JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.159.243.198

52.159.243.198 was found in our database!

This IP was reported 280 times. Confidence of Abuse is 67%: ?

67%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.159.243.198

Whois 52.159.243.198

IP Abuse Reports for 52.159.243.198:

This IP address has been reported a total of 280 times from 135 distinct sources. 52.159.243.198 was first reported on September 10th 2025, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇱 router.al	2026-06-14 09:58:45 (4 days ago)	06/14/2026-09:58:45.289842 52.159.243.198 Protocol: 6 ET WEB_SERVER WEB-PHP phpinfo access	Port Scan
🇺🇸 TPI-Abuse	2026-06-14 06:50:08 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 52.159.243.198 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.159.243.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 02:50:03.197940 2026] [security2:error] [pid 4641:tid 4641] [client 52.159.243.198:16077] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.227"] [uri "/.git/HEAD"] [unique_id "ai5PG4sZfQaZLxcOSd56rAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-14 05:40:04 (4 days ago)	\| Suspicious URL access.	Web App Attack Hacking SQL Injection
🇩🇪 zupan	2026-06-14 05:24:06 (4 days ago)	Blocked by UFW on vps [2095/tcp] \| SPT: 16088 \| TTL: 37 \| LEN: 60 \| TOS: 0x00 • Reported by: github. ... show more Blocked by UFW on vps [2095/tcp] \| SPT: 16088 \| TTL: 37 \| LEN: 60 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
Anonymous	2026-06-14 05:10:56 (4 days ago)	vulnerabilities scan	Port Scan Hacking Web App Attack
🇩🇪 ITSNF	2026-06-06 19:00:04 (1 week ago)	Blocked by os-abuseipdb; 8 hits, proto=tcp, ports=2082,2083,2086,2087,443,80,8080,8443	Port Scan Hacking
Anonymous	2026-06-06 16:40:33 (1 week ago)	Port Scan	Port Scan
🇺🇸 TPI-Abuse	2026-06-06 15:55:06 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 52.159.243.198 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.159.243.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 11:55:03.148845 2026] [security2:error] [pid 22611:tid 22611] [client 52.159.243.198:57180] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.172"] [uri "/.git/HEAD"] [unique_id "aiRC1x_rkZEDrKkPY0pVsgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 RAP	2026-06-06 15:51:26 (1 week ago)	2026-06-06 15:51:26 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇺🇸 ReportingBaddies	2026-06-03 11:53:53 (2 weeks ago)	Automated credential scanning (.env, AWS/config files). Botnet with spoofed user agents.	Bad Web Bot Web App Attack
🇳🇱 wlt-blocker	2026-06-03 08:30:04 (2 weeks ago)	Unauthorized access to webpage admin	Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 07:42:51 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 52.159.243.198 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.159.243.198 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 03:42:45.668071 2026] [security2:error] [pid 31092:tid 31092] [client 52.159.243.198:65099] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.74"] [uri "/.git/config"] [unique_id "ah_a9WdVlk62EB_qa1LkfQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 RAP	2026-06-03 07:06:25 (2 weeks ago)	2026-06-03 07:06:25 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇺🇸 MPL	2026-06-03 05:32:21 (2 weeks ago)	tcp port scan (8 or more attempts)	Port Scan
Anonymous	2026-06-03 05:23:05 (2 weeks ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host

Showing 1 to 15 of 280 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 174.42.129.80

🇺🇸 172.191.178.196

🇨🇦 68.183.204.19

🇨🇳 223.109.252.240

🇳🇬 196.223.125.249

🇳🇱 193.176.31.244

🇧🇷 186.248.197.77

🇳🇱 176.65.139.56

🇺🇸 172.190.220.228

🇺🇸 172.190.89.127

🇺🇸 166.1.60.230

🇺🇸 162.216.150.169

🇮🇳 122.168.194.41

🇺🇸 70.22.47.49

🇰🇷 59.24.110.57

🇰🇬 212.112.102.151

🇸🇬 172.188.218.162

🇸🇬 172.188.89.41

🇺🇸 172.174.72.225

🇺🇸 162.216.150.139