405715.517690] [UFW BLOCK] IN=eth0 OUT= MAC=bc: ... show more 2026-06-17T03:48:48.091973+00:00 srv740043 kernel: [2405715.517690] [UFW BLOCK] IN=eth0 OUT= MAC=bc:24:11:cc:aa:85:44:38:39:ff:ff:41:08:00 SRC=52.159.229.48 DST=147.93.84.193 LEN=60 TOS=0x00 PREC=0x20 TTL=31 ID=2159 DF PROTO=TCP SPT=52699 DPT=2078 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-17T03:48:48.109287+00:00 srv740043 kernel: [2405715.538271] [UFW BLOCK] IN=eth0 OUT= MAC=bc:24:11:cc:aa:85:44:38:39:ff:ff:41:08:00 SRC=52.159.229.48 DST=147.93.84.193 LEN=60 TOS=0x00 PREC=0x20 TTL=33 ID=46005 DF PROTO=TCP SPT=52692 DPT=2086 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-17T03:48:48.116930+00:00 srv740043 kernel: [2405715.545860] [UFW BLOCK] IN=eth0 OUT= MAC=bc:24:11:cc:aa:85:44:38:39:ff:ff:41:08:00 SRC=52.159.229.48 DST=147.93.84.193 LEN=60 TOS=0x00 PREC=0x20 TTL=34 ID=30784 DF PROTO=TCP SPT=52697 DPT=2095 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-17T03:48:48.120271+00:00 srv740043 kernel: [2405715.549554] [UFW BLOCK] IN=eth0 OUT= MAC=bc:24:11:cc:aa:85:44:38:39:ff:ff:41:08:00 SRC=52.159.22 ... show less	Port Scan
🇮🇪 AutosOnShow	2026-06-17 03:49:05 (4 days ago)	blocked for webapp attack \| path requested: /.env \| seen at 2026-06-17 03:48:30.206 \|	Web App Attack
🇨🇭 SOC [GOLINE SA]	2026-06-17 02:53:06 (4 days ago)	IDS Alert: WIREGUARD: Traffic from Non-Peer IP === ATTACK === Signature: WIREGUARD: Traffic from Non ... show more IDS Alert: WIREGUARD: Traffic from Non-Peer IP === ATTACK === Signature: WIREGUARD: Traffic from Non-Peer IP \| SID: 8690030 \| Severity: 2 \| Category: Potentially Bad Traffic === SOURCE === IP: 52.159.229.48 (IPv4) \| Port: 53652 \| Country: United States \| ISP: MSFT \| rDNS: None === TARGET === Host: wireguard.goline.ch \| IP: 185.54.80.7 \| Port: 80 \| Protocol: TCP \| App: N/A === RESPONSE === Time: 2026-06-17 04:53:06 \| Action: Blocked show less	Port Scan Hacking Bad Web Bot
🇺🇸 cwytech	2026-06-17 01:16:28 (4 days ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: crowdsecurity/http-sensitive-files.	Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-17 00:48:40 (4 days ago)	Multiple WAF Violations	Web App Attack
🇩🇪 ut-addicted.com	2026-06-17 00:42:25 (4 days ago)	\[Wed Jun 17 02:42:23.824550 2026\] \[:error\] \[pid 29707:tid 139785853191936\] \[client 52.159.229 ... show more \[Wed Jun 17 02:42:23.824550 2026\] \[:error\] \[pid 29707:tid 139785853191936\] \[client 52.159.229.48:53668\] \[client 52.159.229.48\] ModSecurity: Access denied with code 403 \(phase 2\). Operator GE matched 5 at TX:anomaly_score. \[file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-949-BLOCKING-EVALUATION.conf"\] \[line "57"\] \[id "949110"\] \[msg "Inbound Anomaly Score Exceeded \(Total Score: 8\)"\] \[severity "CRITICAL"\] \[tag "application-multi"\] \[tag "language-multi"\] \[tag "platform-multi"\] \[tag "attack-generic"\] \[hostname "78.46.187.162"\] \[uri "/.git/logs/HEAD"\] \[unique_id "ajHtbwVGBhf9ukL7gGKStQAAAIU"\] show less	Brute-Force Web App Attack
🇷🇸 Scan	2026-06-17 00:33:50 (4 days ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 micropedro	2026-06-17 00:27:14 (4 days ago)	4 incidents: port scanning. First: 2026-06-16 20:27, Last: 2026-06-16 20:27 UTC. Triggers: ufw-repea ... show more 4 incidents: port scanning. First: 2026-06-16 20:27, Last: 2026-06-16 20:27 UTC. Triggers: ufw-repeater,non-public-port,ufw-repeater,firewall-tcp. show less	Port Scan
Anonymous	2026-06-17 00:25:30 (4 days ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇯🇵 demonsword	2026-05-26 14:54:39 (3 weeks ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: www.google.com:443 show less	Open Proxy Port Scan
🇮🇱 spd.co.il	2026-05-25 23:05:14 (3 weeks ago)	Web application attack detected	Hacking Web App Attack
Anonymous	2026-05-24 02:25:39 (4 weeks ago)	(caddyscan) Scanner path probe from 52.159.229.48 (US/United States/-): 5 in the last 3600 secs; Por ... show more (caddyscan) Scanner path probe from 52.159.229.48 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 52.159.229.48 - - [24/May/2026:02:25:19 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 52.159.229.48 - - [24/May/2026:02:25:22 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 52.159.229.48 - - [24/May/2026:02:25:23 +0000] "GET /@fs/.env?import&raw HTTP/1.1" [REDACTED] 200 2627 52.159.229.48 - - [24/May/2026:02:25:22 +0000] "GET /@fs/.env.development?import&raw HTTP/1.1" [REDACTED] 200 2627 52.159.229.48 - - [24/May/2026:02:25:24 +0000] "GET /@fs/.env?import&raw HTTP/1.1" show less	Port Scan
Anonymous	2026-05-24 02:10:14 (4 weeks ago)	(caddyscan) Scanner path probe from 52.159.229.48 (US/United States/-): 5 in the last 3600 secs; Por ... show more (caddyscan) Scanner path probe from 52.159.229.48 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 52.159.229.48 - - [24/May/2026:02:09:37 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 52.159.229.48 - - [24/May/2026:02:09:39 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 52.159.229.48 - - [24/May/2026:02:09:40 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 52.159.229.48 - - [24/May/2026:02:09:40 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 52.159.229.48 - - [24/May/2026:02:09:40 +0000] "GET /@fs/.env?import&raw HTTP/1.1" show less	Port Scan
Anonymous	2026-05-24 01:51:21 (4 weeks ago)	(caddyscan) Scanner path probe from 52.159.229.48 (US/United States/-): 5 in the last 3600 secs; Por ... show more (caddyscan) Scanner path probe from 52.159.229.48 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 52.159.229.48 - - [24/May/2026:01:51:07 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 52.159.229.48 - - [24/May/2026:01:51:07 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 52.159.229.48 - - [24/May/2026:01:51:07 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 52.159.229.48 - - [24/May/2026:01:51:07 +0000] "GET /@fs/.env?import&raw HTTP/1.1" [REDACTED] 200 2627 52.159.229.48 - - [24/May/2026:01:51:07 +0000] "GET /@fs/.env.local?import&raw HTTP/1.1" show less	Port Scan

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇱🇰 192.248.88.8

🇧🇴 181.115.214.186

🇭🇰 118.193.43.158

🇨🇳 113.219.177.95

🇺🇸 107.152.36.118

🇳🇱 104.23.166.185

🇨🇳 101.36.228.201

🇺🇸 96.255.189.193

🇫🇷 85.217.140.38

🇩🇪 69.5.169.159

🇲🇾 60.53.125.136

🇩🇪 213.209.159.228

🇪🇨 200.24.197.142

🇷🇼 197.243.14.52

🇲🇽 187.251.98.34

🇧🇬 185.9.16.100

🇺🇸 165.245.167.227

🇩🇪 152.53.141.231

🇨🇳 115.191.9.205

🇨🇳 112.66.0.10