41.139.159.247

Basic Info

City: unknown

Region: unknown

Country: Kenya

Internet Service Provider: For Converged Solution for NRB

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Invalid user admin from 41.139.159.247 port 49254	2020-04-27 02:58:46
attackbots	Unauthorized connection attempt from IP address 41.139.159.247 on port 993	2020-04-26 12:55:21

Comments on same subnet:

IP	Type	Details	Datetime
41.139.159.25	attackspambots	2020-06-0108:07:471jfdbu-0000pn-Kq\<=info@whatsup2013.chH=\(localhost\)[123.20.184.137]:57914P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=2226id=9F9A2C7F74A08FCC10155CE4206DEA96@whatsup2013.chT="Justdemandasmallamountofyourowninterest"forstevep30@hotmail.com2020-06-0108:07:051jfdbD-0000m7-Up\<=info@whatsup2013.chH=\(localhost\)[123.20.179.254]:52178P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3029id=20c87e2d260d272fb3b600ac4b3f150935e9f2@whatsup2013.chT="tochris.gaillard.chris"forchris.gaillard.chris@gmail.commfpika13@gmail.comacostaeduard133@gmail.com2020-06-0108:07:101jfdbG-0000mh-Se\<=info@whatsup2013.chH=41-139-159-25.safaricombusiness.co.ke\(localhost\)[41.139.159.25]:47903P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=2243id=FFFA4C1F14C0EFAC70753C8440944CD1@whatsup2013.chT="Justrequireabitofyourpersonalinterest"formakss1122ma@gmail.com2020-06-0108:10:011jfde4-0001	2020-06-01 18:22:09
41.139.159.223	attackbotsspam	Dovecot Invalid User Login Attempt.	2020-04-23 17:24:57

Type

Details

Datetime

41.139.159.25

attackspambots

2020-06-0108:07:471jfdbu-0000pn-Kq\<=info@whatsup2013.chH=\(localhost\)[123.20.184.137]:57914P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=2226id=9F9A2C7F74A08FCC10155CE4206DEA96@whatsup2013.chT="Justdemandasmallamountofyourowninterest"forstevep30@hotmail.com2020-06-0108:07:051jfdbD-0000m7-Up\<=info@whatsup2013.chH=\(localhost\)[123.20.179.254]:52178P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=3029id=20c87e2d260d272fb3b600ac4b3f150935e9f2@whatsup2013.chT="tochris.gaillard.chris"forchris.gaillard.chris@gmail.commfpika13@gmail.comacostaeduard133@gmail.com2020-06-0108:07:101jfdbG-0000mh-Se\<=info@whatsup2013.chH=41-139-159-25.safaricombusiness.co.ke\(localhost\)[41.139.159.25]:47903P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:info@whatsup2013.chS=2243id=FFFA4C1F14C0EFAC70753C8440944CD1@whatsup2013.chT="Justrequireabitofyourpersonalinterest"formakss1122ma@gmail.com2020-06-0108:10:011jfde4-0001

2020-06-01 18:22:09

41.139.159.223

attackbotsspam

Dovecot Invalid User Login Attempt.

2020-04-23 17:24:57

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 41.139.159.247
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65449
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;41.139.159.247.			IN	A

;; AUTHORITY SECTION:
.			398	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020042502 1800 900 604800 86400

;; Query time: 44 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Apr 26 12:55:17 CST 2020
;; MSG SIZE  rcvd: 118

Host info

247.159.139.41.in-addr.arpa domain name pointer 41-139-159-247.safaricombusiness.co.ke.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
247.159.139.41.in-addr.arpa	name = 41-139-159-247.safaricombusiness.co.ke.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
59.124.205.214	attackbots	Invalid user zh from 59.124.205.214 port 42506	2020-04-02 06:28:37
142.44.243.190	attackspambots	Tried sshing with brute force.	2020-04-02 06:29:04
222.186.30.76	attack	01.04.2020 22:09:52 SSH access blocked by firewall	2020-04-02 06:18:53
141.8.183.105	attackbots	[Thu Apr 02 04:14:51.054478 2020] [:error] [pid 28682:tid 139905002895104] [client 141.8.183.105:58577] [client 141.8.183.105] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "XoUESzjurpzq@vKpKHoD6QAAAng"] ...	2020-04-02 06:30:38
103.133.215.146	attackspam	Invalid user mpe from 103.133.215.146 port 48386	2020-04-02 06:37:21
190.215.37.50	attackspam	Unauthorized connection attempt from IP address 190.215.37.50 on Port 445(SMB)	2020-04-02 06:13:31
139.198.5.79	attackspambots	Apr 1 23:52:44 vps sshd[862120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.198.5.79 user=root Apr 1 23:52:45 vps sshd[862120]: Failed password for root from 139.198.5.79 port 47436 ssh2 Apr 1 23:56:25 vps sshd[882443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.198.5.79 user=root Apr 1 23:56:27 vps sshd[882443]: Failed password for root from 139.198.5.79 port 41440 ssh2 Apr 2 00:00:10 vps sshd[904074]: Invalid user user2 from 139.198.5.79 port 35422 ...	2020-04-02 06:12:09
89.248.169.12	attackspam	firewall-block, port(s): 5672/tcp	2020-04-02 06:36:07
118.24.111.158	attack	2020-04-01T21:07:30.848067abusebot-2.cloudsearch.cf sshd[24354]: Invalid user gh from 118.24.111.158 port 44684 2020-04-01T21:07:30.854299abusebot-2.cloudsearch.cf sshd[24354]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.111.158 2020-04-01T21:07:30.848067abusebot-2.cloudsearch.cf sshd[24354]: Invalid user gh from 118.24.111.158 port 44684 2020-04-01T21:07:32.421391abusebot-2.cloudsearch.cf sshd[24354]: Failed password for invalid user gh from 118.24.111.158 port 44684 ssh2 2020-04-01T21:11:21.022890abusebot-2.cloudsearch.cf sshd[24652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.111.158 user=root 2020-04-01T21:11:23.166759abusebot-2.cloudsearch.cf sshd[24652]: Failed password for root from 118.24.111.158 port 57092 ssh2 2020-04-01T21:15:03.999721abusebot-2.cloudsearch.cf sshd[24853]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.111.15 ...	2020-04-02 06:17:15
92.207.180.50	attackbots	Apr 1 15:21:29 pixelmemory sshd[15721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.207.180.50 Apr 1 15:21:31 pixelmemory sshd[15721]: Failed password for invalid user aw from 92.207.180.50 port 43578 ssh2 Apr 1 15:32:04 pixelmemory sshd[18021]: Failed password for root from 92.207.180.50 port 36646 ssh2 ...	2020-04-02 06:34:31
103.85.162.62	attackbots	Unauthorized access or intrusion attempt detected from Thor banned IP	2020-04-02 06:23:09
201.116.194.210	attackspam	Apr 01 16:07:59 askasleikir sshd[72193]: Failed password for invalid user fz from 201.116.194.210 port 40297 ssh2	2020-04-02 06:19:16
82.65.35.189	attackspambots	Fail2Ban - SSH Bruteforce Attempt	2020-04-02 06:42:49
145.239.95.241	attack	Invalid user hmm from 145.239.95.241 port 38724	2020-04-02 06:46:42
61.163.78.132	attackspambots	fail2ban	2020-04-02 06:11:42

Recently Reported IPs

180.169.24.253	49.233.135.213	104.49.225.65	194.182.86.11
183.89.214.153	85.113.173.226	222.168.44.140	177.135.85.114
124.251.132.4	111.32.171.53	110.49.56.82	213.176.62.57
171.225.242.119	77.42.95.205	47.254.233.204	200.66.82.250
172.94.13.144	54.210.219.164	202.90.199.116	128.199.140.175