52.252.5.207 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: Microsoft Corporation

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	fail2ban - Attack against WordPress	2020-09-28 01:57:14
attackspambots	fail2ban - Attack against WordPress	2020-09-27 18:01:33

Comments on same subnet:

IP	Type	Details	Datetime
52.252.59.235	attackbots	21 attempts against mh-ssh on star	2020-10-05 03:16:46
52.252.59.235	attack	21 attempts against mh-ssh on star	2020-10-04 19:02:46
52.252.54.85	attackspam	Unauthorized connection attempt detected from IP address 52.252.54.85 to port 3389 [T]	2020-08-14 04:28:21
52.252.56.58	attackspam	SIPVicious Scanner Detection	2020-07-30 17:49:12
52.252.52.30	attackbots	Invalid user admin from 52.252.52.30 port 48379	2020-07-18 18:43:00
52.252.52.30	attackbotsspam	SSH brute-force attempt	2020-07-16 07:15:58
52.252.52.30	attack	Jul 15 11:09:29 rancher-0 sshd[331879]: Invalid user admin from 52.252.52.30 port 41093 ...	2020-07-15 17:23:35
52.252.56.58	attack	ET SCAN Sipvicious User-Agent Detected (friendly-scanner) - port: 5060 proto: UDP cat: Attempted Information Leak	2020-07-05 22:20:56
52.252.59.246	attackspam	From root@user30.segurancaonlinepfbb.com Sat Jun 06 09:35:21 2020 Received: from user30.segurancaonlinepfbb.com ([52.252.59.246]:33060 helo=minerim10.nvxarea2zpiujjoq1c5pxbxipf.cx.internal.cloudapp.net)	2020-06-06 20:40:52
52.252.56.58	attackspam	Port Scan detected from 52.252.56.58 (US/United States/Virginia/Ashburn/-). 4 hits in the last 250 seconds	2020-06-03 02:54:06

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 52.252.5.207
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14391
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;52.252.5.207.			IN	A

;; AUTHORITY SECTION:
.			533	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020092700 1800 900 604800 86400

;; Query time: 18 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Sep 27 18:01:29 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 207.5.252.52.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 207.5.252.52.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
196.52.43.118	attackspam	9200/tcp 10255/tcp 8531/tcp... [2019-09-03/11-02]32pkt,26pt.(tcp),2pt.(udp),1tp.(icmp)	2019-11-03 15:08:45
156.237.140.230	attackbotsspam	Nov 3 05:15:53 toyboy sshd[16487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.237.140.230 user=r.r Nov 3 05:15:55 toyboy sshd[16487]: Failed password for r.r from 156.237.140.230 port 50404 ssh2 Nov 3 05:15:55 toyboy sshd[16487]: Received disconnect from 156.237.140.230: 11: Bye Bye [preauth] Nov 3 05:34:14 toyboy sshd[23245]: Invalid user admin from 156.237.140.230 Nov 3 05:34:14 toyboy sshd[23245]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.237.140.230 Nov 3 05:34:15 toyboy sshd[23245]: Failed password for invalid user admin from 156.237.140.230 port 49942 ssh2 Nov 3 05:34:16 toyboy sshd[23245]: Received disconnect from 156.237.140.230: 11: Bye Bye [preauth] Nov 3 05:38:38 toyboy sshd[24922]: Invalid user candy from 156.237.140.230 Nov 3 05:38:38 toyboy sshd[24922]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.237.1........ -------------------------------	2019-11-03 14:43:39
165.22.91.192	attack	Automatic report - XMLRPC Attack	2019-11-03 15:07:54
193.112.6.241	attackspam	Nov 2 22:54:21 mockhub sshd[13823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.6.241 Nov 2 22:54:23 mockhub sshd[13823]: Failed password for invalid user mukki from 193.112.6.241 port 58682 ssh2 ...	2019-11-03 15:13:39
82.187.186.115	attackbots	Nov 3 06:54:26 dedicated sshd[7941]: Invalid user cvs from 82.187.186.115 port 52396	2019-11-03 15:10:41
177.93.65.94	attackspam	Lines containing failures of 177.93.65.94 Nov 3 06:24:44 shared11 sshd[12001]: Invalid user admin from 177.93.65.94 port 36241 Nov 3 06:24:44 shared11 sshd[12001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.93.65.94 Nov 3 06:24:46 shared11 sshd[12001]: Failed password for invalid user admin from 177.93.65.94 port 36241 ssh2 Nov 3 06:24:47 shared11 sshd[12001]: Connection closed by invalid user admin 177.93.65.94 port 36241 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=177.93.65.94	2019-11-03 14:49:06
188.18.70.19	attackspam	Chat Spam	2019-11-03 14:42:49
45.136.109.87	attack	45.136.109.87 was recorded 14 times by 6 hosts attempting to connect to the following ports: 5973,5975,5965,5989,5968,5979,5974,5972,5982,5967,5971. Incident counter (4h, 24h, all-time): 14, 136, 252	2019-11-03 14:46:47
185.94.111.1	attack	185.94.111.1 was recorded 7 times by 6 hosts attempting to connect to the following ports: 123,161. Incident counter (4h, 24h, all-time): 7, 39, 82	2019-11-03 14:41:46
157.52.193.108	attackbots	Nov 3 06:27:50 mxgate1 postfix/postscreen[2814]: CONNECT from [157.52.193.108]:44184 to [176.31.12.44]:25 Nov 3 06:27:50 mxgate1 postfix/dnsblog[2816]: addr 157.52.193.108 listed by domain zen.spamhaus.org as 127.0.0.3 Nov 3 06:27:50 mxgate1 postfix/dnsblog[2817]: addr 157.52.193.108 listed by domain b.barracudacentral.org as 127.0.0.2 Nov 3 06:27:56 mxgate1 postfix/postscreen[2814]: DNSBL rank 3 for [157.52.193.108]:44184 Nov x@x Nov 3 06:27:57 mxgate1 postfix/postscreen[2814]: DISCONNECT [157.52.193.108]:44184 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=157.52.193.108	2019-11-03 15:05:28
198.108.67.133	attack	5984/tcp 591/tcp 8088/tcp... [2019-10-02/11-03]135pkt,37pt.(tcp)	2019-11-03 15:11:02
222.186.173.154	attackspam	Nov 3 02:54:22 firewall sshd[24238]: Failed password for root from 222.186.173.154 port 23478 ssh2 Nov 3 02:54:40 firewall sshd[24238]: error: maximum authentication attempts exceeded for root from 222.186.173.154 port 23478 ssh2 [preauth] Nov 3 02:54:40 firewall sshd[24238]: Disconnecting: Too many authentication failures [preauth] ...	2019-11-03 14:57:57
89.252.236.242	attackbotsspam	CloudCIX Reconnaissance Scan Detected, PTR: PTR record not found	2019-11-03 14:49:39
197.56.79.43	attack	Nov 3 06:23:24 * sshd[15619]: Address 197.56.79.43 maps to host-197.56.79.43.tedata.net, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Nov 3 06:23:24 * sshd[15619]: Invalid user admin from 197.56.79.43 Nov 3 06:23:24 * sshd[15619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.56.79.43 Nov 3 06:23:25 * sshd[15619]: Failed password for invalid user admin from 197.56.79.43 port 41350 ssh2 Nov 3 06:23:26 *** sshd[15619]: Connection closed by 197.56.79.43 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=197.56.79.43	2019-11-03 14:42:19
159.203.201.204	attack	7474/tcp 1364/tcp 1028/tcp... [2019-09-17/11-03]39pkt,34pt.(tcp),2pt.(udp)	2019-11-03 15:10:04

Recently Reported IPs

22.123.41.191	74.63.6.111	38.243.6.121	255.64.123.252
128.103.5.210	107.182.97.144	96.43.213.206	66.115.181.222
222.30.85.38	18.223.82.165	51.175.198.92	194.118.20.157
162.17.212.207	63.121.202.238	11.144.67.53	33.194.128.77
103.130.212.109	203.106.81.246	118.25.59.57	157.190.230.250