JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.159.247.227

52.159.247.227 was found in our database!

This IP was reported 66 times. Confidence of Abuse is 69%: ?

69%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.159.247.227

Whois 52.159.247.227

IP Abuse Reports for 52.159.247.227:

This IP address has been reported a total of 66 times from 54 distinct sources. 52.159.247.227 was first reported on July 16th 2025, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-03 11:05:31 (2 weeks ago)	Portscan: TCP/8443, TCP/2087, TCP/80, TCP/2082 (2x), TCP/2086 (2x), TCP/8080 (2x), TCP/2083 (2x), TC ... show more Portscan: TCP/8443, TCP/2087, TCP/80, TCP/2082 (2x), TCP/2086 (2x), TCP/8080 (2x), TCP/2083 (2x), TCP/443 show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-03 06:39:40 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 52.159.247.227 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.159.247.227 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 02:39:33.680228 2026] [security2:error] [pid 16508:tid 16508] [client 52.159.247.227:61184] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.61"] [uri "/.git/config"] [unique_id "ah_MJfDGv51FlbxRw7UlgwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇹🇷 SeczarSecureOps	2026-06-03 06:00:26 (2 weeks ago)	Seczar SecureOps — Port Scan Detection (8 events) — quarantined 43200m on fgdcapi	Port Scan
🇦🇺 FireGuard Server	2026-06-03 05:20:04 (2 weeks ago)	Blocked by OPNsense firewall; 4 hits, proto=tcp, ports=2087,8080	Port Scan Hacking
🇺🇸 sumnone	2026-06-03 04:47:35 (2 weeks ago)	Port probing on unauthorized port 2087	Port Scan Hacking Exploited Host
🇷🇴 gtheo99	2026-06-03 04:25:10 (2 weeks ago)	52.159.247.227 (US/United States/-), 3 distributed cpanel attacks on account [root] in the last 900 ... show more 52.159.247.227 (US/United States/-), 3 distributed cpanel attacks on account [root] in the last 900 secs show less	SSH Brute-Force Hacking
Anonymous	2026-06-03 04:13:38 (2 weeks ago)	RdpGuard detected brute-force attempt on HTTP	Brute-Force
🇬🇧 PeravixGroup	2026-06-03 04:07:53 (2 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇩🇪 Da_tschek	2026-06-02 18:51:29 (2 weeks ago)	Port scanning	Port Scan Hacking
🇬🇧 PeravixGroup	2026-06-02 07:11:15 (2 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇩🇪 iNetWorker	2026-06-02 06:20:32 (2 weeks ago)	firewall-block, port(s): 80/tcp, 443/tcp, 2082/tcp, 2083/tcp, 2086/tcp, 2087/tcp, 8080/tcp, 8443/tcp	Port Scan
🇺🇸 xmission.com	2026-06-02 03:49:21 (2 weeks ago)	Blocked by UFW (TCP on 2087) Source port: 64518 TTL: 51 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 2087) Source port: 64518 TTL: 51 Packet length: 60 TOS: 0x00 This report (for 52.159.247.227) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇩🇪 Nightreaver	2026-06-02 03:45:50 (2 weeks ago)	52.159.247.227 - - [02/Jun/2026:05:45:30 0200] "GET /.env.production HTTP/1.1" 404 457 "-" "Mozilla ... show more 52.159.247.227 - - [02/Jun/2026:05:45:30 0200] "GET /.env.production HTTP/1.1" 404 457 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; http://www.google.com/bot.html)" 52.159.247.227 - - [02/Jun/2026:05:45:34 0200] "GET /.env.save HTTP/1.1" 404 457 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 52.159.247.227 - - [02/Jun/2026:05:45:38 0200] "GET /.aws/credentials HTTP/1.1" 404 457 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 52.159.247.227 - - [02/Jun/2026:05:45:48 0200] "GET /app/config/parameters.yml HTTP/1.1" 404 457 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; http://www.google.com/bot.html)" 52.159.247.227 - - [02/Jun/2026:05:45:50 0200] "GET /.htpasswd HTTP/1.1" 403 460 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; http://www.google.com/bot.html)"[...] show less	Bad Web Bot Web App Attack
🇯🇵 VXG-NET	2026-06-02 03:16:01 (2 weeks ago)	port=80, indicator_type=info-leak	Hacking
🇫🇷 dynamix	2026-06-02 03:02:41 (2 weeks ago)	Multiple WAF Violations	Web App Attack

Showing 1 to 15 of 66 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2607:f8b0:4001:c17::120

🇨🇳 218.58.15.37

🇺🇸 192.111.131.4

🇮🇹 188.219.104.210

🇳🇱 185.223.235.44

🇮🇳 172.253.226.57

🇺🇸 172.234.221.84

🇺🇸 172.93.106.153

🇪🇸 141.109.168.252

🇱🇹 81.30.98.144

🇺🇸 71.6.199.65

🇦🇹 68.210.120.110

🇧🇪 34.38.100.23

🇹🇼 198.235.24.100

🇷🇺 188.17.148.221

🇺🇾 167.60.164.11

🇺🇸 134.122.28.88

🇵🇰 103.249.114.52

🇫🇷 94.183.188.94

🇧🇷 45.205.1.73