This IP address has been reported a total of
8
times from
6 distinct
sources.
87.237.52.131 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
This IP address carried out 4 port scanning attempts on 10-07-2026. For more information or to repor ...
show moreThis IP address carried out 4 port scanning attempts on 10-07-2026. For more information or to report interesting / incorrect findings, give me a shoutout @parthmaniar on Twitter.
show less
This IP address carried out 1 SSH credential attack (attempts) on 10-07-2026. For more information o ...
show moreThis IP address carried out 1 SSH credential attack (attempts) on 10-07-2026. For more information or to report interesting / incorrect findings, give me a shoutout @parthmaniar on Twitter.
show less
Jul 10 18:21:47 pkdns2 sshd\[21149\]: Invalid user azureuser from 87.237.52.131Jul 10 18:21:49 pkdns ...
show moreJul 10 18:21:47 pkdns2 sshd\[21149\]: Invalid user azureuser from 87.237.52.131Jul 10 18:21:49 pkdns2 sshd\[21149\]: Failed password for invalid user azureuser from 87.237.52.131 port 64007 ssh2Jul 10 18:22:10 pkdns2 sshd\[21187\]: Invalid user azureuser from 87.237.52.131Jul 10 18:22:12 pkdns2 sshd\[21187\]: Failed password for invalid user azureuser from 87.237.52.131 port 64363 ssh2Jul 10 18:25:59 pkdns2 sshd\[21434\]: Invalid user azureuser from 87.237.52.131Jul 10 18:26:01 pkdns2 sshd\[21434\]: Failed password for invalid user azureuser from 87.237.52.131 port 52602 ssh2
...
show less
Malware distribution via typosquat + Discord social engineering.
Domain: fixxlr.com (registered 2 ...
show moreMalware distribution via typosquat + Discord social engineering.
Domain: fixxlr.com (registered 2026-04-18 via Tucows, Njalla NS)
Hosted at 87.237.52.131 (XSServer GmbH)
Site poses as "virtual mixer and volume booster" โ typosquat of
legitimate GoXLR brand (TC-Helicon). No business footprint;
footer copyright dated 2024 despite 5-day-old domain.
Distribution: unsolicited Discord DMs. Operator poses as audio
engineer, directs targets to search "fixxlr" rather than linking.
Falsely claimed affiliation with unrelated legitimate project
FxSound when challenged.
Payload: BunniClient.exe (name does not match advertised product).
Sandbox verdict: Malicious 80/100. Exhibits anti-VM, anti-debug,
packed sections โ info-stealer behavior consistent with "Bunni"
family.
Hybrid Analysis: https://hybrid-analysis.com/sample/78b6a6d755a577ff021c4eda53630f2ca45f19a593bb40b805de587be7dd0303
Also reported to Google Safe Browsing and host (XSServer abuse).
show less
Spoofing
Phishing
Hacking
Showing 1 to
8
of 8 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ