Go
52.187.132.240
is a
Hacker
100 %
Singapore
Report Abuse
157attacks reported
112Brute-ForceSSH
20SSH
9Brute-Force
5uncategorized
2Port ScanBrute-ForceSSH
1FTP Brute-ForceHackingBrute-ForceSSH
1DDoS AttackPort ScanBrute-ForceWeb App AttackSSH
1DDoS AttackSSH
1Port Scan
1HackingBrute-ForceSSH
...
1abuse reported
1Email Spam
1organizations reported
1uncategorized
from 75 distinct reporters
and 7 distinct sources : BadIPs.com, Blocklist.de, FireHOL, blocklist.net.ua, VoIPBL.org, darklist.de, AbuseIPDB
52.187.132.240 was first signaled at 2019-03-29 18:23 and last record was at 2020-08-02 14:05.
IP

52.187.132.240

Organization
Microsoft Corporation
Localisation
Singapore
, Singapore
NetRange : First & Last IP
52.145.0.0 - 52.191.255.255
Network CIDR
52.128.0.0/10

Cybercrime IP Feeds

Date UTC Category Sub Categories Source List Source Logs
2020-08-01 17:56 attacks Brute-ForceSSH AbuseIPDB Aug 2 04:47:09 piServer sshd[17770]: Failed password for root from 52.187.132.240 port 33864 ssh2 Aug 2 04:51:43 piServer sshd[18202]: Failed password
2020-08-01 17:33 attacks Brute-ForceSSH AbuseIPDB Aug 2 04:24:24 piServer sshd[15570]: Failed password for root from 52.187.132.240 port 40962 ssh2 Aug 2 04:28:57 piServer sshd[15973]: Failed password
2020-08-01 17:10 attacks Brute-ForceSSH AbuseIPDB Aug 2 04:01:35 piServer sshd[13367]: Failed password for root from 52.187.132.240 port 47976 ssh2 Aug 2 04:06:05 piServer sshd[13785]: Failed password
2020-08-01 16:47 attacks Brute-ForceSSH AbuseIPDB Aug 2 03:39:00 piServer sshd[11245]: Failed password for root from 52.187.132.240 port 55200 ssh2 Aug 2 03:43:30 piServer sshd[11801]: Failed password
2020-08-01 16:25 attacks Brute-ForceSSH AbuseIPDB Aug 2 03:16:15 piServer sshd[9120]: Failed password for root from 52.187.132.240 port 34078 ssh2 Aug 2 03:20:47 piServer sshd[9601]: Failed password f
2020-08-01 16:02 attacks Brute-ForceSSH AbuseIPDB Aug 2 02:53:52 piServer sshd[6972]: Failed password for root from 52.187.132.240 port 41526 ssh2 Aug 2 02:58:16 piServer sshd[7415]: Failed password f
2020-08-01 15:40 attacks Brute-ForceSSH AbuseIPDB Aug 2 02:32:07 piServer sshd[4524]: Failed password for root from 52.187.132.240 port 49608 ssh2 Aug 2 02:36:09 piServer sshd[5025]: Failed password f
2020-08-01 12:24 attacks Brute-ForceSSH AbuseIPDB Aug 2 07:24:40 localhost sshd[1842224]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.187.132.240 user=ro
2020-08-01 12:23 attacks Brute-ForceSSH AbuseIPDB Aug 1 23:23:02 host sshd[31457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.187.132.240 user=root Aug
2020-08-01 09:35 attacks Brute-ForceSSH AbuseIPDB Aug 1 20:31:35 *hidden* sshd[28195]: Failed password for *hidden* from 52.187.132.240 port 60800 ssh2 Aug 1 20:35:31 *hidden* sshd[28799]: pam_unix(ss
2020-08-01 09:33 attacks Brute-ForceSSH AbuseIPDB Aug 1 20:29:11 amit sshd\[32113\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.187.132.240 user=root
2020-08-01 00:22 attacks Brute-ForceSSH AbuseIPDB (sshd) Failed SSH login from 52.187.132.240 (SG/Singapore/-): 5 in the last 3600 secs
2020-08-01 00:10 attacks Brute-ForceSSH AbuseIPDB Aug 1 05:10:23 Host-KEWR-E sshd[499]: User root from 52.187.132.240 not allowed because not listed in AllowUsers
2020-07-31 21:10 attacks FTP Brute-ForceHackingBrute-ForceSSH AbuseIPDB SSH brute-force attempt
2020-07-31 18:21 attacks Brute-ForceSSH AbuseIPDB Brute-force attempt banned
2020-07-31 18:20 attacks Brute-ForceSSH AbuseIPDB Aug 1 00:08:59 ws24vmsma01 sshd[137869]: Failed password for root from 52.187.132.240 port 39050 ssh2
2020-07-31 11:35 attacks Brute-ForceSSH AbuseIPDB  
2020-07-31 05:42 attacks Brute-ForceSSH AbuseIPDB prod11
2020-07-30 18:37 attacks Brute-ForceSSH AbuseIPDB 2020-07-31T05:28:24.556794mail.broermann.family sshd[10514]: Failed password for root from 52.187.132.240 port 54794 ssh2 2020-07-31T05:32:29.414617ma
2020-07-30 12:30 attacks Brute-ForceSSH AbuseIPDB $f2bV_matches
2020-07-30 12:30 attacks Brute-Force AbuseIPDB $f2bV_matches
2020-07-30 12:01 attacks Brute-ForceSSH AbuseIPDB "Unauthorized connection attempt on SSHD detected"
2020-07-30 06:24 attacks Brute-ForceSSH AbuseIPDB Brute force attempt
2020-07-30 06:20 attacks Brute-ForceSSH AbuseIPDB 2020-07-30T15:16:02.928499abusebot-2.cloudsearch.cf sshd[28737]: Invalid user osm2 from 52.187.132.240 port 56674 2020-07-30T15:16:02.937367abusebot-2
2020-07-30 06:17 attacks DDoS AttackPort ScanBrute-ForceWeb App Attack AbuseIPDB 2020-07-30T22:07:18.818906hostname sshd[6254]: Invalid user yaochenli from 52.187.132.240 port 34556 2020-07-30T22:07:20.600635hostname sshd[6254]: Fa
2020-07-30 06:15 attacks Brute-ForceSSH AbuseIPDB detected by Fail2Ban
2020-07-30 03:08 attacks Brute-ForceSSH AbuseIPDB Fail2Ban
2020-07-30 02:59 attacks Brute-ForceSSH AbuseIPDB Jul 30 13:59:03 vm0 sshd[4337]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.187.132.240 Jul 30 13:59:05
2020-07-30 02:41 attacks Brute-ForceSSH AbuseIPDB Jul 30 13:37:55 buvik sshd[2408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.187.132.240 Jul 30 13:37:
2020-07-30 02:12 attacks Brute-ForceSSH AbuseIPDB Jul 30 13:08:38 buvik sshd[30571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.187.132.240 Jul 30 13:08
2020-07-30 01:43 attacks Brute-ForceSSH AbuseIPDB Jul 30 12:42:59 buvik sshd[26415]: Invalid user mouzj from 52.187.132.240 Jul 30 12:42:59 buvik sshd[26415]: pam_unix(sshd:auth): authentication failu
2020-07-30 01:17 attacks Brute-ForceSSH AbuseIPDB Jul 30 12:17:46 buvik sshd[22674]: Invalid user shiliu from 52.187.132.240 Jul 30 12:17:46 buvik sshd[22674]: pam_unix(sshd:auth): authentication fail
2020-07-30 00:52 attacks Brute-ForceSSH AbuseIPDB Jul 30 11:49:12 buvik sshd[18046]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.187.132.240 Jul 30 11:49
2020-07-30 00:27 attacks Brute-ForceSSH AbuseIPDB Jul 30 11:24:06 buvik sshd[14383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.187.132.240 Jul 30 11:24
2020-07-30 00:06 attacks Brute-ForceSSH AbuseIPDB SSH Login Bruteforce
2020-07-30 00:02 attacks Brute-ForceSSH AbuseIPDB Jul 30 10:58:05 buvik sshd[10205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.187.132.240 Jul 30 10:58
2020-07-30 00:02 attacks Brute-ForceSSH AbuseIPDB Brute-force attempt banned
2020-07-29 19:39 attacks Brute-ForceSSH AbuseIPDB Jul 30 06:39:29 rancher-0 sshd[657831]: Invalid user wangshiyou from 52.187.132.240 port 50886
2020-07-29 18:38 attacks Brute-ForceSSH AbuseIPDB Jul 30 05:38:20 rancher-0 sshd[656852]: Invalid user chenxing from 52.187.132.240 port 48978 Jul 30 05:38:23 rancher-0 sshd[656852]: Failed password f
2020-07-29 18:36 attacks Brute-ForceSSH AbuseIPDB Tried sshing with brute force.
2020-07-29 14:21 attacks Brute-ForceSSH AbuseIPDB Jul 30 01:21:43 vps639187 sshd\[29570\]: Invalid user ynwang from 52.187.132.240 port 46314 Jul 30 01:21:43 vps639187 sshd\[29570\]: pam_unix\(sshd:au
2020-07-29 13:48 attacks Brute-ForceSSH AbuseIPDB Jul 30 00:48:18 vps639187 sshd\[29038\]: Invalid user shkim from 52.187.132.240 port 39512 Jul 30 00:48:18 vps639187 sshd\[29038\]: pam_unix\(sshd:aut
2020-07-29 13:15 attacks Brute-ForceSSH AbuseIPDB Jul 30 00:15:24 vps639187 sshd\[28584\]: Invalid user zhangxt from 52.187.132.240 port 33072 Jul 30 00:15:24 vps639187 sshd\[28584\]: pam_unix\(sshd:a
2020-07-29 12:43 attacks Brute-ForceSSH AbuseIPDB Jul 29 23:43:06 vps639187 sshd\[28074\]: Invalid user jzhang71 from 52.187.132.240 port 55482 Jul 29 23:43:06 vps639187 sshd\[28074\]: pam_unix\(sshd:
2020-07-29 12:10 attacks Brute-ForceSSH AbuseIPDB Jul 29 23:10:19 vps639187 sshd\[27636\]: Invalid user zoufenghe from 52.187.132.240 port 49226 Jul 29 23:10:19 vps639187 sshd\[27636\]: pam_unix\(sshd
2020-07-29 11:49 attacks Brute-ForceSSH AbuseIPDB fail2ban
2020-07-29 11:45 attacks Port ScanBrute-ForceSSH AbuseIPDB Too many connections or unauthorized access detected from Arctic banned ip
2020-07-29 11:38 attacks Brute-ForceSSH AbuseIPDB Jul 29 22:38:25 vps639187 sshd\[27108\]: Invalid user steven from 52.187.132.240 port 40950 Jul 29 22:38:25 vps639187 sshd\[27108\]: pam_unix\(sshd:au
2020-07-29 08:37 attacks Brute-ForceSSH AbuseIPDB Jul 29 19:37:41 serwer sshd\[13818\]: Invalid user vusers from 52.187.132.240 port 47398 Jul 29 19:37:41 serwer sshd\[13818\]: pam_unix\(sshd:auth\):
2020-07-29 08:35 attacks Brute-ForceSSH AbuseIPDB Jul 29 11:35:55 Host-KLAX-C sshd[7005]: Invalid user vusers from 52.187.132.240 port 49538
2019-06-17 10:15 attacks SSH AbuseIPDB Jun 17 21:15:50 [munged] sshd[1823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.187.132.240 user=mysql
2019-06-17 10:15 attacks SSH AbuseIPDB Jun 17 21:15:50 [munged] sshd[1823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.187.132.240 user=mysql
2019-06-17 10:30 attacks Brute-ForceSSH AbuseIPDB 20 attempts against mh-ssh on pluto.magehost.pro
2019-06-17 13:00 attacks Brute-ForceSSH AbuseIPDB 20 attempts against mh-ssh on pluto.magehost.pro
2019-06-17 18:10 attacks Brute-ForceSSH AbuseIPDB Jun 18 10:05:31 itv-usvr-01 sshd[17952]: Invalid user dijian from 52.187.132.240 Jun 18 10:05:32 itv-usvr-01 sshd[17952]: pam_unix(sshd:auth): authent
2019-06-17 18:10 attacks Brute-ForceSSH AbuseIPDB SSH bruteforce
2019-06-17 18:22 attacks Brute-ForceSSH AbuseIPDB 20 attempts against mh-ssh on star.magehost.pro
2019-06-17 18:22 attacks Brute-ForceSSH AbuseIPDB 20 attempts against mh-ssh on dawn.magehost.pro
2019-06-17 23:32 attacks Brute-ForceSSH AbuseIPDB 20 attempts against mh-ssh on star.magehost.pro
2019-06-19 05:20 attacks Brute-ForceSSH AbuseIPDB 20 attempts against mh-ssh on rock.magehost.pro
2019-06-18 08:28 attacks bi_any_0_1d BadIPs.com  
2019-06-18 08:29 attacks SSH bi_ssh_0_1d BadIPs.com  
2019-06-18 08:29 attacks blocklist_de Blocklist.de  
2019-06-18 08:29 attacks SSH blocklist_de_ssh Blocklist.de  
2019-06-18 08:34 attacks firehol_level2 FireHOL  
2019-06-19 07:33 attacks Bad Web Bot bi_badbots_0_1d BadIPs.com  
2019-06-19 07:33 attacks Brute-Force bi_bruteforce_0_1d BadIPs.com  
2019-06-23 02:56 abuse Email Spam blocklist_net_ua blocklist.net.ua  
2019-06-23 03:00 attacks firehol_level4 FireHOL  
2019-06-28 22:42 attacks SSH bi_sshd_0_1d BadIPs.com  
2020-08-01 14:56 attacks SSH bi_ssh-ddos_0_1d BadIPs.com  
2020-08-01 15:14 attacks Fraud VoIP voipbl VoIPBL.org  
2020-08-02 14:05 attacks darklist_de darklist.de  
2019-03-29 18:23 organizations datacenters  
only last 50 and first 10 AbuseIPDB logs are shown

Threats Categories :

abuse
IPs used to spam forum, boards, blogs or smtp servers, automated web scripts or scrappers (bad bots)
anonymizer
Onion Router IP addresses. TOR network IPs, TOR exit points, socks or ssl proxy.
attacks
bruteforce ssh/ftp/system account, IPs that have been detected by fail2ban, ports scan, vulnerabilities scan, DDoS.
malware
Addresses that have been identified distributing malware, form-grabber and stealer, Viruses, Worms, Trojans, Ransomware, Adware, Spyware

Whois

NetRange: 52.145.0.0 - 52.191.255.255
CIDR: 52.148.0.0/14, 52.146.0.0/15, 52.160.0.0/11, 52.145.0.0/16, 52.152.0.0/13
NetName: MSFT
NetHandle: NET-52-145-0-0-1
Parent: NET52 (NET-52-0-0-0-0)
NetType: Direct Assignment
OriginAS:
Organization: Microsoft Corporation (MSFT)
RegDate: 2015-11-24
Updated: 2015-11-24
Ref: https://rdap.arin.net/registry/ip/ 52.145.0.0

OrgName: Microsoft Corporation
OrgId: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
RegDate: 1998-07-09
Updated: 2017-01-28
Comment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
Comment: * https://cert.microsoft.com.
Comment:
Comment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
Comment: * abuse@microsoft.com.
Comment:
Comment: To report security vulnerabilities in Microsoft products and services, please contact:
Comment: * secure@microsoft.com.
Comment:
Comment: For legal and law enforcement-related requests, please contact:
Comment: * msndcc@microsoft.com
Comment:
Comment: For routing, peering or DNS issues, please
Comment: contact:
Comment: * IOC@microsoft.com
Ref: https://rdap.arin.net/registry/entity/MSFT

OrgTechHandle: MRPD-ARIN
OrgTechName: Microsoft Routing, Peering, and DNS
OrgTechPhone: +1-425-882-8080
OrgTechEmail: IOC@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN

OrgAbuseHandle: MAC74-ARIN
OrgAbuseName: Microsoft Abuse Contact
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@microsoft.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN
most specific ip range is highlighted
Updated : 2020-08-05