20.52.41.48 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Germany

Internet Service Provider: Microsoft Corporation

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	"INDICATOR-COMPROMISE PHP backdoor communication attempt"	2020-08-01 23:55:09

Comments on same subnet:

IP	Type	Details	Datetime
20.52.41.92	attackbots	Did not receive identification string	2020-07-10 15:14:41
20.52.41.92	attackbotsspam	Unauthorized connection attempt detected from IP address 20.52.41.92 to port 22	2020-07-09 12:58:43

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 20.52.41.48
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43509
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;20.52.41.48.			IN	A

;; AUTHORITY SECTION:
.			217	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020080100 1800 900 604800 86400

;; Query time: 75 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Aug 01 23:55:03 CST 2020
;; MSG SIZE  rcvd: 115

Host info

Host 48.41.52.20.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 48.41.52.20.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
171.6.201.83	attackspambots	Oct 1 01:13:20 shadeyouvpn sshd[24797]: reveeclipse mapping checking getaddrinfo for mx-ll-171.6.201-83.dynamic.3bb.in.th [171.6.201.83] failed - POSSIBLE BREAK-IN ATTEMPT! Oct 1 01:13:20 shadeyouvpn sshd[24797]: Invalid user applcld from 171.6.201.83 Oct 1 01:13:20 shadeyouvpn sshd[24797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.6.201.83 Oct 1 01:13:22 shadeyouvpn sshd[24797]: Failed password for invalid user applcld from 171.6.201.83 port 60690 ssh2 Oct 1 01:13:22 shadeyouvpn sshd[24797]: Received disconnect from 171.6.201.83: 11: Bye Bye [preauth] Oct 1 01:17:42 shadeyouvpn sshd[26929]: reveeclipse mapping checking getaddrinfo for mx-ll-171.6.201-83.dynamic.3bb.in.th [171.6.201.83] failed - POSSIBLE BREAK-IN ATTEMPT! Oct 1 01:17:42 shadeyouvpn sshd[26929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.6.201.83 user=admin Oct 1 01:17:44 shadeyouvpn sshd[26929]: ........ -------------------------------	2019-10-02 12:13:35
5.26.250.185	attackbotsspam	Oct 2 08:16:00 webhost01 sshd[10294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.26.250.185 Oct 2 08:16:02 webhost01 sshd[10294]: Failed password for invalid user admin from 5.26.250.185 port 50278 ssh2 ...	2019-10-02 09:22:36
185.176.27.190	attack	Oct 2 02:19:18 h2177944 kernel: \[2851748.675292\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=185.176.27.190 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=45970 PROTO=TCP SPT=59131 DPT=3474 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 2 02:23:42 h2177944 kernel: \[2852012.624267\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=185.176.27.190 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=12618 PROTO=TCP SPT=59131 DPT=3482 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 2 02:55:48 h2177944 kernel: \[2853938.559769\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=185.176.27.190 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=11735 PROTO=TCP SPT=59131 DPT=3380 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 2 03:01:04 h2177944 kernel: \[2854254.051779\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=185.176.27.190 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=45010 PROTO=TCP SPT=59131 DPT=3385 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 2 03:08:55 h2177944 kernel: \[2854725.212446\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=185.176.27.190 DST=85.214.	2019-10-02 09:13:08
183.54.205.116	attackspambots	2019-10-02T04:07:21.139178shield sshd\[14121\]: Invalid user local from 183.54.205.116 port 45788 2019-10-02T04:07:21.143603shield sshd\[14121\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.54.205.116 2019-10-02T04:07:23.947857shield sshd\[14121\]: Failed password for invalid user local from 183.54.205.116 port 45788 ssh2 2019-10-02T04:11:52.862154shield sshd\[14522\]: Invalid user tomcat from 183.54.205.116 port 14441 2019-10-02T04:11:52.866386shield sshd\[14522\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.54.205.116	2019-10-02 12:17:13
128.14.152.45	attack	3389BruteforceFW22	2019-10-02 12:08:35
210.245.52.7	attackbots	Unauthorized connection attempt from IP address 210.245.52.7 on Port 445(SMB)	2019-10-02 09:33:19
118.178.119.198	attackspam	2019-09-30T22:11:30.576709srv.ecualinux.com sshd[24838]: Invalid user plesk from 118.178.119.198 port 53328 2019-09-30T22:11:30.579744srv.ecualinux.com sshd[24838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.178.119.198 2019-09-30T22:11:32.466848srv.ecualinux.com sshd[24838]: Failed password for invalid user plesk from 118.178.119.198 port 53328 ssh2 2019-09-30T22:15:42.193744srv.ecualinux.com sshd[25360]: Invalid user xiuzuan from 118.178.119.198 port 34958 2019-09-30T22:15:42.196467srv.ecualinux.com sshd[25360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.178.119.198 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=118.178.119.198	2019-10-02 12:16:36
85.204.129.123	attackbots	Attempt to attack host OS, exploiting network vulnerabilities, on 01-10-2019 22:00:22.	2019-10-02 09:28:42
189.7.17.61	attackspambots	Port Scan detected from 189.7.17.61 (BR/Brazil/bd07113d.virtua.com.br). 4 hits in the last 255 seconds	2019-10-02 12:03:44
51.68.136.168	attack	Oct 1 13:54:27 tdfoods sshd\[12290\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.szot.win user=games Oct 1 13:54:29 tdfoods sshd\[12290\]: Failed password for games from 51.68.136.168 port 46938 ssh2 Oct 1 13:58:37 tdfoods sshd\[12676\]: Invalid user adlkish from 51.68.136.168 Oct 1 13:58:37 tdfoods sshd\[12676\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=mail.szot.win Oct 1 13:58:39 tdfoods sshd\[12676\]: Failed password for invalid user adlkish from 51.68.136.168 port 60428 ssh2	2019-10-02 09:25:21
197.61.39.156	attack	Chat Spam	2019-10-02 12:22:04
77.81.234.139	attackbotsspam	Oct 2 06:56:10 www sshd\[184498\]: Invalid user yong from 77.81.234.139 Oct 2 06:56:10 www sshd\[184498\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.81.234.139 Oct 2 06:56:12 www sshd\[184498\]: Failed password for invalid user yong from 77.81.234.139 port 48194 ssh2 ...	2019-10-02 12:05:41
118.70.190.188	attack	$f2bV_matches	2019-10-02 12:14:23
200.34.88.37	attackspambots	Oct 1 18:06:44 hpm sshd\[7199\]: Invalid user aker from 200.34.88.37 Oct 1 18:06:44 hpm sshd\[7199\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.34.88.37 Oct 1 18:06:46 hpm sshd\[7199\]: Failed password for invalid user aker from 200.34.88.37 port 37744 ssh2 Oct 1 18:10:44 hpm sshd\[7712\]: Invalid user test from 200.34.88.37 Oct 1 18:10:44 hpm sshd\[7712\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.34.88.37	2019-10-02 12:13:58
102.79.56.78	attackspambots	Attempted to connect 3 times to port 5555 TCP	2019-10-02 09:30:21

Recently Reported IPs

222.116.185.113	132.137.206.25	35.34.48.201	14.38.55.193
142.250.160.183	181.148.175.249	90.212.225.19	185.63.253.130
41.238.65.135	213.22.66.5	45.83.67.26	1.54.34.55
113.188.98.9	103.147.64.36	54.141.34.224	124.133.4.154
174.41.252.37	148.101.43.8	85.169.34.140	118.71.206.66