JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.159.244.177

52.159.244.177 was found in our database!

This IP was reported 86 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.159.244.177

Whois 52.159.244.177

IP Abuse Reports for 52.159.244.177:

This IP address has been reported a total of 86 times from 66 distinct sources. 52.159.244.177 was first reported on October 24th 2025, and the most recent report was 10 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 Mark--	2026-06-28 11:42:20 (10 hours ago)	Unauthorized connection attempt detected port 8080	Hacking
🇳🇱 oisecnet	2026-06-27 21:01:40 (1 day ago)	Automated report: Unauthorized vulnerability scanning detected on 2026-06-27. 117 requests from this ... show more Automated report: Unauthorized vulnerability scanning detected on 2026-06-27. 117 requests from this IP. show less	Brute-Force Web App Attack SSH
Anonymous	2026-06-27 14:15:50 (1 day ago)	Honeypot hit: Empty payload (likely service probe); 2087 [1], 2086 [1], 2082 [1], 2083 [1] TCP Repor ... show more Honeypot hit: Empty payload (likely service probe); 2087 [1], 2086 [1], 2082 [1], 2083 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇹🇭 Sawasdee	2026-06-27 12:18:07 (1 day ago)	Unwanted checking 80 or 443 port ...	Bad Web Bot
🇮🇪 AutosOnShow	2026-06-27 12:04:05 (1 day ago)	blocked for webapp attack \| path requested: /.env \| seen at 2026-06-27 12:03:45.056 \|	Web App Attack
🇹🇷 Threat.live	2026-06-27 11:40:03 (1 day ago)	Suspicious Connection Attempts	Brute-Force
🇦🇹 neo72	2026-06-26 07:22:04 (2 days ago)	Detected malicious activity - bulk block	Brute-Force Web App Attack
🇲🇽 octageeks.com	2026-06-26 04:20:08 (2 days ago)	Wordpress malicious attack:[octaxmlrpc]	Web App Attack
🇫🇷 tecnicorioja	2026-06-25 22:02:17 (3 days ago)	POST /xmlrpc.php [25/Jun/2026:18:21:05	Web App Attack Brute-Force
🇺🇸 lostswordfish.com	2026-06-25 20:22:05 (3 days ago)	Wordfence waf block on kcuar	Web App Attack
🇧🇪 cmbplf	2026-06-25 20:07:20 (3 days ago)	4.230 requests from abuseipdb.com blacklisted IP (1yr10mos3w)	Brute-Force Bad Web Bot
🇩🇪 pscriptos	2026-06-25 19:24:56 (3 days ago)	{"ClientAddr":"52.159.244.177:53420","ClientHost":"52.159.244.177","ClientPort":"53420","ClientUsern ... show more {"ClientAddr":"52.159.244.177:53420","ClientHost":"52.159.244.177","ClientPort":"53420","ClientUsername":"-","DownstreamContentSize":656,"DownstreamStatus":200,"Duration":104916978,"OriginContentSize":656,"OriginDuration":101504087,"OriginStatus":200,"Overhead":3412891,"RequestAddr":"www.cleveradmin.de","RequestContentSize":114,"RequestCount":1447043,"RequestHost":"www.cleveradmin.de","RequestMethod":"POST","RequestPath":"/xmlrpc.php","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"https","RetryAttempts":0,"RouterName":"cleveradmin-www-websecure@file","ServiceAddr":"172.16.80.10:80","ServiceName":"cleveradmin-www@file","ServiceURL":"http://172.16.80.10:80","StartLocal":"2026-06-25T21:24:27.10623002+02:00","StartUTC":"2026-06-25T19:24:27.10623002Z","TLSCipher":"TLS_AES_128_GCM_SHA256","TLSVersion":"1.3","entryPointName":"websecure","level":"info","msg":"","time":"2026-06-25T21:24:27+02:00"} {"ClientAddr":"52.159.244.177:55248","ClientHost":"52.159.244.177","ClientPort":" ... show less	Brute-Force Web App Attack
🇳🇱 i-turnradio.nl	2026-06-25 19:16:30 (3 days ago)	2026-06-25 @ 21:16:30 (CET) ~ Blocked for trying to access: /wp-json/wp/v2/users/	Web App Attack
🇩🇪 FeG Deutschland	2026-06-25 19:15:13 (3 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 27	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 19:11:10 (3 days ago)	(mod_security) mod_security (id:225170) triggered by 52.159.244.177 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 52.159.244.177 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 15:11:05.100710 2026] [security2:error] [pid 21629:tid 21629] [client 52.159.244.177:55107] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|pcoecsi.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "pcoecsi.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aj19SXFw8XkspqRPeFyesQAAABg"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 86 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.113

🇰🇷 211.221.196.103

🇮🇳 203.192.232.180

🇩🇪 194.88.98.116

🇩🇪 178.128.194.134

🇬🇧 178.62.89.9

🇸🇬 165.232.170.247

🇺🇸 162.0.226.2

🇮🇳 122.168.123.73

🇭🇰 104.208.101.142

🇻🇳 103.200.22.154

🇩🇪 92.246.91.138

🇧🇬 79.124.40.126

🇮🇳 52.66.226.71

🇰🇷 43.202.76.136

🇺🇸 35.88.222.62

🇧🇷 14.102.230.4

🇬🇧 13.42.36.82

🇫🇮 217.217.247.246

🇧🇷 205.210.31.215