JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.159.245.160

52.159.245.160 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 80%: ?

80%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.159.245.160

Whois 52.159.245.160

IP Abuse Reports for 52.159.245.160:

This IP address has been reported a total of 26 times from 23 distinct sources. 52.159.245.160 was first reported on July 20th 2025, and the most recent report was 15 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇹 urnilxfgbez	2026-06-07 22:45:00 (15 hours ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇩🇰 swrlly	2026-06-07 01:54:49 (1 day ago)	1 unauthorized webserver connection	Web App Attack
🇺🇸 RAP	2026-06-07 01:36:23 (1 day ago)	2026-06-07 01:36:23 UTC Unauthorized activity to TCP port 8443. Web App	Port Scan Web App Attack
🇩🇪 ghostwarriors	2026-06-07 01:20:41 (1 day ago)	Webpage scraping	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-07 01:12:50 (1 day ago)	Multiple WAF Violations	Web App Attack
Anonymous	2026-06-07 01:10:33 (1 day ago)	Port Scan	Port Scan
🇯🇵 VXG-NET	2026-06-07 00:19:14 (1 day ago)	port=80, indicator_type=info-leak	Hacking
🇷🇸 Scan	2026-06-07 00:14:20 (1 day ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-06 22:54:44 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 52.159.245.160 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.159.245.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 18:54:36.998081 2026] [security2:error] [pid 6548:tid 6548] [client 52.159.245.160:25801] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.105"] [uri "/.git/HEAD"] [unique_id "aiSlLLmgcrM9CuhgHR6iHQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Flo Flo	2026-06-06 22:46:20 (1 day ago)	52.159.245.160 - - - [07/Jun/2026:00:46:20 +0200] "82.66.117.16" "GET /.git/HEAD HTTP/1.1" 444 0 "-" ... show more 52.159.245.160 - - - [07/Jun/2026:00:46:20 +0200] "82.66.117.16" "GET /.git/HEAD HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" 0.000 ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 22:39:37 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 52.159.245.160 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.159.245.160 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 18:39:30.565087 2026] [security2:error] [pid 14024:tid 14024] [client 52.159.245.160:26454] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.172"] [uri "/.git/HEAD"] [unique_id "aiShonV_ZP9_vusu7Hq_LgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 Wepted	2026-06-06 21:49:45 (1 day ago)	Port scan detected by honeypot	Port Scan Hacking
🇮🇹 clamehost.it	2026-06-06 20:48:43 (1 day ago)	Automatic report - Brute Force attack using this IP address	Brute-Force
🇯🇵 demonsword	2026-05-10 22:46:42 (4 weeks ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: speed.cloudflare.com:443 show less	Open Proxy Port Scan
🇬🇧 2048	2026-04-24 18:43:26 (1 month ago)	2026-04-24T19:43:22.722793+01:00 machodeer kernel: [5313023.729029] [UFW BLOCK] IN=ens3 OUT= MAC=RED ... show more 2026-04-24T19:43:22.722793+01:00 machodeer kernel: [5313023.729029] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=52.159.245.160 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=53960 DF PROTO=TCP SPT=3282 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-04-24T19:43:23.738317+01:00 machodeer kernel: [5313024.743874] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=52.159.245.160 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=53961 DF PROTO=TCP SPT=3282 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 2026-04-24T19:43:24.763162+01:00 machodeer kernel: [5313025.767795] [UFW BLOCK] IN=ens3 OUT= MAC=REDACTED SRC=52.159.245.160 DST=REDACTED LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=53962 DF PROTO=TCP SPT=3282 DPT=443 WINDOW=64240 RES=0x00 SYN URGP=0 show less	Port Scan

Showing 1 to 15 of 26 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 192.178.65.30

🇰🇷 111.171.127.190

🇳🇱 88.151.33.25

🇺🇸 66.240.223.208

🇺🇸 38.148.249.2

🇺🇸 24.144.122.247

🇹🇿 154.74.129.156

🇯🇵 103.125.146.108

🇺🇸 45.8.19.13

🇺🇸 20.119.74.72

🇨🇳 223.73.123.105

🇹🇷 195.85.207.182

🇨🇳 175.153.165.221

🇨🇳 123.158.49.139

🇯🇵 103.163.220.120

🇷🇺 90.188.38.227

🇷🇴 80.94.92.164

🇹🇯 45.81.37.82

🇨🇭 35.216.172.131

🇺🇸 18.190.15.50