202.52.248.254

Basic Info

City: Kathmandu

Region: Central Region

Country: Nepal

Internet Service Provider: Mercantile Communications Pvt Ltd

Hostname: unknown

Organization: Mercantile Office Systems

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	spam	2020-03-01 18:30:28
attackbotsspam	postfix	2019-12-02 06:00:23

Comments on same subnet:

IP	Type	Details	Datetime
202.52.248.155	attack	Wordpress attack	2020-05-15 02:39:03

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 202.52.248.254
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3946
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;202.52.248.254.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019080801 1800 900 604800 86400

;; Query time: 14 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Aug 09 02:06:32 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 254.248.52.202.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 254.248.52.202.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
62.65.78.55	attackbots	Aug 15 03:25:59 unicornsoft sshd\[9783\]: Invalid user pi from 62.65.78.55 Aug 15 03:25:59 unicornsoft sshd\[9784\]: Invalid user pi from 62.65.78.55 Aug 15 03:25:59 unicornsoft sshd\[9783\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.65.78.55 Aug 15 03:25:59 unicornsoft sshd\[9784\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.65.78.55	2019-08-15 13:50:46
79.190.119.50	attack	Aug 15 08:10:51 server sshd\[29172\]: Invalid user bong from 79.190.119.50 port 58562 Aug 15 08:10:51 server sshd\[29172\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.190.119.50 Aug 15 08:10:53 server sshd\[29172\]: Failed password for invalid user bong from 79.190.119.50 port 58562 ssh2 Aug 15 08:15:42 server sshd\[25559\]: Invalid user brock from 79.190.119.50 port 50152 Aug 15 08:15:42 server sshd\[25559\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.190.119.50	2019-08-15 14:14:25
136.144.208.240	attackspambots	Aug 15 06:33:36 dedicated sshd[969]: Invalid user legal from 136.144.208.240 port 46286	2019-08-15 13:54:18
122.152.249.147	attack	Port Scan detected from 122.152.249.147 (CN/China/-). 4 hits in the last 151 seconds	2019-08-15 14:11:47
200.52.41.150	attackspam	Automatic report - Port Scan Attack	2019-08-15 14:08:04
69.248.156.144	attack	Aug 14 17:40:08 finn sshd[13075]: Invalid user fang from 69.248.156.144 port 53351 Aug 14 17:40:08 finn sshd[13075]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.248.156.144 Aug 14 17:40:10 finn sshd[13075]: Failed password for invalid user fang from 69.248.156.144 port 53351 ssh2 Aug 14 17:40:10 finn sshd[13075]: Received disconnect from 69.248.156.144 port 53351:11: Bye Bye [preauth] Aug 14 17:40:10 finn sshd[13075]: Disconnected from 69.248.156.144 port 53351 [preauth] Aug 14 18:11:16 finn sshd[19858]: Invalid user botmaster from 69.248.156.144 port 58820 Aug 14 18:11:16 finn sshd[19858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.248.156.144 Aug 14 18:11:18 finn sshd[19858]: Failed password for invalid user botmaster from 69.248.156.144 port 58820 ssh2 Aug 14 18:11:18 finn sshd[19858]: Received disconnect from 69.248.156.144 port 58820:11: Bye Bye [preauth] Aug 14 18:11:18 ........ -------------------------------	2019-08-15 14:28:36
178.62.124.217	attackbotsspam	Aug 15 07:07:53 vpn01 sshd\[10422\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.124.217 user=root Aug 15 07:07:55 vpn01 sshd\[10422\]: Failed password for root from 178.62.124.217 port 41352 ssh2 Aug 15 07:12:45 vpn01 sshd\[10439\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.62.124.217 user=root	2019-08-15 14:37:03
198.108.67.81	attack	firewall-block, port(s): 5555/tcp	2019-08-15 13:53:39
115.88.201.58	attack	Aug 15 02:51:31 lnxweb61 sshd[3472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.88.201.58	2019-08-15 14:00:07
123.148.240.196	attack	REQUESTED PAGE: /wp-login.php	2019-08-15 14:19:31
14.231.182.159	attack	Aug 15 01:14:33 server378 sshd[1389908]: Address 14.231.182.159 maps to static.vnpt.vn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Aug 15 01:14:33 server378 sshd[1389908]: Invalid user admin from 14.231.182.159 Aug 15 01:14:33 server378 sshd[1389908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.231.182.159 Aug 15 01:14:35 server378 sshd[1389908]: Failed password for invalid user admin from 14.231.182.159 port 54455 ssh2 Aug 15 01:14:36 server378 sshd[1389908]: Connection closed by 14.231.182.159 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=14.231.182.159	2019-08-15 14:06:28
84.20.66.130	attack	Aug 15 07:13:24 OPSO sshd\[18934\]: Invalid user hsherman from 84.20.66.130 port 38940 Aug 15 07:13:24 OPSO sshd\[18934\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.20.66.130 Aug 15 07:13:27 OPSO sshd\[18934\]: Failed password for invalid user hsherman from 84.20.66.130 port 38940 ssh2 Aug 15 07:18:01 OPSO sshd\[19633\]: Invalid user andrea from 84.20.66.130 port 57458 Aug 15 07:18:01 OPSO sshd\[19633\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.20.66.130	2019-08-15 14:05:53
1.161.223.151	attackbotsspam	Honeypot attack, port: 23, PTR: 1-161-223-151.dynamic-ip.hinet.net.	2019-08-15 14:35:07
78.0.4.185	attackspambots	Brute force attempt	2019-08-15 14:00:42
201.178.65.68	attackbotsspam	Honeypot attack, port: 23, PTR: 201-178-65-68.speedy.com.ar.	2019-08-15 14:36:33

Recently Reported IPs

207.91.64.107	71.65.26.117	189.152.2.231	185.21.235.99
173.179.79.168	177.73.250.160	86.146.109.209	106.104.27.88
188.217.179.154	100.239.185.134	66.142.54.152	174.250.144.173
121.228.97.36	106.185.225.5	8.67.168.4	37.49.235.132
217.127.114.8	39.144.50.196	49.89.56.44	89.222.149.43