212.248.1.58 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Russian Federation

Internet Service Provider: COMSTAR Telecommunications

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Apr 7 03:32:36 localhost sshd\[8659\]: Invalid user user from 212.248.1.58 Apr 7 03:32:36 localhost sshd\[8659\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.248.1.58 Apr 7 03:32:39 localhost sshd\[8659\]: Failed password for invalid user user from 212.248.1.58 port 53524 ssh2 Apr 7 03:33:08 localhost sshd\[8661\]: Invalid user user from 212.248.1.58 Apr 7 03:33:08 localhost sshd\[8661\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.248.1.58 ...	2020-04-07 09:48:59
attackbots	Apr 6 19:02:46 ucs sshd\[24641\]: Invalid user oracle from 212.248.1.58 port 44636 Apr 6 19:03:22 ucs sshd\[24793\]: Invalid user oracle from 212.248.1.58 port 43876 Apr 6 19:03:43 ucs sshd\[24927\]: Invalid user oracle from 212.248.1.58 port 43110 ...	2020-04-07 01:13:25
attackbots	Apr 4 19:31:19 eddieflores sshd\[15197\]: Invalid user nagios from 212.248.1.58 Apr 4 19:31:19 eddieflores sshd\[15197\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.248.1.58 Apr 4 19:31:21 eddieflores sshd\[15197\]: Failed password for invalid user nagios from 212.248.1.58 port 58830 ssh2 Apr 4 19:31:46 eddieflores sshd\[15216\]: Invalid user nagios from 212.248.1.58 Apr 4 19:31:46 eddieflores sshd\[15216\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.248.1.58	2020-04-05 13:45:32
attackbots	Apr 5 02:42:55 ift sshd\[52761\]: Invalid user zabbix from 212.248.1.58Apr 5 02:42:57 ift sshd\[52761\]: Failed password for invalid user zabbix from 212.248.1.58 port 50116 ssh2Apr 5 02:43:23 ift sshd\[52776\]: Invalid user bdos from 212.248.1.58Apr 5 02:43:25 ift sshd\[52776\]: Failed password for invalid user bdos from 212.248.1.58 port 52068 ssh2Apr 5 02:43:52 ift sshd\[52816\]: Invalid user demo from 212.248.1.58 ...	2020-04-05 08:33:48

Comments on same subnet:

IP	Type	Details	Datetime
212.248.126.226	attack	Unauthorized connection attempt from IP address 212.248.126.226 on Port 445(SMB)	2020-05-14 18:59:00
212.248.101.11	attackspambots	DATE:2020-05-12 23:13:34, IP:212.248.101.11, PORT:telnet Telnet brute force auth on honeypot server (honey-neo-dc)	2020-05-13 06:21:22
212.248.101.11	attackbots	20/4/30@08:26:41: FAIL: Alarm-Telnet address from=212.248.101.11 20/4/30@08:26:41: FAIL: Alarm-Telnet address from=212.248.101.11 ...	2020-04-30 22:21:37
212.248.101.11	attackbotsspam	firewall-block, port(s): 2323/tcp	2020-01-11 06:11:37
212.248.101.11	attack	Connection by 212.248.101.11 on port: 23 got caught by honeypot at 11/13/2019 9:58:53 PM	2019-11-14 07:26:54
212.248.126.226	attackbots	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-08-28 22:04:24,773 INFO [amun_request_handler] PortScan Detected on Port: 445 (212.248.126.226)	2019-08-29 12:11:23
212.248.122.214	attack	IMAP brute force ...	2019-07-03 07:41:36
212.248.122.214	attackbots	Brute force attempt	2019-07-03 04:52:53

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 212.248.1.58
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53414
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;212.248.1.58.			IN	A

;; AUTHORITY SECTION:
.			537	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020040402 1800 900 604800 86400

;; Query time: 102 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Apr 05 08:33:43 CST 2020
;; MSG SIZE  rcvd: 116

Host info

58.1.248.212.in-addr.arpa domain name pointer Nick.Moscow.access.comstar.ru.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
58.1.248.212.in-addr.arpa	name = Nick.Moscow.access.comstar.ru.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
78.128.113.76	attackspam	abuse-sasl	2020-04-03 20:35:39
77.40.61.94	attackbotsspam	abuse-sasl	2020-04-03 21:04:50
80.82.67.48	attack	abuse-sasl	2020-04-03 20:25:18
223.68.169.180	attack	Apr 2 21:45:23 web1 sshd\[11630\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.68.169.180 user=root Apr 2 21:45:25 web1 sshd\[11630\]: Failed password for root from 223.68.169.180 port 49648 ssh2 Apr 2 21:49:04 web1 sshd\[11990\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.68.169.180 user=root Apr 2 21:49:07 web1 sshd\[11990\]: Failed password for root from 223.68.169.180 port 58988 ssh2 Apr 2 21:52:42 web1 sshd\[12344\]: Invalid user rjakubowski from 223.68.169.180 Apr 2 21:52:42 web1 sshd\[12344\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.68.169.180	2020-04-03 20:39:35
78.128.113.119	attackbots	abuse-sasl	2020-04-03 20:42:40
125.165.197.125	attackspam	Unauthorized connection attempt from IP address 125.165.197.125 on Port 445(SMB)	2020-04-03 20:35:02
14.156.51.175	attackbotsspam	Unauthorised access (Apr 3) SRC=14.156.51.175 LEN=40 TTL=53 ID=33369 TCP DPT=8080 WINDOW=40409 SYN	2020-04-03 21:00:41
103.74.122.107	attackspambots	04/03/2020-03:10:30.249810 103.74.122.107 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-04-03 20:32:58
109.75.45.34	attackspam	Invalid user akr from 109.75.45.34 port 55740	2020-04-03 20:34:07
202.47.32.223	attackspambots	Unauthorized connection attempt from IP address 202.47.32.223 on Port 445(SMB)	2020-04-03 21:05:52
23.105.171.105	attackbots	SpamScore above: 10.0	2020-04-03 20:39:16
122.51.70.158	attackspambots	$f2bV_matches	2020-04-03 20:27:56
119.28.73.77	attackbots	SSH bruteforce	2020-04-03 20:44:06
183.57.72.2	attackspambots	Too many connections or unauthorized access detected from Arctic banned ip	2020-04-03 20:52:52
78.39.152.11	attack	abuse-sasl	2020-04-03 20:31:05

Recently Reported IPs

87.14.154.228	190.178.49.141	157.52.172.101	64.190.210.253
154.125.21.152	138.0.116.74	60.79.176.166	198.23.130.4
50.49.71.101	102.29.223.56	51.38.189.176	219.155.36.41
107.179.120.188	54.188.244.97	43.226.146.129	178.159.11.115
198.71.230.61	182.151.52.45	188.16.148.149	200.82.105.142