197.248.52.46 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Kenya

Internet Service Provider: Safaricom Limited

Hostname: unknown

Organization: Safaricom

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Attempted connection to port 23.	2020-09-08 04:10:12
attack	Attempted connection to port 23.	2020-09-07 19:46:23

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 197.248.52.46
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55936
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;197.248.52.46.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019073001 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Jul 31 01:28:52 CST 2019
;; MSG SIZE  rcvd: 117

Host info

46.52.248.197.in-addr.arpa domain name pointer 197-248-52-46.safaricombusiness.co.ke.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
46.52.248.197.in-addr.arpa	name = 197-248-52-46.safaricombusiness.co.ke.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
52.56.183.140	attack	www.geburtshaus-fulda.de 52.56.183.140 \[19/Nov/2019:05:57:09 +0100\] "POST /wp-login.php HTTP/1.1" 200 6383 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" www.geburtshaus-fulda.de 52.56.183.140 \[19/Nov/2019:05:57:09 +0100\] "POST /wp-login.php HTTP/1.1" 200 6387 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" www.geburtshaus-fulda.de 52.56.183.140 \[19/Nov/2019:05:57:09 +0100\] "POST /xmlrpc.php HTTP/1.1" 200 4107 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-11-19 14:22:32
211.252.17.254	attackbotsspam	Invalid user madison from 211.252.17.254 port 58134	2019-11-19 14:11:40
112.85.42.229	attack	2019-11-19 14:36:59,856 fail2ban.filter [1117]: INFO [sshd] Found 112.85.42.229 2019-11-19 14:37:01,355 fail2ban.filter [1117]: INFO [sshd] Found 112.85.42.229 2019-11-19 14:37:02,259 fail2ban.actions [1117]: NOTICE [sshd] 112.85.42.229 already banned	2019-11-19 14:41:32
222.186.180.6	attackspam	pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.180.6 user=root Failed password for root from 222.186.180.6 port 54658 ssh2 Failed password for root from 222.186.180.6 port 54658 ssh2 Failed password for root from 222.186.180.6 port 54658 ssh2 Failed password for root from 222.186.180.6 port 54658 ssh2	2019-11-19 14:01:42
103.229.126.206	attack	SSH/22 MH Probe, BF, Hack -	2019-11-19 14:04:24
108.172.209.71	attackbotsspam	Automated report (2019-11-19T04:57:28+00:00). Non-escaped characters in POST detected (bot indicator).	2019-11-19 14:12:32
142.93.116.168	attack	2019-11-19T06:03:17.150346abusebot-7.cloudsearch.cf sshd\[20491\]: Invalid user identd from 142.93.116.168 port 58574 2019-11-19T06:03:17.154699abusebot-7.cloudsearch.cf sshd\[20491\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.116.168	2019-11-19 14:12:44
179.183.209.154	attack	Nov 18 19:59:49 web9 sshd\[25040\]: Invalid user ts from 179.183.209.154 Nov 18 19:59:49 web9 sshd\[25040\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.183.209.154 Nov 18 19:59:51 web9 sshd\[25040\]: Failed password for invalid user ts from 179.183.209.154 port 42558 ssh2 Nov 18 20:05:28 web9 sshd\[25797\]: Invalid user guest from 179.183.209.154 Nov 18 20:05:28 web9 sshd\[25797\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.183.209.154	2019-11-19 14:19:26
183.130.23.2	attackspam	Automatic report - Port Scan Attack	2019-11-19 14:22:09
106.13.148.44	attackbotsspam	Nov 19 06:50:37 meumeu sshd[28190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.148.44 Nov 19 06:50:40 meumeu sshd[28190]: Failed password for invalid user anabal from 106.13.148.44 port 55922 ssh2 Nov 19 06:55:20 meumeu sshd[28897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.148.44 ...	2019-11-19 14:07:55
132.145.193.203	attack	Attempts to probe for or exploit a Drupal 7.67 site on url: /phpmyadmin/scripts/setup.php. Reported by the module https://www.drupal.org/project/abuseipdb.	2019-11-19 14:20:08
37.187.131.203	attackbots	Nov 18 19:51:18 web1 sshd\[11537\]: Invalid user trevithick from 37.187.131.203 Nov 18 19:51:18 web1 sshd\[11537\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.187.131.203 Nov 18 19:51:20 web1 sshd\[11537\]: Failed password for invalid user trevithick from 37.187.131.203 port 40568 ssh2 Nov 18 19:54:48 web1 sshd\[11834\]: Invalid user mayes from 37.187.131.203 Nov 18 19:54:48 web1 sshd\[11834\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.187.131.203	2019-11-19 14:20:38
106.38.76.156	attackbots	Nov 19 07:48:07 server sshd\[22977\]: Invalid user thormod from 106.38.76.156 Nov 19 07:48:07 server sshd\[22977\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.38.76.156 Nov 19 07:48:09 server sshd\[22977\]: Failed password for invalid user thormod from 106.38.76.156 port 48196 ssh2 Nov 19 07:57:20 server sshd\[25255\]: Invalid user gel from 106.38.76.156 Nov 19 07:57:20 server sshd\[25255\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.38.76.156 ...	2019-11-19 14:16:32
101.255.115.41	attack	Unauthorised access (Nov 19) SRC=101.255.115.41 LEN=52 TTL=112 ID=23311 DF TCP DPT=445 WINDOW=8192 SYN Unauthorised access (Nov 19) SRC=101.255.115.41 LEN=52 TTL=112 ID=23440 DF TCP DPT=445 WINDOW=8192 SYN	2019-11-19 14:02:40
23.96.113.95	attack	Nov 19 07:47:28 server sshd\[22871\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.96.113.95 user=root Nov 19 07:47:31 server sshd\[22871\]: Failed password for root from 23.96.113.95 port 36880 ssh2 Nov 19 07:54:01 server sshd\[24315\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.96.113.95 user=root Nov 19 07:54:02 server sshd\[24315\]: Failed password for root from 23.96.113.95 port 42199 ssh2 Nov 19 07:57:50 server sshd\[25341\]: Invalid user host from 23.96.113.95 Nov 19 07:57:50 server sshd\[25341\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.96.113.95 ...	2019-11-19 13:57:08

Recently Reported IPs

70.247.198.247	2600:1015:b159:d9:11cf:ed52:3d5b:e23	197.185.79.8	49.69.152.54
118.96.233.218	5.137.43.27	5.79.16.40	70.46.214.189
53.144.126.192	189.210.165.1	41.226.248.106	197.124.156.7
202.40.177.6	89.14.13.158	184.193.107.205	92.87.16.249
14.169.40.92	134.167.67.103	202.6.100.26	87.147.81.142