JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.4.171.64

52.4.171.64 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 37%: ?

37%

ISP	Amazon Technologies Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14618
Hostname(s)	ec2-52-4-171-64.compute-1.amazonaws.com
Domain Name	amazon.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.4.171.64

Whois 52.4.171.64

IP Abuse Reports for 52.4.171.64:

This IP address has been reported a total of 12 times from 5 distinct sources. 52.4.171.64 was first reported on June 19th 2026, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 reznekcs	2026-06-21 20:33:39 (3 hours ago)	F2B wordpress ban. Logs: 52.4.171.64 - - [21/Jun/2026:22:33:37 +0200] "POST /xmlrpc.php HTTP/1.1" 20 ... show more F2B wordpress ban. Logs: 52.4.171.64 - - [21/Jun/2026:22:33:37 +0200] "POST /xmlrpc.php HTTP/1.1" 200 420 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0" 52.4.171.64 - - [21/Jun/2026:22:33:38 +0200] "POST /xmlrpc.php HTTP/1.1" 200 458 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:54.0) Gecko/20100101 Firefox/54.0" show less	Brute-Force Web App Attack
🇳🇱 Mangelot Hosting	2026-06-21 15:18:25 (8 hours ago)	(wp_login_try) srv101 WP Login Attempt 52.4.171.64 (US/United States/ec2-52-4-171-64.compute-1.amazo ... show more (wp_login_try) srv101 WP Login Attempt 52.4.171.64 (US/United States/ec2-52-4-171-64.compute-1.amazonaws.com): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇮🇹 VHosting	2026-06-21 13:45:04 (10 hours ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 23:22:37 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 52.4.171.64 (ec2-52-4-171-64.compute-1.amazonaw ... show more (mod_security) mod_security (id:225170) triggered by 52.4.171.64 (ec2-52-4-171-64.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 19:22:34.062187 2026] [security2:error] [pid 21809:tid 21809] [client 52.4.171.64:43390] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.mundanestudies.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.mundanestudies.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ajcgukk0PFMn5SKatX3w6gAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 22:21:31 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 52.4.171.64 (ec2-52-4-171-64.compute-1.amazonaw ... show more (mod_security) mod_security (id:225170) triggered by 52.4.171.64 (ec2-52-4-171-64.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 18:21:25.411448 2026] [security2:error] [pid 26045:tid 26045] [client 52.4.171.64:57292] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|marinestorage.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "marinestorage.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajcSZd1VsG1tMOmHz5bRcAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 17:26:05 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 52.4.171.64 (ec2-52-4-171-64.compute-1.amazonaw ... show more (mod_security) mod_security (id:225170) triggered by 52.4.171.64 (ec2-52-4-171-64.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 13:25:59.715413 2026] [security2:error] [pid 1937:tid 1937] [client 52.4.171.64:57440] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.soonerstone.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.soonerstone.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajbNJzdzG_9fD3OQnWhTHQAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 factor1	2026-06-20 16:50:11 (1 day ago)	Fail2ban at saturn Reports Abuse.	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 04:54:54 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 52.4.171.64 (ec2-52-4-171-64.compute-1.amazonaw ... show more (mod_security) mod_security (id:225170) triggered by 52.4.171.64 (ec2-52-4-171-64.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 00:54:49.556966 2026] [security2:error] [pid 17345:tid 17345] [client 52.4.171.64:48186] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.orcastrong.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.orcastrong.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajYdGSwWwWwf7OKyFMCT3QAAACg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 00:52:59 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 52.4.171.64 (ec2-52-4-171-64.compute-1.amazonaw ... show more (mod_security) mod_security (id:225170) triggered by 52.4.171.64 (ec2-52-4-171-64.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 20:52:53.355319 2026] [security2:error] [pid 9833:tid 9833] [client 52.4.171.64:54746] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.lumentravel.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.lumentravel.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajXkZd2F1i2KeducXIs4QQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 23:30:55 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 52.4.171.64 (ec2-52-4-171-64.compute-1.amazonaw ... show more (mod_security) mod_security (id:225170) triggered by 52.4.171.64 (ec2-52-4-171-64.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 19:30:51.531654 2026] [security2:error] [pid 3995:tid 3995] [client 52.4.171.64:53242] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|learnserve.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "learnserve.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ajXRK2GNxVy8Ucu_AwUa7wAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 19:59:09 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 52.4.171.64 (ec2-52-4-171-64.compute-1.amazonaw ... show more (mod_security) mod_security (id:225170) triggered by 52.4.171.64 (ec2-52-4-171-64.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 15:59:06.718340 2026] [security2:error] [pid 29337:tid 29337] [client 52.4.171.64:38076] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|vintageamptubes.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "vintageamptubes.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajWfit5OYnUgxSs2vrflSgAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 18:30:31 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 52.4.171.64 (ec2-52-4-171-64.compute-1.amazonaw ... show more (mod_security) mod_security (id:225170) triggered by 52.4.171.64 (ec2-52-4-171-64.compute-1.amazonaws.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 14:30:27.444239 2026] [security2:error] [pid 16905:tid 16921] [client 52.4.171.64:44220] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.smarterproductions.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.smarterproductions.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajWKw6oHcU0RsZxdZnN4ZgAAAMw"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 172.217.107.25

🇺🇸 143.198.115.138

🇭🇰 152.32.215.224

🇧🇩 103.183.62.1

🇨🇦 85.217.149.5

🇩🇪 64.89.163.245

🇨🇳 61.145.177.151

🇺🇸 44.96.221.188

🇺🇸 2607:f8b0:4004:100d::120

🇨🇳 183.23.54.202

🇦🇲 178.160.230.39

🇺🇸 172.203.242.24

🇱🇹 45.227.254.170

🇩🇪 45.135.141.14

🇺🇸 44.116.167.129

🇳🇱 176.65.139.236

🇳🇱 176.65.139.231

🇲🇾 49.124.150.252

🇺🇸 45.61.187.220

🇺🇸 44.224.226.63