JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 52.165.213.181

52.165.213.181 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 55%: ?

55%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Des Moines, Iowa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 52.165.213.181

Whois 52.165.213.181

IP Abuse Reports for 52.165.213.181:

This IP address has been reported a total of 22 times from 18 distinct sources. 52.165.213.181 was first reported on October 12th 2025, and the most recent report was 20 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 greenhost.com.au	2026-06-26 18:00:07 (20 hours ago)	Automated report: 350 attacks in 24h targeting privacymate via FAIL2BAN-736, SSH. SSH/brute_force: 3 ... show more Automated report: 350 attacks in 24h targeting privacymate via FAIL2BAN-736, SSH. SSH/brute_force: 336 on privacymate; SSH/invalid_user: 13 on privacymate; FAIL2BAN-736/banned: 1 on privacymate show less	Brute-Force SSH
🇳🇱 GlobalArt, Inc	2026-06-25 20:39:22 (1 day ago)	2026-06-25T22:39:13.518154+02:00 proxy-nl1 sshd[1790116]: Failed password for root from 52.165.213.1 ... show more 2026-06-25T22:39:13.518154+02:00 proxy-nl1 sshd[1790116]: Failed password for root from 52.165.213.181 port 37890 ssh2 2026-06-25T22:39:15.492207+02:00 proxy-nl1 sshd[1790119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.165.213.181 user=root 2026-06-25T22:39:17.824982+02:00 proxy-nl1 sshd[1790119]: Failed password for root from 52.165.213.181 port 37891 ssh2 2026-06-25T22:39:20.059024+02:00 proxy-nl1 sshd[1790122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.165.213.181 user=root 2026-06-25T22:39:21.742870+02:00 proxy-nl1 sshd[1790122]: Failed password for root from 52.165.213.181 port 37893 ssh2 show less	Brute-Force SSH
🇷🇺 weke	2026-06-25 18:33:32 (1 day ago)	ip=52.165.213.181 \| user=root \| pass=Contabo2025 \| event=cowrie.login.success \| source=ssh honeypot ... show more ip=52.165.213.181 \| user=root \| pass=Contabo2025 \| event=cowrie.login.success \| source=ssh honeypot MSK \| time=2026-06-25T18:33:32.878736Z show less	Brute-Force SSH
🇦🇺 greenhost.com.au	2026-06-25 17:00:15 (1 day ago)	Automated report: 71 attacks in 24h targeting flightapp, privacymate via SSH. SSH/brute_force: 69 on ... show more Automated report: 71 attacks in 24h targeting flightapp, privacymate via SSH. SSH/brute_force: 69 on flightapp, privacymate; SSH/invalid_user: 2 on privacymate show less	Brute-Force SSH
🇳🇱 GlobalArt, Inc	2026-06-25 16:41:01 (1 day ago)	2026-06-25T18:40:49.708532+02:00 proxy-nl1 sshd[1775560]: Failed password for root from 52.165.213.1 ... show more 2026-06-25T18:40:49.708532+02:00 proxy-nl1 sshd[1775560]: Failed password for root from 52.165.213.181 port 37832 ssh2 2026-06-25T18:40:52.731823+02:00 proxy-nl1 sshd[1775588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.165.213.181 user=root 2026-06-25T18:40:55.176632+02:00 proxy-nl1 sshd[1775588]: Failed password for root from 52.165.213.181 port 37824 ssh2 2026-06-25T18:40:58.109085+02:00 proxy-nl1 sshd[1775615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.165.213.181 user=root 2026-06-25T18:41:00.378067+02:00 proxy-nl1 sshd[1775615]: Failed password for root from 52.165.213.181 port 37827 ssh2 show less	Brute-Force SSH
🇳🇱 GlobalArt, Inc	2026-06-25 16:20:38 (1 day ago)	2026-06-25T18:20:25.967679+02:00 proxy-nl1 sshd[1772409]: Failed password for root from 52.165.213.1 ... show more 2026-06-25T18:20:25.967679+02:00 proxy-nl1 sshd[1772409]: Failed password for root from 52.165.213.181 port 37826 ssh2 2026-06-25T18:20:29.688049+02:00 proxy-nl1 sshd[1772424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.165.213.181 user=root 2026-06-25T18:20:31.905517+02:00 proxy-nl1 sshd[1772424]: Failed password for root from 52.165.213.181 port 37831 ssh2 2026-06-25T18:20:35.370083+02:00 proxy-nl1 sshd[1772427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.165.213.181 user=root 2026-06-25T18:20:37.076877+02:00 proxy-nl1 sshd[1772427]: Failed password for root from 52.165.213.181 port 37829 ssh2 show less	Brute-Force SSH
🇬🇧 PeravixGroup	2026-06-02 07:03:55 (3 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇺🇸 xmission.com	2026-06-02 06:04:45 (3 weeks ago)	Blocked by UFW (TCP on 8443) Source port: 25635 TTL: 52 Packet length: 60 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 8443) Source port: 25635 TTL: 52 Packet length: 60 TOS: 0x00 This report (for 52.165.213.181) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇳🇱 BIV	2026-06-02 04:48:39 (3 weeks ago)	Honeypot multi-source hit. Sources: tpot:Honeytrap,tpot:P0f,tpot:Suricata. Ports: 2082,2086,443,80. ... show more Honeypot multi-source hit. Sources: tpot:Honeytrap,tpot:P0f,tpot:Suricata. Ports: 2082,2086,443,80. Automated tiered (T-Pot+DShield). show less	Port Scan Hacking Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-02 02:31:03 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 52.165.213.181 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 52.165.213.181 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 22:31:00.348683 2026] [security2:error] [pid 28160:tid 28160] [client 52.165.213.181:25795] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.159"] [uri "/.env"] [unique_id "ah5AZFyCc0GrgQbWM3kCawAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ISPLtd	2026-06-02 01:52:28 (3 weeks ago)	Jun 1 22:52:27 52.165.213.181 TCP SPT=25986 DPT=2082 SYN Jun 1 22:52:27 52.165.213.181 TCP SPT=259 ... show more Jun 1 22:52:27 52.165.213.181 TCP SPT=25986 DPT=2082 SYN Jun 1 22:52:27 52.165.213.181 TCP SPT=25998 DPT=8080 SYN Jun 1 22:52:27 52.165.213.181 TCP SPT=26007 DPT=8443 ... show less	Port Scan
🇷🇸 Scan	2026-06-02 01:14:30 (3 weeks ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇺🇸 LotPhantom	2026-06-01 08:26:29 (3 weeks ago)	2026-06-01T08:26:29.547131+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1 ... show more 2026-06-01T08:26:29.547131+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1:fe:00:00:00:01:01:08:00 SRC=52.165.213.181 DST=157.230.217.55 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=32495 DF PROTO=TCP SPT=19522 DPT=8080 WINDOW=64240 RES=0x00 SYN URGP=0 2026-06-01T08:26:29.549507+00:00 bridginggaps kernel: [UFW BLOCK] IN=eth0 OUT= MAC=2e:bc:64:1d:2c:e1:fe:00:00:00:01:01:08:00 SRC=52.165.213.181 DST=157.230.217.55 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=29007 DF PROTO=TCP SPT=19521 DPT=2086 WINDOW=64240 RES=0x00 SYN URGP=0 ... show less	Port Scan Hacking
🇩🇪 psauxit	2026-06-01 08:22:12 (3 weeks ago)	Fail2Ban - UFW port probing on unauthorized port	Port Scan
🇸🇬 drewf.ink	2026-06-01 06:41:03 (3 weeks ago)	[06:41] Port scanning. Port(s) scanned: TCP/2083	Port Scan

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 189.37.69.171

🇧🇷 189.36.215.193

🇧🇩 103.179.198.19

🇲🇾 103.179.70.194

🇪🇬 41.238.100.45

🇹🇼 202.39.153.245

🇬🇧 193.163.125.250

🇲🇽 189.224.27.8

🇧🇷 138.0.44.57

🇨🇳 111.53.8.101

🇳🇱 91.92.40.239

🇧🇾 81.30.98.142

🇳🇴 51.120.79.15

🇵🇰 39.34.202.193

🇲🇽 189.216.169.37

🇲🇽 189.192.244.76

🇲🇽 189.161.68.129

🇱🇻 81.30.98.62

🇧🇬 79.124.40.126

🇲🇽 189.149.43.133