52.252.5.207 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: Microsoft Corporation

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	fail2ban - Attack against WordPress	2020-09-28 01:57:14
attackspambots	fail2ban - Attack against WordPress	2020-09-27 18:01:33

Comments on same subnet:

IP	Type	Details	Datetime
52.252.59.235	attackbots	21 attempts against mh-ssh on star	2020-10-05 03:16:46
52.252.59.235	attack	21 attempts against mh-ssh on star	2020-10-04 19:02:46
52.252.54.85	attackspam	Unauthorized connection attempt detected from IP address 52.252.54.85 to port 3389 [T]	2020-08-14 04:28:21
52.252.56.58	attackspam	SIPVicious Scanner Detection	2020-07-30 17:49:12
52.252.52.30	attackbots	Invalid user admin from 52.252.52.30 port 48379	2020-07-18 18:43:00
52.252.52.30	attackbotsspam	SSH brute-force attempt	2020-07-16 07:15:58
52.252.52.30	attack	Jul 15 11:09:29 rancher-0 sshd[331879]: Invalid user admin from 52.252.52.30 port 41093 ...	2020-07-15 17:23:35
52.252.56.58	attack	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) - port: 5060 proto: UDP cat: Attempted Information Leak	2020-07-05 22:20:56
52.252.59.246	attackspam	From root@user30.segurancaonlinepfbb.com Sat Jun 06 09:35:21 2020 Received: from user30.segurancaonlinepfbb.com ([52.252.59.246]:33060 helo=minerim10.nvxarea2zpiujjoq1c5pxbxipf.cx.internal.cloudapp.net)	2020-06-06 20:40:52
52.252.56.58	attackspam	Port Scan detected from 52.252.56.58 (US/United States/Virginia/Ashburn/-). 4 hits in the last 250 seconds	2020-06-03 02:54:06

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 52.252.5.207
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14391
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;52.252.5.207.			IN	A

;; AUTHORITY SECTION:
.			533	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020092700 1800 900 604800 86400

;; Query time: 18 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Sep 27 18:01:29 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 207.5.252.52.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 207.5.252.52.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
111.229.85.222	attackspam	Aug 31 09:32:11 firewall sshd[19467]: Invalid user postgres from 111.229.85.222 Aug 31 09:32:13 firewall sshd[19467]: Failed password for invalid user postgres from 111.229.85.222 port 50130 ssh2 Aug 31 09:36:44 firewall sshd[19495]: Invalid user sgt from 111.229.85.222 ...	2020-08-31 21:12:01
203.81.91.211	attack	445/tcp [2020-08-31]1pkt	2020-08-31 21:30:09
183.89.0.23	attackspambots	445/tcp [2020-08-31]1pkt	2020-08-31 21:39:07
5.166.56.250	attackbotsspam	Port Scan detected! ...	2020-08-31 21:00:50
49.88.112.71	attackbotsspam	Aug 31 12:31:10 email sshd\[19366\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.71 user=root Aug 31 12:31:12 email sshd\[19366\]: Failed password for root from 49.88.112.71 port 63794 ssh2 Aug 31 12:32:22 email sshd\[19564\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.71 user=root Aug 31 12:32:24 email sshd\[19564\]: Failed password for root from 49.88.112.71 port 20270 ssh2 Aug 31 12:36:50 email sshd\[20280\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.71 user=root ...	2020-08-31 21:09:32
52.152.226.185	attackspam	Aug 31 14:36:51 vps639187 sshd\[9355\]: Invalid user anna from 52.152.226.185 port 48357 Aug 31 14:36:51 vps639187 sshd\[9355\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.152.226.185 Aug 31 14:36:54 vps639187 sshd\[9355\]: Failed password for invalid user anna from 52.152.226.185 port 48357 ssh2 ...	2020-08-31 20:57:37
46.101.181.170	attackspambots	Aug 31 12:27:27 ip-172-31-16-56 sshd\[16110\]: Invalid user admin from 46.101.181.170\ Aug 31 12:27:28 ip-172-31-16-56 sshd\[16110\]: Failed password for invalid user admin from 46.101.181.170 port 45914 ssh2\ Aug 31 12:32:16 ip-172-31-16-56 sshd\[16147\]: Invalid user data from 46.101.181.170\ Aug 31 12:32:18 ip-172-31-16-56 sshd\[16147\]: Failed password for invalid user data from 46.101.181.170 port 54160 ssh2\ Aug 31 12:36:54 ip-172-31-16-56 sshd\[16209\]: Invalid user greg from 46.101.181.170\	2020-08-31 21:06:11
202.102.144.114	attack	srvr2: (mod_security) mod_security (id:920350) triggered by 202.102.144.114 (CN/-/ppp51.dyptt.sd.cn): 1 in the last 600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/31 14:37:17 [error] 315421#0: 329363 [client 202.102.144.114] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "159887743722.658890"] [ref "o0,12v21,12"], client: 202.102.144.114, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-08-31 20:46:41
103.145.13.9	attack	[N10.H2.VM2] Port Scanner Detected Blocked by UFW	2020-08-31 20:48:12
164.132.196.98	attackspam	Aug 31 15:25:26 * sshd[20882]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.196.98 Aug 31 15:25:28 * sshd[20882]: Failed password for invalid user noel from 164.132.196.98 port 45263 ssh2	2020-08-31 21:25:31
95.156.255.167	attackspam	25022/tcp [2020-08-31]1pkt	2020-08-31 21:28:43
125.213.146.226	attackbots	5555/tcp 5555/tcp 5555/tcp [2020-08-31]3pkt	2020-08-31 21:21:08
35.185.38.253	attackspambots	35.185.38.253 - - [31/Aug/2020:13:36:30 +0100] "POST /wp-login.php HTTP/1.1" 200 1791 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 35.185.38.253 - - [31/Aug/2020:13:36:31 +0100] "POST /wp-login.php HTTP/1.1" 200 1772 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 35.185.38.253 - - [31/Aug/2020:13:36:32 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-31 21:22:46
121.48.164.46	attackbotsspam	srv02 SSH BruteForce Attacks 22 ..	2020-08-31 20:55:40
222.252.26.250	attackbotsspam	445/tcp [2020-08-31]1pkt	2020-08-31 21:34:02

Recently Reported IPs

22.123.41.191	74.63.6.111	38.243.6.121	255.64.123.252
128.103.5.210	107.182.97.144	96.43.213.206	66.115.181.222
222.30.85.38	18.223.82.165	51.175.198.92	194.118.20.157
162.17.212.207	63.121.202.238	11.144.67.53	33.194.128.77
103.130.212.109	203.106.81.246	118.25.59.57	157.190.230.250