201.48.170.252

Basic Info

City: unknown

Region: unknown

Country: Brazil

Internet Service Provider: Algar Telecom S/A

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	Invalid user vps from 201.48.170.252 port 39644	2020-02-20 09:44:50
attackbots	Feb 18 12:51:29 firewall sshd[29503]: Invalid user www from 201.48.170.252 Feb 18 12:51:32 firewall sshd[29503]: Failed password for invalid user www from 201.48.170.252 port 33316 ssh2 Feb 18 12:55:13 firewall sshd[29684]: Invalid user sdtdserver from 201.48.170.252 ...	2020-02-19 00:49:38
attack	Feb 14 19:25:42 firewall sshd[22382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252 Feb 14 19:25:42 firewall sshd[22382]: Invalid user zabbix from 201.48.170.252 Feb 14 19:25:44 firewall sshd[22382]: Failed password for invalid user zabbix from 201.48.170.252 port 51278 ssh2 ...	2020-02-15 06:47:48
attack	Feb 14 20:12:43 gw1 sshd[12800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252 Feb 14 20:12:45 gw1 sshd[12800]: Failed password for invalid user garry from 201.48.170.252 port 53822 ssh2 ...	2020-02-14 23:15:32
attackbotsspam	Jan 10 08:47:38 ourumov-web sshd\[11686\]: Invalid user geraldo from 201.48.170.252 port 52698 Jan 10 08:47:38 ourumov-web sshd\[11686\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252 Jan 10 08:47:40 ourumov-web sshd\[11686\]: Failed password for invalid user geraldo from 201.48.170.252 port 52698 ssh2 ...	2020-01-10 17:25:29
attack	Jan 2 10:36:24 * sshd[14271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252 Jan 2 10:36:26 * sshd[14271]: Failed password for invalid user server from 201.48.170.252 port 60078 ssh2	2020-01-02 18:45:36
attackspambots	Jan 1 16:43:23 dev0-dcde-rnet sshd[15106]: Failed password for root from 201.48.170.252 port 34766 ssh2 Jan 1 16:46:49 dev0-dcde-rnet sshd[15295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252 Jan 1 16:46:51 dev0-dcde-rnet sshd[15295]: Failed password for invalid user loosse from 201.48.170.252 port 60212 ssh2	2020-01-01 23:59:36
attack	21 attempts against mh-ssh on echoip.magehost.pro	2019-12-27 03:29:31
attackbots	2019-12-25T06:26:39.486166abusebot-3.cloudsearch.cf sshd[29456]: Invalid user squid from 201.48.170.252 port 41578 2019-12-25T06:26:39.493653abusebot-3.cloudsearch.cf sshd[29456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252 2019-12-25T06:26:39.486166abusebot-3.cloudsearch.cf sshd[29456]: Invalid user squid from 201.48.170.252 port 41578 2019-12-25T06:26:41.783623abusebot-3.cloudsearch.cf sshd[29456]: Failed password for invalid user squid from 201.48.170.252 port 41578 ssh2 2019-12-25T06:30:02.875094abusebot-3.cloudsearch.cf sshd[29462]: Invalid user guest from 201.48.170.252 port 41868 2019-12-25T06:30:02.881216abusebot-3.cloudsearch.cf sshd[29462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252 2019-12-25T06:30:02.875094abusebot-3.cloudsearch.cf sshd[29462]: Invalid user guest from 201.48.170.252 port 41868 2019-12-25T06:30:04.704692abusebot-3.cloudsearch.cf sshd[29462]: ...	2019-12-25 14:41:44
attack	Dec 22 13:49:48 vibhu-HP-Z238-Microtower-Workstation sshd\[23015\]: Invalid user linkidc_test from 201.48.170.252 Dec 22 13:49:48 vibhu-HP-Z238-Microtower-Workstation sshd\[23015\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252 Dec 22 13:49:50 vibhu-HP-Z238-Microtower-Workstation sshd\[23015\]: Failed password for invalid user linkidc_test from 201.48.170.252 port 40200 ssh2 Dec 22 13:56:21 vibhu-HP-Z238-Microtower-Workstation sshd\[23353\]: Invalid user pass from 201.48.170.252 Dec 22 13:56:21 vibhu-HP-Z238-Microtower-Workstation sshd\[23353\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252 ...	2019-12-22 16:30:10
attackbotsspam	Dec 22 01:37:10 pkdns2 sshd\[23445\]: Address 201.48.170.252 maps to gp4telecom.com.br, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!Dec 22 01:37:10 pkdns2 sshd\[23445\]: Invalid user zyromski from 201.48.170.252Dec 22 01:37:11 pkdns2 sshd\[23445\]: Failed password for invalid user zyromski from 201.48.170.252 port 38482 ssh2Dec 22 01:43:31 pkdns2 sshd\[23748\]: Address 201.48.170.252 maps to gp4telecom.com.br, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!Dec 22 01:43:31 pkdns2 sshd\[23748\]: Invalid user karlludwig from 201.48.170.252Dec 22 01:43:34 pkdns2 sshd\[23748\]: Failed password for invalid user karlludwig from 201.48.170.252 port 42940 ssh2 ...	2019-12-22 09:11:20
attackspam	<6 unauthorized SSH connections	2019-12-21 16:21:39
attackbots	Lines containing failures of 201.48.170.252 (max 1000) Dec 19 20:48:12 localhost sshd[9706]: Invalid user shante from 201.48.170.252 port 34376 Dec 19 20:48:12 localhost sshd[9706]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252 Dec 19 20:48:13 localhost sshd[9706]: Failed password for invalid user shante from 201.48.170.252 port 34376 ssh2 Dec 19 20:48:15 localhost sshd[9706]: Received disconnect from 201.48.170.252 port 34376:11: Bye Bye [preauth] Dec 19 20:48:15 localhost sshd[9706]: Disconnected from invalid user shante 201.48.170.252 port 34376 [preauth] Dec 19 20:55:30 localhost sshd[11514]: Invalid user rpm from 201.48.170.252 port 50750 Dec 19 20:55:30 localhost sshd[11514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.48.170.252 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=201.48.170.252	2019-12-21 05:58:25

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 201.48.170.252
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64612
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;201.48.170.252.			IN	A

;; AUTHORITY SECTION:
.			511	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019122002 1800 900 604800 86400

;; Query time: 53 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Dec 21 05:58:22 CST 2019
;; MSG SIZE  rcvd: 118

Host info

252.170.48.201.in-addr.arpa domain name pointer gp4telecom.com.br.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
252.170.48.201.in-addr.arpa	name = gp4telecom.com.br.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
1.194.52.239	attackspam	Aug 6 09:43:04 myvps sshd[32654]: Failed password for root from 1.194.52.239 port 39708 ssh2 Aug 6 10:01:39 myvps sshd[18431]: Failed password for root from 1.194.52.239 port 34764 ssh2 ...	2020-08-06 16:39:10
195.224.82.202	attackspambots	Unauthorized connection attempt detected from IP address 195.224.82.202 to port 23	2020-08-06 16:51:28
104.236.75.62	attackbots	104.236.75.62 - - [06/Aug/2020:09:33:14 +0100] "POST /wp-login.php HTTP/1.1" 200 1875 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.236.75.62 - - [06/Aug/2020:09:33:15 +0100] "POST /wp-login.php HTTP/1.1" 200 1875 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.236.75.62 - - [06/Aug/2020:09:33:15 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-06 16:37:05
222.186.42.57	attack	Aug 6 10:12:52 piServer sshd[19566]: Failed password for root from 222.186.42.57 port 38104 ssh2 Aug 6 10:12:56 piServer sshd[19566]: Failed password for root from 222.186.42.57 port 38104 ssh2 Aug 6 10:12:59 piServer sshd[19566]: Failed password for root from 222.186.42.57 port 38104 ssh2 ...	2020-08-06 16:15:44
117.239.209.24	attackbots	SSH auth scanning - multiple failed logins	2020-08-06 16:42:09
114.67.102.54	attack	Aug 5 20:10:35 wbs sshd\[9219\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.102.54 user=root Aug 5 20:10:36 wbs sshd\[9219\]: Failed password for root from 114.67.102.54 port 56598 ssh2 Aug 5 20:15:31 wbs sshd\[9533\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.102.54 user=root Aug 5 20:15:33 wbs sshd\[9533\]: Failed password for root from 114.67.102.54 port 59368 ssh2 Aug 5 20:20:35 wbs sshd\[9886\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.102.54 user=root	2020-08-06 16:52:00
178.62.9.122	attackbotsspam	178.62.9.122 - - [06/Aug/2020:07:53:36 +0200] "POST /xmlrpc.php HTTP/1.1" 403 31 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 178.62.9.122 - - [06/Aug/2020:08:05:03 +0200] "POST /xmlrpc.php HTTP/1.1" 403 10519 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-06 16:44:22
195.117.67.170	attack	Attempted Brute Force (dovecot)	2020-08-06 16:37:55
218.92.0.185	attack	$f2bV_matches	2020-08-06 16:49:50
106.212.145.220	attackspam	Wordpress attack	2020-08-06 16:45:31
210.126.1.35	attackspambots	Aug 6 07:19:57 hidden sshd[57841]: Failed password for hidden from 210.126.1.35 port 49336 ssh2 Aug 6 07:22:25 hidden sshd[58818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.126.1.35 user=root Aug 6 07:22:27 hidden sshd[58818]: Failed password for hidden from 210.126.1.35 port 58640 ssh2	2020-08-06 16:19:31
186.210.157.47	attack	[06/Aug/2020 08:07:49] Failed SMTP login from 186.210.157.47 whostnameh SASL method CRAM-MD5. [06/Aug/2020 x@x [06/Aug/2020 08:07:55] Failed SMTP login from 186.210.157.47 whostnameh SASL method PLAIN. ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=186.210.157.47	2020-08-06 16:50:35
180.126.185.211	attack	Aug 6 01:11:44 cumulus sshd[29762]: Bad protocol version identification '' from 180.126.185.211 port 46386 Aug 6 01:11:49 cumulus sshd[29773]: Invalid user misp from 180.126.185.211 port 47113 Aug 6 01:11:50 cumulus sshd[29773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.126.185.211 Aug 6 01:11:51 cumulus sshd[29773]: Failed password for invalid user misp from 180.126.185.211 port 47113 ssh2 Aug 6 01:11:54 cumulus sshd[29773]: Connection closed by 180.126.185.211 port 47113 [preauth] Aug 6 01:12:01 cumulus sshd[29786]: Invalid user osbash from 180.126.185.211 port 51864 Aug 6 01:12:02 cumulus sshd[29786]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.126.185.211 Aug 6 01:12:03 cumulus sshd[29786]: Failed password for invalid user osbash from 180.126.185.211 port 51864 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=180.126.185.211	2020-08-06 16:55:10
46.98.248.210	attackbots	Aug 6 03:19:04 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=46.98.248.210 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=48920 PROTO=TCP SPT=52494 DPT=7612 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 6 06:30:52 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=46.98.248.210 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=36499 PROTO=TCP SPT=52494 DPT=7698 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 6 06:34:38 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=46.98.248.210 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=55698 PROTO=TCP SPT=52494 DPT=7656 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 6 07:11:38 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=46.98.248.210 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=40256 PROTO=TCP SPT=52494 DPT=7624 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 6 07:22:00 hidden kernel: ...	2020-08-06 16:41:20
118.89.116.13	attackbots	Aug 6 09:03:13 minden010 sshd[26434]: Failed password for root from 118.89.116.13 port 48574 ssh2 Aug 6 09:07:46 minden010 sshd[26949]: Failed password for root from 118.89.116.13 port 40800 ssh2 ...	2020-08-06 16:52:45

Recently Reported IPs

40.92.19.47	114.67.80.209	159.138.149.107	85.203.22.219
111.95.5.23	87.120.37.79	40.92.74.79	101.227.214.80
191.241.71.34	123.26.139.68	187.178.24.166	118.216.251.81
51.38.234.80	168.61.221.133	43.240.117.49	36.66.233.58
222.162.69.232	213.153.167.24	5.215.173.139	201.187.80.146