Must be a valid IPv4 or IPv6 ip address, e.g. 127.0.0.1 or 2001:DB8:0:0:8:800:200C:417A
Basic Info

City: unknown

Region: unknown

Country: Brazil

Internet Service Provider: Algar Telecom S/A

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:
Type Details Datetime
attackspambots
Invalid user vps from 201.48.170.252 port 39644
2020-02-20 09:44:50
attackbots
Feb 18 12:51:29 firewall sshd[29503]: Invalid user www from 201.48.170.252
Feb 18 12:51:32 firewall sshd[29503]: Failed password for invalid user www from 201.48.170.252 port 33316 ssh2
Feb 18 12:55:13 firewall sshd[29684]: Invalid user sdtdserver from 201.48.170.252
...
2020-02-19 00:49:38
attack
Feb 14 19:25:42 firewall sshd[22382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252
Feb 14 19:25:42 firewall sshd[22382]: Invalid user zabbix from 201.48.170.252
Feb 14 19:25:44 firewall sshd[22382]: Failed password for invalid user zabbix from 201.48.170.252 port 51278 ssh2
...
2020-02-15 06:47:48
attack
Feb 14 20:12:43 gw1 sshd[12800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252
Feb 14 20:12:45 gw1 sshd[12800]: Failed password for invalid user garry from 201.48.170.252 port 53822 ssh2
...
2020-02-14 23:15:32
attackbotsspam
Jan 10 08:47:38 ourumov-web sshd\[11686\]: Invalid user geraldo from 201.48.170.252 port 52698
Jan 10 08:47:38 ourumov-web sshd\[11686\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252
Jan 10 08:47:40 ourumov-web sshd\[11686\]: Failed password for invalid user geraldo from 201.48.170.252 port 52698 ssh2
...
2020-01-10 17:25:29
attack
Jan  2 10:36:24 * sshd[14271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252
Jan  2 10:36:26 * sshd[14271]: Failed password for invalid user server from 201.48.170.252 port 60078 ssh2
2020-01-02 18:45:36
attackspambots
Jan  1 16:43:23 dev0-dcde-rnet sshd[15106]: Failed password for root from 201.48.170.252 port 34766 ssh2
Jan  1 16:46:49 dev0-dcde-rnet sshd[15295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252
Jan  1 16:46:51 dev0-dcde-rnet sshd[15295]: Failed password for invalid user loosse from 201.48.170.252 port 60212 ssh2
2020-01-01 23:59:36
attack
21 attempts against mh-ssh on echoip.magehost.pro
2019-12-27 03:29:31
attackbots
2019-12-25T06:26:39.486166abusebot-3.cloudsearch.cf sshd[29456]: Invalid user squid from 201.48.170.252 port 41578
2019-12-25T06:26:39.493653abusebot-3.cloudsearch.cf sshd[29456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252
2019-12-25T06:26:39.486166abusebot-3.cloudsearch.cf sshd[29456]: Invalid user squid from 201.48.170.252 port 41578
2019-12-25T06:26:41.783623abusebot-3.cloudsearch.cf sshd[29456]: Failed password for invalid user squid from 201.48.170.252 port 41578 ssh2
2019-12-25T06:30:02.875094abusebot-3.cloudsearch.cf sshd[29462]: Invalid user guest from 201.48.170.252 port 41868
2019-12-25T06:30:02.881216abusebot-3.cloudsearch.cf sshd[29462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252
2019-12-25T06:30:02.875094abusebot-3.cloudsearch.cf sshd[29462]: Invalid user guest from 201.48.170.252 port 41868
2019-12-25T06:30:04.704692abusebot-3.cloudsearch.cf sshd[29462]:
...
2019-12-25 14:41:44
attack
Dec 22 13:49:48 vibhu-HP-Z238-Microtower-Workstation sshd\[23015\]: Invalid user linkidc_test from 201.48.170.252
Dec 22 13:49:48 vibhu-HP-Z238-Microtower-Workstation sshd\[23015\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252
Dec 22 13:49:50 vibhu-HP-Z238-Microtower-Workstation sshd\[23015\]: Failed password for invalid user linkidc_test from 201.48.170.252 port 40200 ssh2
Dec 22 13:56:21 vibhu-HP-Z238-Microtower-Workstation sshd\[23353\]: Invalid user pass from 201.48.170.252
Dec 22 13:56:21 vibhu-HP-Z238-Microtower-Workstation sshd\[23353\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252
...
2019-12-22 16:30:10
attackbotsspam
Dec 22 01:37:10 pkdns2 sshd\[23445\]: Address 201.48.170.252 maps to gp4telecom.com.br, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!Dec 22 01:37:10 pkdns2 sshd\[23445\]: Invalid user zyromski from 201.48.170.252Dec 22 01:37:11 pkdns2 sshd\[23445\]: Failed password for invalid user zyromski from 201.48.170.252 port 38482 ssh2Dec 22 01:43:31 pkdns2 sshd\[23748\]: Address 201.48.170.252 maps to gp4telecom.com.br, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!Dec 22 01:43:31 pkdns2 sshd\[23748\]: Invalid user karlludwig from 201.48.170.252Dec 22 01:43:34 pkdns2 sshd\[23748\]: Failed password for invalid user karlludwig from 201.48.170.252 port 42940 ssh2
...
2019-12-22 09:11:20
attackspam
<6 unauthorized SSH connections
2019-12-21 16:21:39
attackbots
Lines containing failures of 201.48.170.252 (max 1000)
Dec 19 20:48:12 localhost sshd[9706]: Invalid user shante from 201.48.170.252 port 34376
Dec 19 20:48:12 localhost sshd[9706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252 
Dec 19 20:48:13 localhost sshd[9706]: Failed password for invalid user shante from 201.48.170.252 port 34376 ssh2
Dec 19 20:48:15 localhost sshd[9706]: Received disconnect from 201.48.170.252 port 34376:11: Bye Bye [preauth]
Dec 19 20:48:15 localhost sshd[9706]: Disconnected from invalid user shante 201.48.170.252 port 34376 [preauth]
Dec 19 20:55:30 localhost sshd[11514]: Invalid user rpm from 201.48.170.252 port 50750
Dec 19 20:55:30 localhost sshd[11514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252 


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=201.48.170.252
2019-12-21 05:58:25
Comments on same subnet:
No discussion about this subnet yet..
Whois info:
b
Dig info:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 201.48.170.252
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64612
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;201.48.170.252.			IN	A

;; AUTHORITY SECTION:
.			511	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019122002 1800 900 604800 86400

;; Query time: 53 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Dec 21 05:58:22 CST 2019
;; MSG SIZE  rcvd: 118
Host info
252.170.48.201.in-addr.arpa domain name pointer gp4telecom.com.br.
Nslookup info:
Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
252.170.48.201.in-addr.arpa	name = gp4telecom.com.br.

Authoritative answers can be found from:
Related IP info:
Related comments:
IP Type Details Datetime
1.194.52.239 attackspam
Aug  6 09:43:04 myvps sshd[32654]: Failed password for root from 1.194.52.239 port 39708 ssh2
Aug  6 10:01:39 myvps sshd[18431]: Failed password for root from 1.194.52.239 port 34764 ssh2
...
2020-08-06 16:39:10
195.224.82.202 attackspambots
Unauthorized connection attempt detected from IP address 195.224.82.202 to port 23
2020-08-06 16:51:28
104.236.75.62 attackbots
104.236.75.62 - - [06/Aug/2020:09:33:14 +0100] "POST /wp-login.php HTTP/1.1" 200 1875 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
104.236.75.62 - - [06/Aug/2020:09:33:15 +0100] "POST /wp-login.php HTTP/1.1" 200 1875 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
104.236.75.62 - - [06/Aug/2020:09:33:15 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...
2020-08-06 16:37:05
222.186.42.57 attack
Aug  6 10:12:52 piServer sshd[19566]: Failed password for root from 222.186.42.57 port 38104 ssh2
Aug  6 10:12:56 piServer sshd[19566]: Failed password for root from 222.186.42.57 port 38104 ssh2
Aug  6 10:12:59 piServer sshd[19566]: Failed password for root from 222.186.42.57 port 38104 ssh2
...
2020-08-06 16:15:44
117.239.209.24 attackbots
SSH auth scanning - multiple failed logins
2020-08-06 16:42:09
114.67.102.54 attack
Aug  5 20:10:35 wbs sshd\[9219\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.102.54  user=root
Aug  5 20:10:36 wbs sshd\[9219\]: Failed password for root from 114.67.102.54 port 56598 ssh2
Aug  5 20:15:31 wbs sshd\[9533\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.102.54  user=root
Aug  5 20:15:33 wbs sshd\[9533\]: Failed password for root from 114.67.102.54 port 59368 ssh2
Aug  5 20:20:35 wbs sshd\[9886\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.102.54  user=root
2020-08-06 16:52:00
178.62.9.122 attackbotsspam
178.62.9.122 - - [06/Aug/2020:07:53:36 +0200] "POST /xmlrpc.php HTTP/1.1" 403 31 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
178.62.9.122 - - [06/Aug/2020:08:05:03 +0200] "POST /xmlrpc.php HTTP/1.1" 403 10519 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...
2020-08-06 16:44:22
195.117.67.170 attack
Attempted Brute Force (dovecot)
2020-08-06 16:37:55
218.92.0.185 attack
$f2bV_matches
2020-08-06 16:49:50
106.212.145.220 attackspam
Wordpress attack
2020-08-06 16:45:31
210.126.1.35 attackspambots
Aug 6 07:19:57 *hidden* sshd[57841]: Failed password for *hidden* from 210.126.1.35 port 49336 ssh2 Aug 6 07:22:25 *hidden* sshd[58818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.126.1.35 user=root Aug 6 07:22:27 *hidden* sshd[58818]: Failed password for *hidden* from 210.126.1.35 port 58640 ssh2
2020-08-06 16:19:31
186.210.157.47 attack
[06/Aug/2020 08:07:49] Failed SMTP login from 186.210.157.47 whostnameh SASL method CRAM-MD5.
[06/Aug/2020 x@x
[06/Aug/2020 08:07:55] Failed SMTP login from 186.210.157.47 whostnameh SASL method PLAIN.


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=186.210.157.47
2020-08-06 16:50:35
180.126.185.211 attack
Aug  6 01:11:44 cumulus sshd[29762]: Bad protocol version identification '' from 180.126.185.211 port 46386
Aug  6 01:11:49 cumulus sshd[29773]: Invalid user misp from 180.126.185.211 port 47113
Aug  6 01:11:50 cumulus sshd[29773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.126.185.211
Aug  6 01:11:51 cumulus sshd[29773]: Failed password for invalid user misp from 180.126.185.211 port 47113 ssh2
Aug  6 01:11:54 cumulus sshd[29773]: Connection closed by 180.126.185.211 port 47113 [preauth]
Aug  6 01:12:01 cumulus sshd[29786]: Invalid user osbash from 180.126.185.211 port 51864
Aug  6 01:12:02 cumulus sshd[29786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.126.185.211
Aug  6 01:12:03 cumulus sshd[29786]: Failed password for invalid user osbash from 180.126.185.211 port 51864 ssh2


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=180.126.185.211
2020-08-06 16:55:10
46.98.248.210 attackbots
Aug 6 03:19:04 *hidden* kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=46.98.248.210 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=48920 PROTO=TCP SPT=52494 DPT=7612 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 6 06:30:52 *hidden* kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=46.98.248.210 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=36499 PROTO=TCP SPT=52494 DPT=7698 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 6 06:34:38 *hidden* kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=46.98.248.210 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=55698 PROTO=TCP SPT=52494 DPT=7656 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 6 07:11:38 *hidden* kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=46.98.248.210 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=40256 PROTO=TCP SPT=52494 DPT=7624 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 6 07:22:00 *hidden* kernel: 
...
2020-08-06 16:41:20
118.89.116.13 attackbots
Aug  6 09:03:13 minden010 sshd[26434]: Failed password for root from 118.89.116.13 port 48574 ssh2
Aug  6 09:07:46 minden010 sshd[26949]: Failed password for root from 118.89.116.13 port 40800 ssh2
...
2020-08-06 16:52:45

Recently Reported IPs

40.92.19.47 114.67.80.209 159.138.149.107 85.203.22.219
111.95.5.23 87.120.37.79 40.92.74.79 101.227.214.80
191.241.71.34 123.26.139.68 187.178.24.166 118.216.251.81
51.38.234.80 168.61.221.133 43.240.117.49 36.66.233.58
222.162.69.232 213.153.167.24 5.215.173.139 201.187.80.146