JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.188.87.49

52.188.87.49 was found in our database!

This IP was reported 32 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Washington, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.188.87.49

Whois 52.188.87.49

IP Abuse Reports for 52.188.87.49:

This IP address has been reported a total of 32 times from 25 distinct sources. 52.188.87.49 was first reported on June 2nd 2026, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇯🇵 jup10393	2026-06-15 00:34:00 (8 hours ago)	52.188.87.49 [52.188.87.49] - - [15/Jun/2026:06:13:04 +0900] "GET /.git/HEAD HTTP/1.1" 406 289 "-" " ... show more 52.188.87.49 [52.188.87.49] - - [15/Jun/2026:06:13:04 +0900] "GET /.git/HEAD HTTP/1.1" 406 289 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36" show less	Web App Attack
🇰🇷 enp0s1	2026-06-14 22:13:35 (11 hours ago)	Auto-reported by Fail2Ban (UFW Block, Port Scan)	Port Scan
🇺🇸 Floofie	2026-06-14 20:42:30 (12 hours ago)	52.188.87.49 - - [14/Jun/2026:16:42:24 -0400] "GET /.git/HEAD HTTP/1.1" 444 0 "-" "Mozilla/5.0 (comp ... show more 52.188.87.49 - - [14/Jun/2026:16:42:24 -0400] "GET /.git/HEAD HTTP/1.1" 444 0 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 52.188.87.49 - - [14/Jun/2026:16:42:28 -0400] "GET /.env.production HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 52.188.87.49 - - [14/Jun/2026:16:42:29 -0400] "GET /.env.backup HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Vegascosmetics	2026-06-14 20:29:19 (13 hours ago)	(Kingcopy.org-AI-IDS-Report):IP automatically blocked after attack pattern. Vegas Security	Hacking Brute-Force
🇫🇷 Version Net	2026-06-14 19:24:03 (14 hours ago)	IPS Detection: HTPasswd.Access	Hacking
Anonymous	2026-06-14 19:21:35 (14 hours ago)	52.188.87.49 - - [14/Jun/2026:21:21:33 +0200] "GET /.git/HEAD HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Wind ... show more 52.188.87.49 - - [14/Jun/2026:21:21:33 +0200] "GET /.git/HEAD HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 52.188.87.49 - - [14/Jun/2026:21:21:35 +0200] "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15" ... show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 18:17:53 (15 hours ago)	(mod_security) mod_security (id:210492) triggered by 52.188.87.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 52.188.87.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 14:17:46.526680 2026] [security2:error] [pid 12546:tid 12546] [client 52.188.87.49:9961] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.27"] [uri "/.git/HEAD"] [unique_id "ai7wSjv2U6RiEhhSpWtCfAAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 ISPLtd	2026-06-14 17:55:30 (15 hours ago)	Jun 14 14:55:29 52.188.87.49 TCP SPT=8251 DPT=2087 SYN Jun 14 14:55:29 52.188.87.49 TCP SPT=9433 DPT ... show more Jun 14 14:55:29 52.188.87.49 TCP SPT=8251 DPT=2087 SYN Jun 14 14:55:29 52.188.87.49 TCP SPT=9433 DPT=8080 SYN Jun 14 14:55:29 52.188.87.49 TCP SPT=8323 DPT=2082 ... show less	Port Scan
🇸🇪 KIDOS	2026-06-14 17:37:22 (15 hours ago)	CrowdSec detected malicious activity	DDoS Attack
🇺🇸 Axel	2026-06-14 17:28:00 (16 hours ago)	Blocked by UFW on MVI [8443/tcp] \| SPT: 10177 \| TTL: 48 \| LEN: 60 \| TOS: 0x00 • Reported by: github. ... show more Blocked by UFW on MVI [8443/tcp] \| SPT: 10177 \| TTL: 48 \| LEN: 60 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇧🇪 boxed-it	2026-06-12 01:43:36 (3 days ago)	GET /.git/HEAD (Tarpitted for 1d15h8m28s, wasted 8.06MB)	Web App Attack
🇦🇹 urnilxfgbez	2026-06-10 22:45:00 (4 days ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇨🇭 SOC [GOLINE SA]	2026-06-10 11:52:04 (4 days ago)	IDS Alert: 🐾 - 🚨 TLS1.0 💔 connection observerd === ATTACK === Signature: 🐾 - 🚨 TLS1.0 💔 connection o ... show more IDS Alert: 🐾 - 🚨 TLS1.0 💔 connection observerd === ATTACK === Signature: 🐾 - 🚨 TLS1.0 💔 connection observerd \| SID: 3300246 \| Severity: 3 \| Category: Potential Corporate Privacy Violation === SOURCE === IP: 52.188.87.49 (IPv4) \| Port: 38639 \| Country: United States \| ISP: MSFT \| rDNS: None === TARGET === Host: lg.goline.ch \| IP: 185.54.81.23 \| Port: 443 \| Protocol: TCP \| App: tls === RESPONSE === Time: 2026-06-10 13:52:04 \| Action: Blocked show less	Port Scan Hacking Bad Web Bot
🇺🇸 RAP	2026-06-10 11:43:52 (4 days ago)	2026-06-10 11:43:52 UTC Unauthorized activity to TCP port 8443. Web App	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 10:23:46 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 52.188.87.49 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 52.188.87.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 06:23:42.643325 2026] [security2:error] [pid 19248:tid 19336] [client 52.188.87.49:38330] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.44"] [uri "/.git/HEAD"] [unique_id "aik7LtTpk5nu1nVUaUa8YQAAAdA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 32 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 103.13.206.100

🇮🇳 98.70.127.17

🇳🇱 78.142.18.172

🇨🇳 58.20.236.52

🇧🇷 177.39.120.200

🇵🇭 112.198.238.18

🇺🇸 107.175.58.157

🇿🇦 105.186.188.144

🇳🇬 105.119.32.161

🇨🇦 67.71.55.209

🇩🇪 43.165.7.135

🇺🇸 2604:a880:400:d1:0:4:9631:3001

🇮🇳 115.187.51.120

🇮🇳 103.211.13.191

🇬🇧 86.140.247.8

🇭🇰 43.161.234.148

🇨🇳 14.18.139.20

🇩🇪 213.209.159.241

🇿🇦 197.87.185.44

🇧🇷 143.95.213.196