JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.242.243.96

52.242.243.96 was found in our database!

This IP was reported 43 times. Confidence of Abuse is 100%: ?

100%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.242.243.96

Whois 52.242.243.96

IP Abuse Reports for 52.242.243.96:

This IP address has been reported a total of 43 times from 33 distinct sources. 52.242.243.96 was first reported on October 13th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-05 22:03:44 (1 week ago)	Auto-ban: 201 malicious requests on 2026-06-04 (e.g., env/backup probes, brute-force, or error burst ... show more Auto-ban: 201 malicious requests on 2026-06-04 (e.g., env/backup probes, brute-force, or error bursts). show less	Web App Attack SSH Hacking
🇬🇧 openstrike.co.uk	2026-06-05 05:13:47 (1 week ago)	10 attacks on PHP URLs: GET /wp/xmlrpc.php HTTP/1.1	Web App Attack
🇬🇧 AvonleaConsulting	2026-06-04 22:48:58 (1 week ago)	Attempts to probe web pages for vulnerable PHP or other applications	Web App Attack
🇨🇦 polycoda	2026-06-04 21:26:40 (1 week ago)	🔑 Probes for xmlrpc.php everywhere	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 20:10:58 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 52.242.243.96 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 52.242.243.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 16:10:53.393770 2026] [security2:error] [pid 29684:tid 29684] [client 52.242.243.96:15757] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 52.242.243.96 (+1 hits since last alert)\|yosalvationyo.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "yosalvationyo.org"] [uri "/wp/xmlrpc.php"] [unique_id "aiHbzWRZKLBRla25_OVP1QAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 jcbriar	2026-06-04 20:03:51 (1 week ago)	Searching for vulnerable scripts	Hacking Web App Attack
🇯🇵 beon	2026-06-04 19:45:02 (1 week ago)	[DateTime=>2026-06-04T19:45:02Z (UTC)] , [HoneyPot_Hit=>once] , [HoneyPot=>/wp/xmlrpc.php] , [total_ ... show more [DateTime=>2026-06-04T19:45:02Z (UTC)] , [HoneyPot_Hit=>once] , [HoneyPot=>/wp/xmlrpc.php] , [total_Hit=>once] , [Keyword=>WordPress] show less	Bad Web Bot Web App Attack
🇫🇮 6kilowatti	2026-06-04 19:42:33 (1 week ago)	52.242.243.96 - [04/Jun/2026:22:42:32 +0300] "POST /wp/xmlrpc.php HTTP/1.1" 404 6144 "-" "Mozilla/5. ... show more 52.242.243.96 - [04/Jun/2026:22:42:32 +0300] "POST /wp/xmlrpc.php HTTP/1.1" 404 6144 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 19:38:00 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 52.242.243.96 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 52.242.243.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 15:37:56.101309 2026] [security2:error] [pid 24221:tid 24221] [client 52.242.243.96:15780] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 52.242.243.96 (+1 hits since last alert)\|title36.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "title36.com"] [uri "/wp/xmlrpc.php"] [unique_id "aiHUFJ9j6B-deBncP_O65wAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 SCHAPPY	2026-06-04 19:35:55 (1 week ago)	Multiple attempts to attack Wordpress XMLRPC detected: access blocked.	Web App Attack
🇦🇺 paulshipley.com.au	2026-06-04 19:32:06 (1 week ago)	paulshipley.info:443 52.242.243.96 - - [05/Jun/2026:05:32:04 +1000] "POST /wp/xmlrpc.php HTTP/1.1" 4 ... show more paulshipley.info:443 52.242.243.96 - - [05/Jun/2026:05:32:04 +1000] "POST /wp/xmlrpc.php HTTP/1.1" 404 24479 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Web App Attack
Anonymous	2026-06-04 19:26:43 (1 week ago)	(caddyscan) Scanner path probe from 52.242.243.96 (US/United States/-): 5 in the last 3600 secs; Por ... show more (caddyscan) Scanner path probe from 52.242.243.96 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 52.242.243.96 - - [04/Jun/2026:18:44:54 +0000] "POST /wp/xmlrpc.php HTTP/1.1" [REDACTED] 200 2627 52.242.243.96 - - [04/Jun/2026:18:47:30 +0000] "POST /wp/xmlrpc.php HTTP/1.1" [REDACTED] 404 221 52.242.243.96 - - [04/Jun/2026:18:53:21 +0000] "POST /wp/xmlrpc.php HTTP/1.1" [REDACTED] 404 224 52.242.243.96 - - [04/Jun/2026:19:17:17 +0000] "POST /wp/xmlrpc.php HTTP/1.1" [REDACTED] 200 2627 52.242.243.96 - - [04/Jun/2026:19:26:40 +0000] "POST /wp/xmlrpc.php HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-04 19:21:46 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 52.242.243.96 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 52.242.243.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 15:21:40.731957 2026] [security2:error] [pid 12369:tid 12369] [client 52.242.243.96:15744] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 52.242.243.96 (+1 hits since last alert)\|artglass-jerusalem.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "artglass-jerusalem.net"] [uri "/wp/xmlrpc.php"] [unique_id "aiHQRNRR6ml6KkaQKO6IyQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇪 Jim Keir	2026-06-04 19:16:06 (1 week ago)	2026-06-04 19:16:06 52.242.243.96 File scanning, blocking 52.242.243.96 for 5 minutes	Web App Attack
🇩🇪 4server	2026-06-04 19:03:10 (1 week ago)	[ThuJun0421:03:03.5444672026][security2:error][pid3791029:tid3791119][client52.242.243.96:0]ModSecur ... show more [ThuJun0421:03:03.5444672026][security2:error][pid3791029:tid3791119][client52.242.243.96:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"fit-easy.com\"][uri\"/wp/xmlrpc.php\"][unique_id\"aiHL58u-Vp8s3zxMlbBevwAAAEY\"] show less	Port Scan Brute-Force Web App Attack

Showing 1 to 15 of 43 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 160.30.160.192

🇧🇩 103.239.252.66

🇺🇸 66.132.172.62

🇬🇧 35.203.211.224

🇸🇬 8.219.165.219

🇩🇪 213.209.159.56

🇰🇷 211.223.107.86

🇮🇩 103.98.176.164

🇳🇱 89.21.67.171

🇰🇷 1.235.192.214

🇩🇪 185.242.3.230

🇩🇪 185.216.214.42

🇩🇪 141.11.107.166

🇺🇸 129.121.114.124

🇰🇷 110.14.190.221

🇨🇦 104.207.59.225

🇷🇴 92.118.39.145

🇧🇷 34.151.253.152

🇧🇷 34.95.134.97

🇺🇸 34.69.33.179