JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.159.247.164

52.159.247.164 was found in our database!

This IP was reported 50 times. Confidence of Abuse is 73%: ?

73%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.159.247.164

Whois 52.159.247.164

IP Abuse Reports for 52.159.247.164:

This IP address has been reported a total of 50 times from 36 distinct sources. 52.159.247.164 was first reported on November 18th 2025, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇷 Bruno	2026-06-02 13:05:42 (3 weeks ago)	Port Scanner: 52.159.247.164	Port Scan
🇳🇱 StopAbuse	2026-06-02 12:18:14 (3 weeks ago)	tcp/2082 tcp/2083 tcp/2086 tcp/2087 tcp/443 tcp/80 tcp/8080 tcp/8443	Port Scan
🇺🇸 RAP	2026-06-02 12:00:51 (3 weeks ago)	2026-06-02 12:00:51 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 11:52:28 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 52.159.247.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.159.247.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 07:52:21.337060 2026] [security2:error] [pid 17621:tid 17626] [client 52.159.247.164:64092] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.123"] [uri "/.git/HEAD"] [unique_id "ah7D9aHhtijG8hbx9Dwy0wAAAYE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Starburst SysOp Team	2026-06-02 10:23:48 (3 weeks ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-iad5-2)	Hacking Bad Web Bot
🇺🇸 xmission.com	2026-06-02 09:42:22 (3 weeks ago)	Blocked by UFW (TCP on 2082) Source port: 64464 TTL: 115 Packet length: 40 TOS: 0x00 This report (f ... show more Blocked by UFW (TCP on 2082) Source port: 64464 TTL: 115 Packet length: 40 TOS: 0x00 This report (for 52.159.247.164) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-02 09:39:40 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 52.159.247.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.159.247.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 05:39:37.268632 2026] [security2:error] [pid 13615:tid 13615] [client 52.159.247.164:64320] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.19"] [uri "/.env"] [unique_id "ah6k2TV0MqL2BdbQkR1e-gAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Roper123	2026-06-02 09:32:16 (3 weeks ago)	Web exploits	Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 09:19:19 (3 weeks ago)	(mod_security) mod_security (id:949110) triggered by 52.159.247.164 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:949110) triggered by 52.159.247.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 05:19:13.872624 2026] [security2:error] [pid 16233:tid 16233] [client 52.159.247.164:64386] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "192.64.150.239"] [uri "/.env.production"] [unique_id "ah6gEZm1o2Boq6vLcWhX9gAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MPL	2026-06-02 08:55:15 (3 weeks ago)	tcp port scan (8 or more attempts)	Port Scan
🇧🇷 SOC PR	2026-06-02 08:44:22 (3 weeks ago)	IPS: Sensitive Configuration File Disclosure.	Hacking
Anonymous	2026-06-02 08:42:59 (3 weeks ago)	[Tue Jun 02 10:42:55.520478 2026] [access_compat:error] [pid 1319423:tid 1319423] [client 52.159.247 ... show more [Tue Jun 02 10:42:55.520478 2026] [access_compat:error] [pid 1319423:tid 1319423] [client 52.159.247.164:64401] AH01797: client denied by server configuration: /var/www/html/.git [Tue Jun 02 10:42:58.946761 2026] [access_compat:error] [pid 1316073:tid 1316073] [client 52.159.247.164:64398] AH01797: client denied by server configuration: /var/www/html/.env.local ... show less	Bad Web Bot Web App Attack
Anonymous	2026-06-02 07:00:00 (3 weeks ago)	SSH Brute-Force	DDoS Attack Port Scan Hacking Brute-Force SSH
🇹🇷 Domainhizmetleri.com	2026-06-02 06:29:19 (3 weeks ago)	[honeypot] - MS-SQL-PROBE	Port Scan Hacking
🇹🇭 Sawasdee	2026-06-02 06:00:15 (3 weeks ago)	Port Scan ...	Port Scan

Showing 1 to 15 of 50 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 195.184.76.104

🇫🇷 194.163.155.248

🇫🇷 185.177.72.205

🇨🇳 183.56.198.150

🇩🇪 178.105.207.145

🇫🇷 141.101.97.88

🇷🇴 141.98.83.240

🇨🇳 122.97.214.153

🇰🇷 119.207.83.10

🇷🇴 92.118.39.62

🇳🇱 91.92.40.124

🇳🇱 89.21.67.159

🇮🇳 68.233.116.124

🇺🇸 34.26.132.217

🇺🇸 3.20.235.102

🇹🇳 197.5.145.150

🇻🇳 157.66.80.124

🇸🇬 97.74.86.176

🇺🇸 74.82.47.36

🇺🇸 20.15.201.64