JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.159.244.171

52.159.244.171 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 38%: ?

38%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.159.244.171

Whois 52.159.244.171

IP Abuse Reports for 52.159.244.171:

This IP address has been reported a total of 19 times from 14 distinct sources. 52.159.244.171 was first reported on October 28th 2025, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-03 10:01:13 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 52.159.244.171 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 52.159.244.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 06:01:07.657242 2026] [security2:error] [pid 21746:tid 21746] [client 52.159.244.171:53254] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|192.64.150.100\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "192.64.150.100"] [uri "/backup.sql"] [unique_id "ah_7Y8SmF5UbktdXDLi1IgAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Hiigara	2026-06-03 10:00:42 (3 weeks ago)	connection attempt : 52.159.244.171 on port : tcp/8080 (HTTP-alt)	Port Scan
🇹🇷 SeczarSecureOps	2026-06-03 05:20:28 (3 weeks ago)	Auto-blocked by Seczar SecureOps — Port Scan Detection (6 events in 10min) at 2026-06-03 05:20	Port Scan
🇺🇸 TJTheSpy	2026-06-03 05:17:38 (3 weeks ago)	52.159.244.171 - - [03/Jun/2026:05:17:24 +0000] "GET /.git/config HTTP/1.1" 404 2208 "-" "Mozilla/5. ... show more 52.159.244.171 - - [03/Jun/2026:05:17:24 +0000] "GET /.git/config HTTP/1.1" 404 2208 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14.4; rv:125.0) Gecko/20100101 Firefox/125.0" 52.159.244.171 - - [03/Jun/2026:05:17:25 +0000] "GET /.env HTTP/1.1" 404 2208 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 52.159.244.171 - - [03/Jun/2026:05:17:26 +0000] "GET /.env.local HTTP/1.1" 404 2208 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 52.159.244.171 - - [03/Jun/2026:05:17:31 +0000] "GET /.env.save HTTP/1.1" 404 2208 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 52.159.244.171 - - [03/Jun/2026:05:17:38 +0000] "GET /config/database.yml HTTP/1.1" 404 2208 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ... show less	Bad Web Bot
🇳🇱 Mangelot Hosting	2026-06-03 05:09:10 (3 weeks ago)	(modsecurity) srv102 ModSecurity 52.159.244.171 (US/United States/-): 10 in the last 3600 secs; Port ... show more (modsecurity) srv102 ModSecurity 52.159.244.171 (US/United States/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇬🇧 Marten Mark	2026-06-03 04:43:54 (3 weeks ago)	52.159.244.171 - - [03/Jun/2026:04:43:53 +0000] "GET /.git/HEAD HTTP/1.1" 301 166 "-" "Mozilla/5.0 ( ... show more 52.159.244.171 - - [03/Jun/2026:04:43:53 +0000] "GET /.git/HEAD HTTP/1.1" 301 166 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Web App Attack Bad Web Bot
🇺🇸 tedmichalik.com	2026-06-03 04:36:21 (3 weeks ago)	52.159.244.171 - - [03/Jun/2026:00:36:15 -0400] "GET /.git/HEAD HTTP/1.1" 404 496 "-" "Mozilla/5.0 ( ... show more 52.159.244.171 - - [03/Jun/2026:00:36:15 -0400] "GET /.git/HEAD HTTP/1.1" 404 496 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ... show less	Web App Attack
🇬🇧 PeravixGroup	2026-06-03 04:31:10 (3 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇺🇸 Starburst SysOp Team	2026-06-03 04:22:58 (3 weeks ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-mnz6-1)	Hacking Bad Web Bot
Anonymous	2026-06-03 04:15:27 (3 weeks ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-06-03 04:13:44 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 52.159.244.171 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.159.244.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 00:13:40.657300 2026] [security2:error] [pid 330:tid 330] [client 52.159.244.171:16264] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.37"] [uri "/.git/HEAD"] [unique_id "ah-p9AIJPPQyDbAfYvcq-gAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Rayulcifer	2026-04-25 08:39:50 (2 months ago)	52.159.244.171 - - [25/Apr/2026:03:39:50 -0500] "GET http://clients2.google.com/time/1/current?cup2k ... show more 52.159.244.171 - - [25/Apr/2026:03:39:50 -0500] "GET http://clients2.google.com/time/1/current?cup2key=9:bU1_OD8nepilAQd7cUVhOxWDDP9ohQdDN1xdNI7IYdw&cup2hreq=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP/1.1" 200 855 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36" 52.159.244.171 - - [25/Apr/2026:03:39:50 -0500] "CONNECT accounts.google.com:443 HTTP/1.1" 502 488 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇺🇸 TPI-Abuse	2026-04-10 02:18:10 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 52.159.244.171 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.159.244.171 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 09 22:18:06.083790 2026] [security2:error] [pid 3910237:tid 3910237] [client 52.159.244.171:43009] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "drlwr.com"] [uri "/.git/config"] [unique_id "adhd3ig34CzAxFfbdCAlLQAAAAQ"], referer: https://claude.ai/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Rayulcifer	2026-04-05 11:30:07 (2 months ago)	52.159.244.171 - - [05/Apr/2026:06:30:05 -0500] "CONNECT www.itemsatis.com:443 HTTP/1.1" 502 544 "-" ... show more 52.159.244.171 - - [05/Apr/2026:06:30:05 -0500] "CONNECT www.itemsatis.com:443 HTTP/1.1" 502 544 "-" "-" 52.159.244.171 - - [05/Apr/2026:06:30:05 -0500] "\x16\x03\x01\x01\x03\x01" 400 392 "-" "-" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇺🇸 donarev419	2026-04-04 03:58:29 (2 months ago)	Port scan detected on port 80 (connection without data transfer)	Port Scan

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 209.38.120.71

🇹🇭 202.183.141.189

🇧🇼 168.167.228.123

🇨🇴 161.18.234.168

🇿🇦 102.66.181.242

🇳🇱 91.92.40.240

🇨🇦 85.217.149.71

🇸🇬 43.128.81.242

🇧🇪 198.235.24.231

🇺🇸 172.184.219.219

🇸🇬 158.178.228.72

🇨🇳 119.45.119.171

🇺🇸 66.93.12.77

🇸🇬 62.146.232.73

🇦🇺 34.40.145.110

🇩🇪 213.209.159.227

🇺🇸 195.184.76.90

🇧🇴 186.121.222.66

🇦🇷 181.165.59.13

🇺🇸 147.185.132.139