Must be a valid IPv4 or IPv6 ip address, e.g. 127.0.0.1 or 2001:DB8:0:0:8:800:200C:417A
Basic Info

City: unknown

Region: unknown

Country: Australia

Internet Service Provider: Amazon Technologies Inc.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:
Type Details Datetime
attack
WordPress login Brute force / Web App Attack on client site.
2019-12-09 00:26:29
attackbots
WordPress wp-login brute force :: 52.64.20.252 0.292 BYPASS [06/Dec/2019:16:58:36  0000] [censored_4] "POST /wp-login.php HTTP/1.1" 200 2131 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
2019-12-07 02:36:19
attackbotsspam
AbusiveCrawling
2019-11-22 14:04:59
attackbotsspam
WordPress login Brute force / Web App Attack on client site.
2019-11-12 18:25:58
attackbotsspam
WordPress wp-login brute force :: 52.64.20.252 0.056 BYPASS [14/Sep/2019:19:05:20  1000] [censored_2] "POST /wp-login.php HTTP/1.1" 200 4634 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"
2019-09-14 19:10:33
Comments on same subnet:
IP Type Details Datetime
52.64.207.60 attackbots
[Aegis] @ 2019-07-25 00:55:19  0100 -> Attempted Administrator Privilege Gain: ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack
2020-04-29 23:06:25
52.64.209.168 attack
Automated report (2019-10-18T03:56:29+00:00). Spambot detected.
2019-10-18 12:41:20
Whois info:
b
Dig info:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 52.64.20.252
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61368
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;52.64.20.252.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019091400 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Sep 14 19:10:17 CST 2019
;; MSG SIZE  rcvd: 116
Host info
252.20.64.52.in-addr.arpa domain name pointer ec2-52-64-20-252.ap-southeast-2.compute.amazonaws.com.
Nslookup info:
Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
252.20.64.52.in-addr.arpa	name = ec2-52-64-20-252.ap-southeast-2.compute.amazonaws.com.

Authoritative answers can be found from:
Related IP info:
Related comments:
IP Type Details Datetime
85.203.22.221 attack
Bot ignores robot.txt restrictions
2019-11-11 00:35:52
51.91.56.133 attack
Nov 10 16:42:55 ldap01vmsma01 sshd[13005]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.91.56.133
Nov 10 16:42:57 ldap01vmsma01 sshd[13005]: Failed password for invalid user herbst from 51.91.56.133 port 43332 ssh2
...
2019-11-11 00:43:33
106.53.19.186 attackspambots
Nov 10 06:02:34 php1 sshd\[7432\]: Invalid user saini from 106.53.19.186
Nov 10 06:02:34 php1 sshd\[7432\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.53.19.186
Nov 10 06:02:36 php1 sshd\[7432\]: Failed password for invalid user saini from 106.53.19.186 port 36934 ssh2
Nov 10 06:06:26 php1 sshd\[7961\]: Invalid user netdump from 106.53.19.186
Nov 10 06:06:26 php1 sshd\[7961\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.53.19.186
2019-11-11 00:12:59
178.128.154.236 attackspam
#Join The Rebellion WebMasters: deny from DigitalOcean.com
2019-11-11 00:24:06
59.153.240.205 attack
Unauthorized connection attempt from IP address 59.153.240.205 on Port 445(SMB)
2019-11-11 00:10:52
14.244.50.80 attack
Unauthorized connection attempt from IP address 14.244.50.80 on Port 445(SMB)
2019-11-11 00:14:06
89.74.167.147 attackspam
TCP Port Scanning
2019-11-11 00:47:46
184.66.225.102 attackbots
Nov 10 16:10:30 *** sshd[23598]: Invalid user hobner from 184.66.225.102
2019-11-11 00:18:21
211.137.234.86 attackspambots
firewall-block, port(s): 1433/tcp
2019-11-11 00:30:34
115.231.212.82 attackspam
Nov 10 17:10:10 [snip] postfix/smtpd[24483]: warning: unknown[115.231.212.82]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Nov 10 17:10:18 [snip] postfix/smtpd[24483]: warning: unknown[115.231.212.82]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Nov 10 17:10:30 [snip] postfix/smtpd[24483]: warning: unknown[115.231.212.82]: SASL LOGIN authentication failed: UGFzc3dvcmQ6[...]
2019-11-11 00:22:21
222.186.180.17 attack
Nov 10 17:20:49 SilenceServices sshd[22818]: Failed password for root from 222.186.180.17 port 6268 ssh2
Nov 10 17:21:02 SilenceServices sshd[22818]: Failed password for root from 222.186.180.17 port 6268 ssh2
Nov 10 17:21:02 SilenceServices sshd[22818]: error: maximum authentication attempts exceeded for root from 222.186.180.17 port 6268 ssh2 [preauth]
2019-11-11 00:26:07
185.156.73.3 attack
185.156.73.3 was recorded 27 times by 15 hosts attempting to connect to the following ports: 17467,17468,17469,52472,52471. Incident counter (4h, 24h, all-time): 27, 175, 439
2019-11-11 00:16:52
5.56.135.88 attackspam
5.56.135.88 - - [10/Nov/2019:15:45:54 +0100] "GET /wp-login.php HTTP/1.1" 302 536
...
2019-11-11 00:13:15
185.246.75.146 attackbotsspam
SSH Brute-Force attacks
2019-11-11 00:26:37
118.27.16.242 attack
Nov 10 17:00:54 vserver sshd\[18192\]: Invalid user admin from 118.27.16.242Nov 10 17:00:56 vserver sshd\[18192\]: Failed password for invalid user admin from 118.27.16.242 port 34654 ssh2Nov 10 17:05:02 vserver sshd\[18218\]: Failed password for root from 118.27.16.242 port 43854 ssh2Nov 10 17:10:19 vserver sshd\[18285\]: Failed password for root from 118.27.16.242 port 53032 ssh2
...
2019-11-11 00:28:08

Recently Reported IPs

183.154.92.221 82.102.165.134 223.247.92.38 223.19.67.94
38.79.143.168 141.129.92.32 79.97.7.34 81.99.245.23
182.71.125.106 114.231.37.29 89.252.152.19 106.51.20.67
36.251.50.208 1.30.175.85 103.91.51.184 71.21.24.176
94.181.215.129 187.110.158.190 170.83.81.22 170.159.191.153