JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.161.201.81

52.161.201.81 was found in our database!

This IP was reported 35 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Cheyenne, Wyoming

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.161.201.81

Whois 52.161.201.81

IP Abuse Reports for 52.161.201.81:

This IP address has been reported a total of 35 times from 30 distinct sources. 52.161.201.81 was first reported on June 9th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇲🇽 octageeks.com	2026-06-12 04:17:24 (3 days ago)	Wordpress malicious attack:[octablocked]	Web App Attack
Anonymous	2026-06-12 02:08:13 (4 days ago)	Portscan: TCP/80 (6x), TCP/443 (2x)	Port Scan
🇳🇱 homeshowdomain.nl	2026-06-11 21:59:47 (4 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-10. show less	Web App Attack SSH Hacking
🇩🇪 ger-stg-sifi1	2026-06-11 13:57:27 (4 days ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
Anonymous	2026-06-11 13:53:59 (4 days ago)	(wordpress) Failed wordpress login from 52.161.201.81 (US/United States/-)	Brute-Force
Anonymous	2026-06-11 13:52:23 (4 days ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-11 13:03:42 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 52.161.201.81 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 52.161.201.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 09:03:37.951005 2026] [security2:error] [pid 3504:tid 3504] [client 52.161.201.81:49449] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.ruthbalser.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.ruthbalser.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "aiqyKbKtSIiJAjM_M36umAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 12:38:40 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 52.161.201.81 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 52.161.201.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 08:38:33.821793 2026] [security2:error] [pid 7117:tid 7117] [client 52.161.201.81:51144] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.flatchestedmama.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.flatchestedmama.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aiqsSeeTNqW0m051kkdn1wAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 12:14:15 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 52.161.201.81 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 52.161.201.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 08:14:10.176452 2026] [security2:error] [pid 9053:tid 9053] [client 52.161.201.81:49297] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.prostar.industries\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.prostar.industries"] [uri "/wp-json/wp/v2/users/"] [unique_id "aiqmkjDCj4lxg4Y3KM6hJgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 taivas.nl	2026-06-11 12:02:13 (4 days ago)	Wordpress_xmlrpc_attack	Bad Web Bot
🇩🇪 big-cloud.nl	2026-06-11 11:57:24 (4 days ago)	Try to access /xmlrpc.php	Web App Attack
🇺🇸 integrantservices.com	2026-06-11 11:49:59 (4 days ago)	(wordpress) Failed wordpress login from 52.161.201.81 (US/United States/-)	Brute-Force
🇩🇪 Vegascosmetics	2026-06-11 11:45:20 (4 days ago)	(Kingcopy.org-AI-IDS-Report):IP automatically blocked after suspicious activity. Vegas Security	DDoS Attack Hacking Exploited Host
🇩🇪 LRob.fr	2026-06-11 11:45:03 (4 days ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 11:44:04 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 52.161.201.81 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 52.161.201.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 07:43:56.879057 2026] [security2:error] [pid 10054:tid 10062] [client 52.161.201.81:49324] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|executiveaccounting.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "executiveaccounting.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "aiqffLfAiMnFZ9qfWoaWTQAAAIQ"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 35 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 118.33.113.91

🇨🇳 113.93.109.152

🇺🇸 100.49.117.77

🇬🇧 87.236.176.107

🇺🇸 66.132.186.171

🇺🇸 63.141.245.60

🇬🇧 35.203.211.233

🇹🇼 211.21.61.225

🇵🇰 182.190.218.6

🇺🇸 173.255.242.196

🇺🇸 147.182.218.133

🇹🇭 147.50.227.79

🇻🇳 113.170.224.249

🇨🇳 112.113.130.102

🇱🇻 104.165.205.15

🇮🇳 103.248.120.6

🇮🇩 103.180.118.90

🇺🇸 91.230.168.189

🇲🇾 47.250.141.6

🇰🇪 41.89.96.242