JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.237.143.49

52.237.143.49 was found in our database!

This IP was reported 69 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.237.143.49

Whois 52.237.143.49

IP Abuse Reports for 52.237.143.49:

This IP address has been reported a total of 69 times from 45 distinct sources. 52.237.143.49 was first reported on November 25th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mschimpf	2026-06-05 12:12:00 (1 day ago)	WP scan	Web App Attack
Anonymous	2026-06-05 05:20:18 (1 day ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇬🇧 openstrike.co.uk	2026-06-05 05:14:00 (1 day ago)	8 attacks on PHP URLs: POST /wp/xmlrpc.php HTTP/1.1	Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 02:19:40 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 52.237.143.49 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 52.237.143.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 22:19:35.698073 2026] [security2:error] [pid 17302:tid 17318] [client 52.237.143.49:6227] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 52.237.143.49 (+1 hits since last alert)\|skillscredentials.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "skillscredentials.com"] [uri "/wp/xmlrpc.php"] [unique_id "aiIyN25ECWS0c8HB9OiCjgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 01:30:09 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 52.237.143.49 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 52.237.143.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 21:30:03.542022 2026] [security2:error] [pid 12293:tid 12293] [client 52.237.143.49:6167] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 52.237.143.49 (+1 hits since last alert)\|justkoolit.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "justkoolit.com"] [uri "/wp/xmlrpc.php"] [unique_id "aiImm3Bt7NLdziyHRWmlZgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 barbarella	2026-06-05 01:21:15 (1 day ago)	Hacking attempt (POST /wp/xmlrpc.php)	Hacking Web App Attack
🇦🇺 paulshipley.com.au	2026-06-05 01:16:38 (1 day ago)	levellapromotions.com.au:443 52.237.143.49 - - [05/Jun/2026:11:16:35 +1000] "POST /wp/xmlrpc.php HTT ... show more levellapromotions.com.au:443 52.237.143.49 - - [05/Jun/2026:11:16:35 +1000] "POST /wp/xmlrpc.php HTTP/1.1" 404 154629 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Web App Attack
🇺🇸 lnklnx	2026-06-05 01:13:01 (1 day ago)	www.lnklnx.com:443 52.237.143.49 - - [04/Jun/2026:20:12:59 -0500] "POST /wp/xmlrpc.php HTTP/1.1" 403 ... show more www.lnklnx.com:443 52.237.143.49 - - [04/Jun/2026:20:12:59 -0500] "POST /wp/xmlrpc.php HTTP/1.1" 403 4885 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Web App Attack
🇨🇦 zXero	2026-06-05 01:08:59 (1 day ago)	Fail2Ban automatic report - jail: no-wordpress	Brute-Force SSH DDoS Attack
🇬🇧 thetomtaylor.co.uk	2026-06-05 01:07:02 (1 day ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [ice01,wa01,wa02]	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 00:55:15 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 52.237.143.49 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 52.237.143.49 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 20:55:07.788281 2026] [security2:error] [pid 21558:tid 21558] [client 52.237.143.49:6358] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 52.237.143.49 (+1 hits since last alert)\|wandcompany.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "wandcompany.com"] [uri "/wp/xmlrpc.php"] [unique_id "aiIea9D8Ig4ro15I02YPzQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 SiliSoftware	2026-06-05 00:48:15 (1 day ago)	/wp/xmlrpc.php	Web App Attack
🇳🇱 MM-bot	2026-06-05 00:41:49 (1 day ago)	URL-probe: HTTP/1.1 POST request on /wp/xmlrpc.php (2026-06-05 02:41:49 UTC+2)	Web App Attack Hacking
Anonymous	2026-06-05 00:40:22 (1 day ago)	PAD: Scan_404 detected	Bad Web Bot
🇺🇸 kosada.com	2026-06-05 00:40:04 (1 day ago)	Web vulnerability probing: /wp/xmlrpc.php	Web App Attack

Showing 1 to 15 of 69 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 3.133.79.214

🇹🇷 213.142.156.145

🇭🇰 165.154.70.130

🇺🇸 159.89.132.71

🇮🇩 119.47.90.19

🇬🇧 45.82.76.106

🇺🇸 24.105.248.218

🇺🇸 3.132.26.232

🇹🇭 202.183.141.133

🇩🇪 167.94.146.79

🇮🇩 163.7.3.220

🇺🇸 136.109.242.196

🇧🇷 128.201.9.152

🇮🇳 103.248.120.6

🇫🇷 92.205.57.72

🇺🇸 66.132.224.25

🇺🇸 52.159.247.49

🇺🇸 3.131.220.121

🇺🇸 3.130.168.2

🇨🇳 221.0.8.251