197.52.239.141

Basic Info

City: unknown

Region: unknown

Country: Egypt

Internet Service Provider: TE Data

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Jul 31 09:59:33 pl3server sshd[3920048]: reveeclipse mapping checking getaddrinfo for host-197.52.239.141.tedata.net [197.52.239.141] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 31 09:59:33 pl3server sshd[3920048]: Invalid user admin from 197.52.239.141 Jul 31 09:59:33 pl3server sshd[3920048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.52.239.141 Jul 31 09:59:35 pl3server sshd[3920048]: Failed password for invalid user admin from 197.52.239.141 port 43537 ssh2 Jul 31 09:59:36 pl3server sshd[3920048]: Connection closed by 197.52.239.141 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=197.52.239.141	2019-07-31 16:46:39

Type

Details

Datetime

attackspam

Jul 31 09:59:33 pl3server sshd[3920048]: reveeclipse mapping checking getaddrinfo for host-197.52.239.141.tedata.net [197.52.239.141] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul 31 09:59:33 pl3server sshd[3920048]: Invalid user admin from 197.52.239.141
Jul 31 09:59:33 pl3server sshd[3920048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.52.239.141
Jul 31 09:59:35 pl3server sshd[3920048]: Failed password for invalid user admin from 197.52.239.141 port 43537 ssh2
Jul 31 09:59:36 pl3server sshd[3920048]: Connection closed by 197.52.239.141 [preauth]


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=197.52.239.141

2019-07-31 16:46:39

Comments on same subnet:

IP	Type	Details	Datetime
197.52.239.243	attack	Jul 4 16:04:41 srv-4 sshd\[30158\]: Invalid user admin from 197.52.239.243 Jul 4 16:04:41 srv-4 sshd\[30158\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.52.239.243 Jul 4 16:04:43 srv-4 sshd\[30158\]: Failed password for invalid user admin from 197.52.239.243 port 46456 ssh2 ...	2019-07-05 04:40:58

Type

Details

Datetime

197.52.239.243

attack

Jul  4 16:04:41 srv-4 sshd\[30158\]: Invalid user admin from 197.52.239.243
Jul  4 16:04:41 srv-4 sshd\[30158\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.52.239.243
Jul  4 16:04:43 srv-4 sshd\[30158\]: Failed password for invalid user admin from 197.52.239.243 port 46456 ssh2
...

2019-07-05 04:40:58

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 197.52.239.141
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64052
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;197.52.239.141.			IN	A

;; AUTHORITY SECTION:
.			1385	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019073100 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Jul 31 16:46:32 CST 2019
;; MSG SIZE  rcvd: 118

Host info

141.239.52.197.in-addr.arpa domain name pointer host-197.52.239.141.tedata.net.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
141.239.52.197.in-addr.arpa	name = host-197.52.239.141.tedata.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
78.128.113.121	attackbotsspam	2019-11-10T15:20:37.119581mail01 postfix/smtpd[24399]: warning: unknown[78.128.113.121]: SASL PLAIN authentication failed: 2019-11-10T15:20:46.021642mail01 postfix/smtpd[24878]: warning: unknown[78.128.113.121]: SASL PLAIN authentication failed: 2019-11-10T15:24:50.157750mail01 postfix/smtpd[21395]: warning: unknown[78.128.113.121]: SASL PLAIN authentication failed:	2019-11-10 22:36:22
173.249.16.234	attackbotsspam	Nov 10 15:15:01 mc1 kernel: \[4681587.271788\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=173.249.16.234 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=13362 PROTO=TCP SPT=61000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 10 15:15:05 mc1 kernel: \[4681590.339439\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=173.249.16.234 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=13362 PROTO=TCP SPT=61000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 10 15:15:08 mc1 kernel: \[4681593.420068\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=173.249.16.234 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=13362 PROTO=TCP SPT=61000 DPT=80 WINDOW=1024 RES=0x00 SYN URGP=0 ...	2019-11-10 22:28:54
165.227.18.169	attackspambots	Nov 10 08:52:00 localhost sshd\[73173\]: Invalid user tina from 165.227.18.169 port 37514 Nov 10 08:52:00 localhost sshd\[73173\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.18.169 Nov 10 08:52:02 localhost sshd\[73173\]: Failed password for invalid user tina from 165.227.18.169 port 37514 ssh2 Nov 10 08:55:55 localhost sshd\[73248\]: Invalid user auction from 165.227.18.169 port 46166 Nov 10 08:55:55 localhost sshd\[73248\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.18.169 ...	2019-11-10 22:41:53
45.143.220.37	attackspam	\[2019-11-10 09:10:49\] NOTICE\[2601\] chan_sip.c: Registration from '682 \' failed for '45.143.220.37:5060' - Wrong password \[2019-11-10 09:10:49\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-10T09:10:49.498-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="682",SessionID="0x7fdf2c003608",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.143.220.37/5060",Challenge="5b52b65d",ReceivedChallenge="5b52b65d",ReceivedHash="1fb9b1cc5074a64420f428d670ed9e9d" \[2019-11-10 09:11:52\] NOTICE\[2601\] chan_sip.c: Registration from '685 \' failed for '45.143.220.37:5060' - Wrong password \[2019-11-10 09:11:52\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-10T09:11:52.474-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="685",SessionID="0x7fdf2c003608",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.143.2	2019-11-10 22:18:36
120.29.82.136	attack	19/11/10@01:21:58: FAIL: Alarm-Intrusion address from=120.29.82.136 ...	2019-11-10 21:59:25
27.109.196.130	attack	SSH/22 MH Probe, BF, Hack -	2019-11-10 22:30:55
212.69.18.4	attackbotsspam	Detected By Fail2ban	2019-11-10 22:23:15
145.239.253.73	attackspam	WEB server attack.	2019-11-10 22:24:17
82.165.138.167	attackbots	Detected By Fail2ban	2019-11-10 22:07:15
190.98.52.139	attackspam	$f2bV_matches	2019-11-10 22:27:50
43.248.8.156	attackspambots	Nov 10 07:21:27 mout sshd[17158]: Did not receive identification string from 43.248.8.156 port 55140	2019-11-10 22:26:45
145.239.74.68	attackspambots	11/05/2019-12:02:25.157604 145.239.74.68 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-11-10 22:24:45
71.183.100.76	attack	SPAM Delivery Attempt	2019-11-10 22:36:40
173.249.28.191	attackbots	WEB Masscan Scanner Activity	2019-11-10 22:38:10
149.56.132.202	attackbotsspam	$f2bV_matches	2019-11-10 22:38:37

Recently Reported IPs

47.94.232.164	3.248.47.222	212.92.115.57	45.137.252.158
185.230.127.229	193.144.61.82	91.207.40.44	119.198.32.121
254.148.178.79	51.136.137.134	107.22.99.115	163.91.198.120
43.48.103.89	8.231.203.245	164.38.75.51	242.246.228.114
238.174.199.146	139.255.246.160	255.6.195.81	156.73.253.207