JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.159.243.161

52.159.243.161 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 55%: ?

55%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.159.243.161

Whois 52.159.243.161

IP Abuse Reports for 52.159.243.161:

This IP address has been reported a total of 20 times from 18 distinct sources. 52.159.243.161 was first reported on September 7th 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 xmission.com	2026-06-16 11:28:19 (2 days ago)	Blocked by UFW (TCP on 2078) Source port: 1026 TTL: 52 Packet length: 60 TOS: 0x00 This report (for ... show more Blocked by UFW (TCP on 2078) Source port: 1026 TTL: 52 Packet length: 60 TOS: 0x00 This report (for 52.159.243.161) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 ISPLtd	2026-06-16 10:24:55 (2 days ago)	Jun 16 04:24:54 52.159.243.161 TCP SPT=1026 DPT=2095 SYN Jun 16 04:24:54 52.159.243.161 TCP SPT=1024 ... show more Jun 16 04:24:54 52.159.243.161 TCP SPT=1026 DPT=2095 SYN Jun 16 04:24:54 52.159.243.161 TCP SPT=1024 DPT=2083 SYN Jun 16 04:24:54 52.159.243.161 TCP SPT=1024 DPT=2082 ... show less	Port Scan
Anonymous	2026-06-14 21:17:44 (3 days ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 EricTheRedFL	2026-06-14 18:39:05 (3 days ago)	web.ab-data.us:80 52.159.243.161 - - [14/Jun/2026:06:56:22 -0400] "GET /.git/HEAD HTTP/1.1" 301 595 ... show more web.ab-data.us:80 52.159.243.161 - - [14/Jun/2026:06:56:22 -0400] "GET /.git/HEAD HTTP/1.1" 301 595 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" web.ab-data.us:80 52.159.243.161 - - [14/Jun/2026:06:56:23 -0400] "GET /.git/config HTTP/1.1" 301 599 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" web.ab-data.us:80 52.159.243.161 - - [14/Jun/2026:06:56:24 -0400] "GET /.env HTTP/1.1" 301 585 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" web.ab-data.us:80 52.159.243.161 - - [14/Jun/2026:06:56:25 -0400] "GET /.env.local HTTP/1.1" 301 597 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" web.ab-data.us:80 52.159.243.161 - - [14/Jun/2026:06:56:25 -0400] "GET /.env.production HTTP/1.1" 301 607 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.3 ... show less	Hacking Brute-Force Web App Attack
Anonymous	2026-06-14 17:00:00 (3 days ago)	SSH Brute-Force	DDoS Attack Port Scan Hacking Brute-Force SSH
Anonymous	2026-06-14 12:13:28 (4 days ago)	Honeypot hit: Empty payload (likely service probe); 2083 [1], 2086 [1], 2082 [1], 2087 [1] TCP Repor ... show more Honeypot hit: Empty payload (likely service probe); 2083 [1], 2086 [1], 2082 [1], 2087 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇫🇷 dynamix	2026-06-14 11:28:27 (4 days ago)	Multiple WAF Violations	Web App Attack
🇫🇷 GabrielJST	2026-06-14 10:22:55 (4 days ago)	Port Scan detected from 52.159.243.161 (US/United States/-).	Port Scan
🇺🇸 Rayulcifer	2026-05-01 23:48:01 (1 month ago)	52.159.243.161 - - [01/May/2026:18:47:15 -0500] "CONNECT ctf.themctf.com:443 HTTP/1.1" 502 488 "-" " ... show more 52.159.243.161 - - [01/May/2026:18:47:15 -0500] "CONNECT ctf.themctf.com:443 HTTP/1.1" 502 488 "-" "-" 52.159.243.161 - - [01/May/2026:18:47:16 -0500] "\x16\x03\x01" 400 392 "-" "-" 52.159.243.161 - - [01/May/2026:18:47:51 -0500] "CONNECT ctf.themctf.com:443 HTTP/1.1" 502 488 "-" "-" 52.159.243.161 - - [01/May/2026:18:47:52 -0500] "\x16\x03\x01" 400 392 "-" "-" 52.159.243.161 - - [01/May/2026:18:48:00 -0500] "CONNECT ctf.themctf.com:443 HTTP/1.1" 502 488 "-" "-" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇯🇵 demonsword	2026-05-01 23:47:16 (1 month ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: ctf.themctf.com:443 show less	Open Proxy Port Scan
🇩🇪 2048	2026-04-08 07:12:29 (2 months ago)	2026-04-08T08:12:26.598925+01:00 machodeer kernel: [3889166.230391] [UFW BLOCK] IN=ens3 OUT= MAC=RED ... show more 2026-04-08T08:12:26.598925+01:00 machodeer kernel: [3889166.230391] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=52.159.243.161 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=26947 DF PROTO=TCP SPT=12296 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-04-08T08:12:27.628618+01:00 machodeer kernel: [3889167.262582] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=52.159.243.161 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=26948 DF PROTO=TCP SPT=12296 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-04-08T08:12:28.653367+01:00 machodeer kernel: [3889168.286566] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=52.159.243.161 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=26949 DF PROTO=TCP SPT=12296 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 show less	Port Scan
🇩🇪 Bedios GmbH	2026-04-08 02:40:56 (2 months ago)	Login credentials theft attempt	Hacking
🇺🇸 TPI-Abuse	2026-04-08 01:55:51 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 52.159.243.161 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.159.243.161 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 07 21:55:45.320387 2026] [security2:error] [pid 2069292:tid 2069292] [client 52.159.243.161:27351] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "legacy-insight.com"] [uri "/.git/config"] [unique_id "adW1oWxk98FdH1yacYoDJAAAAA0"], referer: https://www.youtube.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-04-08 01:37:02 (2 months ago)	140 requests with url.path */auth.json	Brute-Force Bad Web Bot
🇳🇱 ipoac.nl	2026-04-08 01:19:17 (2 months ago)	ipoac.nl:443 52.159.243.161 - - [08/Apr/2026:03:19:15 +0200] ipoac.nl "GET /.git/config HTTP/2.0" 40 ... show more ipoac.nl:443 52.159.243.161 - - [08/Apr/2026:03:19:15 +0200] ipoac.nl "GET /.git/config HTTP/2.0" 404 3298 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" show less	Bad Web Bot

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.103

🇵🇱 194.180.49.219

🇺🇸 154.83.197.50

🇧🇷 45.162.8.14

🇺🇸 45.130.83.246

🇩🇿 154.241.86.233

🇺🇸 152.32.207.234

🇳🇱 93.123.72.183

🇪🇸 88.98.104.229

🇺🇸 74.82.47.29

🇺🇸 65.49.1.217

🇭🇰 45.142.154.15

🇬🇧 35.203.211.136

🇺🇸 18.234.161.2

🇺🇸 217.181.71.67

🇲🇽 209.178.136.62

🇧🇪 198.235.24.238

🇸🇪 155.4.31.215

🇧🇷 129.121.50.245

🇸🇪 74.241.134.117