JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.161.50.37

52.161.50.37 was found in our database!

This IP was reported 45 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Cheyenne, Wyoming

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.161.50.37

Whois 52.161.50.37

IP Abuse Reports for 52.161.50.37:

This IP address has been reported a total of 45 times from 38 distinct sources. 52.161.50.37 was first reported on September 14th 2025, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 gu-alvareza	2026-06-27 07:05:33 (9 hours ago)	Spring.Boot.Actuator.Unauthorized.Access	Brute-Force
🇺🇸 MPL	2026-06-26 22:55:19 (17 hours ago)	tcp port scan (8 or more attempts)	Port Scan
🇺🇸 RAP	2026-06-26 21:36:56 (19 hours ago)	2026-06-26 21:36:56 UTC Unauthorized activity to TCP port 8080. Web App	Port Scan Web App Attack
🇨🇦 Mediashaker	2026-06-26 21:28:58 (19 hours ago)	(apache-scanners) Failed apache-scanners trigger with match [redacted] from 52.161.50.37 (US/United ... show more (apache-scanners) Failed apache-scanners trigger with match [redacted] from 52.161.50.37 (US/United States/-) show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-26 21:19:00 (19 hours ago)	(mod_security) mod_security (id:210492) triggered by 52.161.50.37 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 52.161.50.37 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 17:18:53.800808 2026] [security2:error] [pid 7874:tid 7874] [client 52.161.50.37:43913] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.16"] [uri "/.git/config"] [unique_id "aj7svcV2IUwWcwJtgU5GVQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 JustMeHere	2026-06-26 20:31:51 (20 hours ago)	[Fri Jun 26 16:31:47.031219 2026] [security2:error] [pid 311440:tid 311488] [client 52.161.50.37:437 ... show more [Fri Jun 26 16:31:47.031219 2026] [security2:error] [pid 311440:tid 311488] [client 52.161.50.37:43784] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/etc/httpd/modsecurity.d/activated_rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [ver "OWASP_CRS/4.15.0"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "73.88.79.72"] [uri "/.git/HEAD"] [unique_id "aj7hs4XPaNZOWW5SPbLCGQAAAVQ"] ... show less	Web App Attack
🇩🇪 XICTRON	2026-06-26 19:15:04 (21 hours ago)	ModSecurity rule violation detected by Fail2Ban	Web App Attack
🇩🇪 dbmwebdesign	2026-06-16 09:15:29 (1 week ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇹🇭 Sawasdee	2026-06-16 09:03:11 (1 week ago)	Unwanted checking 80 or 443 port ...	Bad Web Bot
🇺🇸 Mark--	2026-06-07 18:04:02 (2 weeks ago)	Unauthorized connection attempt detected port 8080	Hacking
🇨🇦 Not Fake	2026-06-07 13:49:10 (2 weeks ago)	$f2bV_matches	Web App Attack
Anonymous	2026-06-07 11:50:04 (2 weeks ago)	\| Suspicious URL access.	Web App Attack Hacking SQL Injection
🇺🇸 wteiken	2026-06-07 11:41:52 (2 weeks ago)	2026-06-07T07:41:46.244430-04:00 nostromo.teiken.net kernel: [30807.547388] syn_limit:IN=en-wan OUT= ... show more 2026-06-07T07:41:46.244430-04:00 nostromo.teiken.net kernel: [30807.547388] syn_limit:IN=en-wan OUT= MAC=00:50:43:37:c2:00:88:a2:5e:1c:98:0c:08:00 SRC=52.161.50.37 DST=173.52.106.128 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=11356 DF PROTO=TCP SPT=37580 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-07T07:41:47.084408-04:00 nostromo.teiken.net kernel: [30808.386175] syn_limit:IN=en-wan OUT= MAC=00:50:43:37:c2:00:88:a2:5e:1c:98:0c:08:00 SRC=52.161.50.37 DST=173.52.106.128 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=64467 DF PROTO=TCP SPT=36777 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-07T07:41:47.974408-04:00 nostromo.teiken.net kernel: [30809.282592] syn_limit:IN=en-wan OUT= MAC=00:50:43:37:c2:00:88:a2:5e:1c:98:0c:08:00 SRC=52.161.50.37 DST=173.52.106.128 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=60969 DF PROTO=TCP SPT=37730 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-07T07:41:48.874408-04:00 nostromo.teiken.net kernel: [30810.180031] syn_limit:IN=en-wan OUT= MAC=00:50:43:37:c2:00:88:a2:5e:1 ... show less	Port Scan
🇫🇷 dynamix	2026-06-07 11:02:53 (2 weeks ago)	Multiple WAF Violations	Web App Attack
Anonymous	2026-06-07 09:59:02 (2 weeks ago)	Bot / scanning and/or hacking attempts: POST /___proxy_subdomain_whm/login/?login_only=1 HTTP/1.1, G ... show more Bot / scanning and/or hacking attempts: POST /___proxy_subdomain_whm/login/?login_only=1 HTTP/1.1, GET /___proxy_subdomain_whm/login/ HTTP/1.1, GET /dump.sql HTTP/1.1, GET /config/database.yml HTTP/1.1, GET /backup.sql HTTP/1.1, GET /app/config/parameters.yml HTTP/1.1, GET /server-status HTTP/1.1 show less	Hacking Web App Attack

Showing 1 to 15 of 45 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇺 80.98.155.175

🇺🇸 3.231.193.38

🇩🇪 209.50.189.84

🇰🇷 112.216.129.27

🇳🇱 81.19.216.76

🇳🇱 45.148.10.157

🇯🇵 20.78.168.236

🇬🇧 185.152.248.240

🇨🇳 180.76.147.226

🇧🇷 179.209.108.10

🇺🇸 162.216.149.89

🇺🇸 157.245.123.148

🇪🇬 156.206.101.176

🇲🇾 149.118.135.252

🇯🇵 133.18.107.115

🇪🇸 68.221.203.47

🇸🇬 47.236.245.255

🇧🇬 5.188.206.66

🇩🇪 213.209.159.241

🇷🇺 176.211.42.202