JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.159.245.182

52.159.245.182 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 67%: ?

67%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.159.245.182

Whois 52.159.245.182

IP Abuse Reports for 52.159.245.182:

This IP address has been reported a total of 17 times from 15 distinct sources. 52.159.245.182 was first reported on September 16th 2025, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇯🇵 SentinalX by uzumaru	2026-06-08 02:46:11 (8 hours ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: speed.hetzner.de:443 show less	Open Proxy Port Scan
🇺🇸 masterguru	2026-06-04 16:25:01 (3 days ago)	Host header is a numeric IP address. Pattern match "^ (920350-163)	Hacking Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-04 12:37:02 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 52.159.245.182 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.159.245.182 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 08:36:57.479075 2026] [security2:error] [pid 3371:tid 3371] [client 52.159.245.182:14146] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.19"] [uri "/.git/HEAD"] [unique_id "aiFxaQ9iauca_UMIVV5NjwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 cwytech	2026-06-02 07:20:35 (6 days ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/tactical-rmm-lockdown-high.	Hacking
🇺🇸 ISPLtd	2026-06-02 06:24:59 (6 days ago)	Jun 2 00:24:58 52.159.245.182 TCP SPT=5252 DPT=2087 SYN Jun 2 00:24:58 52.159.245.182 TCP SPT=5258 ... show more Jun 2 00:24:58 52.159.245.182 TCP SPT=5252 DPT=2087 SYN Jun 2 00:24:58 52.159.245.182 TCP SPT=5258 DPT=8443 SYN Jun 2 00:24:58 52.159.245.182 TCP SPT=5261 DPT=8080 ... show less	Port Scan
Anonymous	2026-06-02 06:03:42 (6 days ago)	PORT & IP Scan.	Port Scan Brute-Force
Anonymous	2026-06-02 05:22:43 (6 days ago)	RdpGuard detected brute-force attempt on HTTP	Brute-Force
Anonymous	2026-06-02 05:00:00 (6 days ago)	SSH Brute-Force	DDoS Attack Port Scan Hacking Brute-Force SSH
Anonymous	2026-06-02 04:52:02 (6 days ago)	Bot detected scanning for vulnerable pages	Port Scan
🇦🇺 LiftUp Hosting	2026-06-02 04:04:01 (6 days ago)	Honeypot hit: Empty payload (likely service probe); 2087 [1], 2086 [1], 2082 [1], 2083 [1] TCP	Port Scan
🇺🇸 MPL	2026-06-02 03:51:04 (6 days ago)	tcp port scan (8 or more attempts)	Port Scan
🇩🇪 acadeova	2026-06-02 02:58:44 (6 days ago)	🚨 Recon detected (nft drop) SRC=52.159.245.182 Observed=TCP dpt=80 in=enp0s6 ttl=37 Time=recent(jour ... show more 🚨 Recon detected (nft drop) SRC=52.159.245.182 Observed=TCP dpt=80 in=enp0s6 ttl=37 Time=recent(journalctl: 10 minutes ago) Assessment=Generic scanning / reconnaissance (PORT_SCAN) show less	Port Scan
🇫🇷 ISPLtd	2026-06-02 02:50:44 (6 days ago)	Jun 1 23:50:43 52.159.245.182 TCP SPT=5268 DPT=2087 SYN Jun 1 23:50:44 52.159.245.182 TCP SPT=5260 ... show more Jun 1 23:50:43 52.159.245.182 TCP SPT=5268 DPT=2087 SYN Jun 1 23:50:44 52.159.245.182 TCP SPT=5260 DPT=8080 SYN Jun 1 23:50:44 52.159.245.182 TCP SPT=5267 DPT=2083 ... show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-02 02:44:33 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 52.159.245.182 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.159.245.182 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 22:44:26.512691 2026] [security2:error] [pid 1953:tid 1953] [client 52.159.245.182:5201] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.151.37"] [uri "/.git/HEAD"] [unique_id "ah5Ditqhiz8BNPvPNzAZRgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 alexsky06	2026-06-02 01:56:09 (6 days ago)	WAF block: crowdsecurity/vpatch-git-config from 52.159.245.182	Web App Attack Hacking

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 172.253.229.216

🇭🇰 165.154.20.228

🇰🇷 121.167.146.157

🇺🇸 100.49.117.77

🇸🇬 47.128.123.193

🇱🇹 45.84.205.131

🇲🇽 189.197.20.80

🇺🇸 137.184.5.188

🇺🇸 104.222.45.147

🇳🇬 102.91.77.92

🇺🇸 96.78.175.41

🇧🇷 45.205.1.244

🇭🇰 45.142.154.87

🇸🇬 45.78.194.186

🇺🇸 43.162.99.8

🇺🇸 35.231.228.225

🇮🇳 2a02:4780:11:1975:0:1110:c271:1

🇬🇧 185.61.153.105

🇺🇸 107.150.103.210

🇺🇸 65.49.1.21