JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.159.244.66

52.159.244.66 was found in our database!

This IP was reported 25 times. Confidence of Abuse is 67%: ?

67%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.159.244.66

Whois 52.159.244.66

IP Abuse Reports for 52.159.244.66:

This IP address has been reported a total of 25 times from 21 distinct sources. 52.159.244.66 was first reported on August 15th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 kuroneko_omu	2026-06-05 16:51:02 (1 day ago)	[autoreport] Probably Web App attack (eg. wp, phpmyadmin, ...)	Hacking Brute-Force Web App Attack
🇺🇸 kuroneko_omu	2026-06-03 16:51:02 (3 days ago)	[autoreport] Probably Web App attack (eg. wp, phpmyadmin, ...)	Hacking Brute-Force Web App Attack
🇺🇸 kuroneko_omu	2026-06-02 16:51:01 (4 days ago)	[autoreport] Probably Web App attack (eg. wp, phpmyadmin, ...)	Hacking Brute-Force Web App Attack
🇬🇧 PeravixGroup	2026-06-02 07:23:22 (5 days ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
Anonymous	2026-06-02 04:50:19 (5 days ago)	2026-06-02 04:50:19 warning[5754579]: host unknown[52.159.244.66]: unauthorized https acce ... show more 2026-06-02 04:50:19 warning[5754579]: host unknown[52.159.244.66]: unauthorized https access attempted: tcp/443 show less	Port Scan Brute-Force
🇹🇭 Sawasdee	2026-06-02 04:31:48 (5 days ago)	Port Scan ...	Port Scan
Anonymous	2026-06-02 04:25:02 (5 days ago)	suspicious request in access.log	Web App Attack
🇫🇷 dynamix	2026-06-02 04:13:27 (5 days ago)	Multiple WAF Violations	Web App Attack
Anonymous	2026-06-02 04:07:53 (5 days ago)	Honeypot hit: Empty payload (likely service probe); 2087 [2], 2082 [1], 2086 [1], 2083 [1] TCP Repor ... show more Honeypot hit: Empty payload (likely service probe); 2087 [2], 2082 [1], 2086 [1], 2083 [1] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇧🇷 somosbr	2026-06-02 03:43:41 (5 days ago)	[2026-06-02T03:43:40Z] Unsolicited scan from 52.159.244.66 to port 80/tcp	Port Scan
🇩🇪 zupan	2026-06-02 02:52:04 (5 days ago)	Blocked by UFW on vps [8443/tcp] \| SPT: 53268 \| TTL: 38 \| LEN: 60 \| TOS: 0x00 • Reported by: github. ... show more Blocked by UFW on vps [8443/tcp] \| SPT: 53268 \| TTL: 38 \| LEN: 60 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇷🇸 Scan	2026-06-02 02:01:58 (5 days ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-02 01:46:40 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 52.159.244.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 52.159.244.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 21:46:33.765420 2026] [security2:error] [pid 22311:tid 22311] [client 52.159.244.66:54036] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.74"] [uri "/.git/HEAD"] [unique_id "ah41-TF1dedos6hGOLzBQAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 01:22:27 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 52.159.244.66 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 52.159.244.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 21:22:23.666664 2026] [security2:error] [pid 2163:tid 2180] [client 52.159.244.66:53221] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.124"] [uri "/.git/HEAD"] [unique_id "ah4wTz9l4WUTjlVn1hM-6gAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 ivanbiagi7	2026-06-02 01:05:12 (5 days ago)	(localhost/crowdsec) crowdsecurity/http-sensitive-files by ip 52.159.244.66 (US/8075) : 4h ban on Ip ... show more (localhost/crowdsec) crowdsecurity/http-sensitive-files by ip 52.159.244.66 (US/8075) : 4h ban on Ip 52.159.244.66 show less	Web App Attack

Showing 1 to 15 of 25 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 218.59.201.12

🇺🇬 196.0.3.188

🇳🇱 195.178.110.133

🇺🇿 198.163.193.143

🇺🇸 198.12.152.88

🇧🇷 170.80.81.139

🇻🇪 154.27.136.216

🇮🇶 151.244.155.163

🇭🇰 143.14.151.180

🇿🇦 102.221.220.50

🇫🇷 85.217.140.46

🇺🇸 64.62.156.38

🇺🇸 38.77.211.196

🇰🇷 211.197.12.104

🇰🇷 211.46.188.16

🇭🇰 199.45.155.74

🇷🇺 195.2.67.184

🇬🇧 193.163.125.183

🇧🇴 181.115.147.5

🇺🇸 172.203.241.222