JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.221.250.131

52.221.250.131 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 0%: ?

ISP	Amazon Data Services Singapore
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16509
Hostname(s)	ec2-52-221-250-131.ap-southeast-1.compute.amazonaws.com
Domain Name	amazon.com
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.221.250.131

Whois 52.221.250.131

IP Abuse Reports for 52.221.250.131:

This IP address has been reported a total of 19 times from 7 distinct sources. 52.221.250.131 was first reported on August 5th 2024, and the most recent report was 1 year ago.

Old Reports: The most recent abuse report for this IP address is from 1 year ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2024-08-09 11:31:54 (1 year ago)	mit-polly.de 52.221.250.131 [09/Aug/2024:13:31:50 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4273 "-" "M ... show more mit-polly.de 52.221.250.131 [09/Aug/2024:13:31:50 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4273 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" mit-polly.de 52.221.250.131 [09/Aug/2024:13:31:53 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4273 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" show less	Web App Attack
🇺🇸 TPI-Abuse	2024-08-09 09:46:27 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 52.221.250.131 (ec2-52-221-250-131.ap-southeast ... show more (mod_security) mod_security (id:240335) triggered by 52.221.250.131 (ec2-52-221-250-131.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 09 05:46:22.912711 2024] [security2:error] [pid 23330:tid 23330] [client 52.221.250.131:58154] [client 52.221.250.131] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 52.221.250.131 (+1 hits since last alert)\|www.hotpay.co\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.hotpay.co"] [uri "/xmlrpc.php"] [unique_id "ZrXlbsOyq4R4dVM_RtNY-AAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-08-09 09:01:14 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇲🇹 Malta	2024-08-09 05:02:19 (1 year ago)	52.221.250.131 - - [09/Aug/2024:07:02:19 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; ... show more 52.221.250.131 - - [09/Aug/2024:07:02:19 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" Brute-force password attempt show less	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-08-08 11:51:15 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 52.221.250.131 (ec2-52-221-250-131.ap-southeast ... show more (mod_security) mod_security (id:240335) triggered by 52.221.250.131 (ec2-52-221-250-131.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 07:51:09.849614 2024] [security2:error] [pid 969586:tid 969586] [client 52.221.250.131:50338] [client 52.221.250.131] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 52.221.250.131 (+1 hits since last alert)\|meganmurph.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "meganmurph.com"] [uri "/xmlrpc.php"] [unique_id "ZrSxLVFC22yIfVUWW284zAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-08-08 11:26:27 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 52.221.250.131 (ec2-52-221-250-131.ap-southeast ... show more (mod_security) mod_security (id:240335) triggered by 52.221.250.131 (ec2-52-221-250-131.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 08 07:26:22.486724 2024] [security2:error] [pid 30056:tid 30056] [client 52.221.250.131:43246] [client 52.221.250.131] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 141.98.102.227 (1+1 hits since last alert)\|www.puckerbackbikini.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.puckerbackbikini.com"] [uri "/xmlrpc.php"] [unique_id "ZrSrXm8bQ-7PPMmcqhA_LQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Packets-Decreaser.NET	2024-08-08 10:21:50 (1 year ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
Anonymous	2024-08-08 05:32:18 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇵🇱 sefinek.net	2024-08-08 00:00:00 (1 year ago)	DDoS attack. User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like G ... show more DDoS attack. User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 show less	DDoS Attack
🇩🇪 FeG Deutschland	2024-08-07 21:27:01 (1 year ago)	Looking for CMS/PHP/SQL vulnerablilities - 13	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2024-08-06 01:41:41 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 52.221.250.131 (ec2-52-221-250-131.ap-southeast ... show more (mod_security) mod_security (id:240335) triggered by 52.221.250.131 (ec2-52-221-250-131.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 05 21:41:35.769391 2024] [security2:error] [pid 24871:tid 24871] [client 52.221.250.131:35212] [client 52.221.250.131] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 213.152.161.211 (0+1 hits since last alert)\|www.peterjohnsonauthor.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.peterjohnsonauthor.com"] [uri "/xmlrpc.php"] [unique_id "ZrF_TyqmN3WsqTSKc0nkrgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-08-05 18:51:32 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 52.221.250.131 (ec2-52-221-250-131.ap-southeast ... show more (mod_security) mod_security (id:240335) triggered by 52.221.250.131 (ec2-52-221-250-131.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 05 14:51:28.064358 2024] [security2:error] [pid 16465:tid 16465] [client 52.221.250.131:41062] [client 52.221.250.131] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 79.142.76.244 (0+1 hits since last alert)\|www.jaspergoss.info\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.jaspergoss.info"] [uri "/xmlrpc.php"] [unique_id "ZrEfMENVlpT_HTHbw1B27QAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-08-05 10:43:09 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 52.221.250.131 (ec2-52-221-250-131.ap-southeast ... show more (mod_security) mod_security (id:240335) triggered by 52.221.250.131 (ec2-52-221-250-131.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 05 06:43:02.150704 2024] [security2:error] [pid 1024:tid 1024] [client 52.221.250.131:39746] [client 52.221.250.131] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 52.221.250.131 (+1 hits since last alert)\|www.tcit.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.tcit.org"] [uri "/xmlrpc.php"] [unique_id "ZrCstixPI_byR_f09ld_HQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇲🇹 Malta	2024-08-05 09:55:24 (1 year ago)	52.221.250.131 - - [05/Aug/2024:11:55:23 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; ... show more 52.221.250.131 - - [05/Aug/2024:11:55:23 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" Brute-force password attempt show less	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-08-05 08:53:03 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 52.221.250.131 (ec2-52-221-250-131.ap-southeast ... show more (mod_security) mod_security (id:240335) triggered by 52.221.250.131 (ec2-52-221-250-131.ap-southeast-1.compute.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 05 04:52:59.737000 2024] [security2:error] [pid 9444:tid 9444] [client 52.221.250.131:53910] [client 52.221.250.131] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 52.221.250.131 (+1 hits since last alert)\|cloudex.link\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cloudex.link"] [uri "/xmlrpc.php"] [unique_id "ZrCS65NFJsaxOxZ2HLU5pAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 198.235.24.82

🇲🇴 182.93.7.194

🇩🇪 167.94.146.61

🇺🇸 85.239.249.222

🇧🇬 79.124.40.178

🇺🇸 72.17.34.38

🇺🇸 66.132.186.189

🇸🇬 43.160.254.36

🇺🇸 35.237.225.76

🇹🇼 198.235.24.113

🇰🇪 197.254.56.50

🇺🇸 163.61.236.118

🇰🇷 118.39.230.40

🇨🇳 110.249.201.166

🇨🇳 106.13.64.124

🇰🇼 78.89.154.59

🇯🇵 58.98.197.137

🇳🇱 45.142.193.8

🇸🇬 43.172.195.129

🇺🇸 35.231.122.62