197.248.225.253

Basic Info

City: Nairobi

Region: Nairobi

Country: Kenya

Internet Service Provider: Safaricom

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
197.248.225.110	attack	(imapd) Failed IMAP login from 197.248.225.110 (KE/Kenya/197-248-225-110.safaricombusiness.co.ke): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: Jul 7 01:31:37 ir1 dovecot[2885757]: imap-login: Disconnected (auth failed, 1 attempts in 5 secs): user=, method=PLAIN, rip=197.248.225.110, lip=5.63.12.44, TLS: Connection closed, session=	2020-07-07 06:44:27
197.248.225.110	attack	2020-05-0511:15:571jVtgC-0003Re-8j\<=info@whatsup2013.chH=\(localhost\)[221.229.121.226]:44918P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3090id=2541683b301bcec2e5a01645b1767c7043f5086e@whatsup2013.chT="Youaresocharming"forhzhyness1@gmail.comnivaxxx26@gmail.com2020-05-0511:17:041jVthG-0003Wu-7M\<=info@whatsup2013.chH=\(localhost\)[212.113.234.114]:39343P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3160id=0286306368436961fdf84ee205f1dbc7af6c54@whatsup2013.chT="Youignitemyheart."forrondelogeorge9@gmail.comscottyboy118@gmail.com2020-05-0511:16:301jVtgj-0003V3-FB\<=info@whatsup2013.chH=\(localhost\)[113.172.53.153]:52483P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3071id=288533606b406a62fefb4de106f2d8c48f7633@whatsup2013.chT="Youareaslovelyasasunlight"formarcko0122@gmail.comusmcl1218@gmail.com2020-05-0511:16:051jVtgK-0003Se-MM\<=info@whatsup2013.chH=\(localhost\)[197.248.	2020-05-05 22:02:38

Type

Details

Datetime

197.248.225.110

attack

(imapd) Failed IMAP login from 197.248.225.110 (KE/Kenya/197-248-225-110.safaricombusiness.co.ke): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: Jul  7 01:31:37 ir1 dovecot[2885757]: imap-login: Disconnected (auth failed, 1 attempts in 5 secs): user=, method=PLAIN, rip=197.248.225.110, lip=5.63.12.44, TLS: Connection closed, session=

2020-07-07 06:44:27

197.248.225.110

attack

2020-05-0511:15:571jVtgC-0003Re-8j\<=info@whatsup2013.chH=\(localhost\)[221.229.121.226]:44918P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3090id=2541683b301bcec2e5a01645b1767c7043f5086e@whatsup2013.chT="Youaresocharming"forhzhyness1@gmail.comnivaxxx26@gmail.com2020-05-0511:17:041jVthG-0003Wu-7M\<=info@whatsup2013.chH=\(localhost\)[212.113.234.114]:39343P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3160id=0286306368436961fdf84ee205f1dbc7af6c54@whatsup2013.chT="Youignitemyheart."forrondelogeorge9@gmail.comscottyboy118@gmail.com2020-05-0511:16:301jVtgj-0003V3-FB\<=info@whatsup2013.chH=\(localhost\)[113.172.53.153]:52483P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3071id=288533606b406a62fefb4de106f2d8c48f7633@whatsup2013.chT="Youareaslovelyasasunlight"formarcko0122@gmail.comusmcl1218@gmail.com2020-05-0511:16:051jVtgK-0003Se-MM\<=info@whatsup2013.chH=\(localhost\)[197.248.

2020-05-05 22:02:38

Whois info:

% This is the AfriNIC Whois server.
% The AFRINIC whois database is subject to  the following terms of Use. See https://afrinic.net/whois/terms

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '197.248.192.0 - 197.248.255.255'

% No abuse contact registered for 197.248.192.0 - 197.248.255.255

inetnum:        197.248.192.0 - 197.248.255.255
netname:        Safaricom-Business
descr:          For Safaricom KENYA Enterprise Business Unit
country:        KE
admin-c:        JM27-AFRINIC
admin-c:        DA1485-AFRINIC
tech-c:         DA1485-AFRINIC
status:         ASSIGNED PA
remarks:        For Safaricom KENYA Enterprise Business Unit
mnt-by:         MNT-SAF2004
source:         AFRINIC # Filtered
parent:         197.248.0.0 - 197.248.255.255

person:         Domain Admin
address:        Safaricom Limited
address:        Safaricom House
address:        POBox 46350-00100 Nairobi
address:        Kenya
address:        Nairobi
address:        Kenya
phone:          tel:+254-020427
nic-hdl:        DA1485-AFRINIC
mnt-by:         MNT-SAF2004
source:         AFRINIC # Filtered

person:         John Muita
address:        P.O Box 66827, 00800
address:        Nairobi
address:        Kenya
address:        Nairobi
address:        Kenya
phone:          tel:+254-722-002829
fax-no:         tel:+254-722-003272
nic-hdl:        JM27-afrinic
mnt-by:         GENERATED-UNS1E7EXFG6F7TJILQ9DMMHDN4Y0VRSV-MNT
source:         AFRINIC # Filtered

% Information related to '197.248.0.0/16AS33771'

route:          197.248.0.0/16
descr:          Safaricom Limited
origin:         AS33771
mnt-by:         MNT-SAF2004
source:         AFRINIC # Filtered

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 197.248.225.253
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27428
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;197.248.225.253.		IN	A

;; AUTHORITY SECTION:
.			30	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2026040600 1800 900 604800 86400

;; Query time: 8 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Apr 06 23:31:20 CST 2026
;; MSG SIZE  rcvd: 108

Host info

253.225.248.197.in-addr.arpa domain name pointer 197-248-225-253.safaricombusiness.co.ke.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
253.225.248.197.in-addr.arpa	name = 197-248-225-253.safaricombusiness.co.ke.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
178.128.218.56	attackspam	Jul 7 23:33:57 ajax sshd[14375]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.218.56 Jul 7 23:33:59 ajax sshd[14375]: Failed password for invalid user patrick from 178.128.218.56 port 47732 ssh2	2020-07-08 06:42:38
95.167.139.66	attackspam	2020-07-07T17:04:30.2904651495-001 sshd[44724]: Invalid user oracle from 95.167.139.66 port 60104 2020-07-07T17:04:32.0228551495-001 sshd[44724]: Failed password for invalid user oracle from 95.167.139.66 port 60104 ssh2 2020-07-07T17:16:47.1435131495-001 sshd[45350]: Invalid user greg from 95.167.139.66 port 59256 2020-07-07T17:16:47.1466461495-001 sshd[45350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.167.139.66 2020-07-07T17:16:47.1435131495-001 sshd[45350]: Invalid user greg from 95.167.139.66 port 59256 2020-07-07T17:16:48.7204151495-001 sshd[45350]: Failed password for invalid user greg from 95.167.139.66 port 59256 ssh2 ...	2020-07-08 06:40:06
190.146.184.215	attack	$f2bV_matches	2020-07-08 06:20:13
185.143.72.23	attackbots	2020-07-07T16:47:18.631174linuxbox-skyline auth[700546]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=ipplan rhost=185.143.72.23 ...	2020-07-08 06:47:36
123.21.98.12	attackbots	Jul 7 22:12:41 pve1 sshd[15993]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.21.98.12 Jul 7 22:12:43 pve1 sshd[15993]: Failed password for invalid user admin from 123.21.98.12 port 50455 ssh2 ...	2020-07-08 06:39:25
101.206.254.130	attackbots	07/07/2020-16:12:41.789829 101.206.254.130 Protocol: 6 ET SCAN Suspicious inbound to MSSQL port 1433	2020-07-08 06:42:19
121.162.60.159	attackbotsspam	SSH Invalid Login	2020-07-08 06:55:38
178.128.89.86	attackbotsspam	SSH Bruteforce attack	2020-07-08 06:51:53
31.11.130.208	attackbots	php WP PHPmyadamin ABUSE blocked for 12h	2020-07-08 06:22:35
80.30.209.57	attackbots	Total attacks: 2	2020-07-08 06:39:43
52.250.23.70	attackbots	Wordpress 2 failed login attempts (1 lockout(s)) from IP: 52.250.23.70 Last user attempted: admin IP was blocked for 61 minutes	2020-07-08 06:26:37
46.38.148.18	attack	Jul 8 00:41:08 srv01 postfix/smtpd\[3637\]: warning: unknown\[46.38.148.18\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 8 00:41:34 srv01 postfix/smtpd\[30966\]: warning: unknown\[46.38.148.18\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 8 00:42:01 srv01 postfix/smtpd\[30966\]: warning: unknown\[46.38.148.18\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 8 00:42:27 srv01 postfix/smtpd\[6619\]: warning: unknown\[46.38.148.18\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 8 00:42:54 srv01 postfix/smtpd\[6311\]: warning: unknown\[46.38.148.18\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-07-08 06:50:34
134.122.76.222	attackbots	Jul 7 22:12:53 sso sshd[15865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.76.222 Jul 7 22:12:55 sso sshd[15865]: Failed password for invalid user rose from 134.122.76.222 port 57728 ssh2 ...	2020-07-08 06:29:37
222.186.42.155	attackbots	Jul 8 00:16:33 vpn01 sshd[13816]: Failed password for root from 222.186.42.155 port 24905 ssh2 Jul 8 00:16:36 vpn01 sshd[13816]: Failed password for root from 222.186.42.155 port 24905 ssh2 ...	2020-07-08 06:23:09
105.247.169.226	attackspambots	Automatic report - Port Scan Attack	2020-07-08 06:45:22

Recently Reported IPs

2606:4700:10::6816:1317	2606:4700:10::6814:7736	2606:4700:10::6816:1601	2606:4700:10::6814:5582
2606:4700:10::6814:7550	2606:4700:10::6816:4383	2606:4700:10::6816:1165	2606:4700:10::6816:2781
2606:4700:10::6816:4801	22.170.43.186	66.132.195.53	69.120.159.202
151.164.187.70	39.113.50.10	64.89.160.82	66.132.172.204
114.145.110.193	0.0.0.155	2606:4700:10::6814:5092	2606:4700:10::6816:4406