JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.159.247.197

52.159.247.197 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 9%: ?

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.159.247.197

Whois 52.159.247.197

IP Abuse Reports for 52.159.247.197:

This IP address has been reported a total of 13 times from 7 distinct sources. 52.159.247.197 was first reported on September 2nd 2025, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 cmbplf	2026-05-21 16:44:27 (1 month ago)	110 requests with url.path /@fs/	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-21 09:50:09 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 52.159.247.197 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.159.247.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 05:50:02.837430 2026] [security2:error] [pid 26681:tid 26681] [client 52.159.247.197:36928] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fluffmoo.org"] [uri "/config/.env"] [unique_id "ag7VSg2jAKK8BWz6YWkvDwAAAAE"], referer: https://www.linkedin.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-10 01:42:32 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 52.159.247.197 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.159.247.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 09 21:42:27.282758 2026] [security2:error] [pid 3791020:tid 3791020] [client 52.159.247.197:13360] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ilil.net"] [uri "/@fs/.git/config"] [unique_id "adhVgxMPjzcNmGez_ZXPmgAAAAM"], referer: https://www.facebook.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-10 00:32:39 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 52.159.247.197 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.159.247.197 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 09 20:32:35.462052 2026] [security2:error] [pid 1289152:tid 1289152] [client 52.159.247.197:13505] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "carboncreekwood.com"] [uri "/@fs/app/.git/config"] [unique_id "adhFI8N87g1Mvs3GPjBScgAAAAU"], referer: https://docs.google.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Rayulcifer	2026-03-19 08:40:58 (3 months ago)	52.159.247.197 - - [19/Mar/2026:03:40:57 -0500] "CONNECT speed.hetzner.de:443 HTTP/1.1" 502 488 "-" ... show more 52.159.247.197 - - [19/Mar/2026:03:40:57 -0500] "CONNECT speed.hetzner.de:443 HTTP/1.1" 502 488 "-" "-" 52.159.247.197 - - [19/Mar/2026:03:40:58 -0500] "CONNECT speed.cloudflare.com:443 HTTP/1.1" 502 488 "-" "-" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇺🇸 pduggusa	2025-12-27 01:36:01 (5 months ago)	Detected attacking dugganusa.com at 2025-12-27T01:36:01.743Z \| Attack: Web Service \| Source: DugganU ... show more Detected attacking dugganusa.com at 2025-12-27T01:36:01.743Z \| Attack: Web Service \| Source: DugganUSA PreCog auto-block show less	Hacking
🇺🇸 pduggusa	2025-12-27 00:35:55 (5 months ago)	Detected attacking dugganusa.com at 2025-12-27T00:35:55.851Z \| Attack: Web Service \| Source: DugganU ... show more Detected attacking dugganusa.com at 2025-12-27T00:35:55.851Z \| Attack: Web Service \| Source: DugganUSA PreCog auto-block show less	Hacking
🇫🇷 oonux.net	2025-12-23 22:37:41 (5 months ago)	RouterOS: Scanning detected TCP 52.159.247.197:31792 > x.x.x.x:21	Port Scan
🇺🇸 MPL	2025-12-23 22:34:08 (5 months ago)	tcp/21 (2 or more attempts)	Port Scan
🇺🇸 MPL	2025-12-23 22:34:08 (5 months ago)	tcp/21	Port Scan
🇺🇸 Rayulcifer	2025-11-18 07:54:45 (7 months ago)	52.159.247.197 - - [18/Nov/2025:02:54:44 -0500] "CONNECT load.vmheaven.io:443 HTTP/1.1" 502 587 "-" ... show more 52.159.247.197 - - [18/Nov/2025:02:54:44 -0500] "CONNECT load.vmheaven.io:443 HTTP/1.1" 502 587 "-" "-" 52.159.247.197 - - [18/Nov/2025:02:54:44 -0500] "\x16\x03\x01" 400 491 "-" "-" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇺🇸 Rayulcifer	2025-09-10 06:21:30 (9 months ago)	52.159.247.197 - - [10/Sep/2025:01:21:29 -0500] "CONNECT speed.hetzner.de:443 HTTP/1.1" 502 587 "-" ... show more 52.159.247.197 - - [10/Sep/2025:01:21:29 -0500] "CONNECT speed.hetzner.de:443 HTTP/1.1" 502 587 "-" "-" 52.159.247.197 - - [10/Sep/2025:01:21:29 -0500] "CONNECT speed.cloudflare.com:443 HTTP/1.1" 502 591 "-" "-" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇫🇷 ᴀʀᴛ	2025-09-02 13:43:52 (9 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. ASN: 8075 (MICROSOFT-CORP-MSN-AS-BLOCK) Protocol: ... show more Triggered Cloudflare WAF (firewallCustom) from US. ASN: 8075 (MICROSOFT-CORP-MSN-AS-BLOCK) Protocol: HTTP/1.1 (POST method) UA: axios/1.11.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 46.151.178.13

🇳🇱 176.65.139.216

🇳🇱 176.65.131.189

🇺🇸 172.236.111.98

🇩🇪 167.71.60.5

🇯🇵 152.32.201.217

🇧🇷 138.122.221.45

🇺🇸 135.237.126.141

🇨🇳 117.72.10.130

🇪🇪 85.29.246.199

🇺🇸 40.77.167.26

🇺🇸 18.206.245.112

🇷🇴 193.32.162.82

🇧🇪 146.148.121.254

🇸🇬 103.13.206.100

🇹🇷 78.186.142.220

🇺🇸 209.46.125.221

🇺🇸 195.184.76.39

🇯🇵 142.248.136.114

🇹🇭 118.27.146.111