49.248.152.130

Basic Info

City: unknown

Region: unknown

Country: India

Internet Service Provider: Tata Teleservices Ltd

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	[portscan] tcp/1433 [MsSQL] [scan/connect: 2 time(s)] *(RWIN=8192)(04301449)	2020-04-30 23:57:36

Comments on same subnet:

IP	Type	Details	Datetime
49.248.152.76	attackbotsspam	Oct 18 22:13:36 vps647732 sshd[27657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.248.152.76 Oct 18 22:13:39 vps647732 sshd[27657]: Failed password for invalid user uftp from 49.248.152.76 port 30927 ssh2 ...	2019-10-19 04:24:16
49.248.152.76	attackbots	Oct 17 07:06:27 localhost sshd\[62697\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.248.152.76 user=root Oct 17 07:06:29 localhost sshd\[62697\]: Failed password for root from 49.248.152.76 port 57390 ssh2 Oct 17 07:11:18 localhost sshd\[62859\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.248.152.76 user=root Oct 17 07:11:21 localhost sshd\[62859\]: Failed password for root from 49.248.152.76 port 13275 ssh2 Oct 17 07:16:19 localhost sshd\[62971\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.248.152.76 user=root ...	2019-10-17 15:24:44
49.248.152.76	attackbots	Oct 13 07:50:45 debian sshd\[28870\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.248.152.76 user=root Oct 13 07:50:47 debian sshd\[28870\]: Failed password for root from 49.248.152.76 port 6450 ssh2 Oct 13 07:56:15 debian sshd\[28903\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.248.152.76 user=root ...	2019-10-13 20:28:15
49.248.152.76	attack	Oct 11 13:56:28 newdogma sshd[590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.248.152.76 user=r.r Oct 11 13:56:30 newdogma sshd[590]: Failed password for r.r from 49.248.152.76 port 38257 ssh2 Oct 11 13:56:30 newdogma sshd[590]: Received disconnect from 49.248.152.76 port 38257:11: Bye Bye [preauth] Oct 11 13:56:30 newdogma sshd[590]: Disconnected from 49.248.152.76 port 38257 [preauth] Oct 11 14:07:56 newdogma sshd[772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.248.152.76 user=r.r Oct 11 14:07:58 newdogma sshd[772]: Failed password for r.r from 49.248.152.76 port 51909 ssh2 Oct 11 14:07:58 newdogma sshd[772]: Received disconnect from 49.248.152.76 port 51909:11: Bye Bye [preauth] Oct 11 14:07:58 newdogma sshd[772]: Disconnected from .... truncated .... Oct 11 13:56:28 newdogma sshd[590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser........ -------------------------------	2019-10-13 17:24:40
49.248.152.76	attack	Oct 11 13:56:28 newdogma sshd[590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.248.152.76 user=r.r Oct 11 13:56:30 newdogma sshd[590]: Failed password for r.r from 49.248.152.76 port 38257 ssh2 Oct 11 13:56:30 newdogma sshd[590]: Received disconnect from 49.248.152.76 port 38257:11: Bye Bye [preauth] Oct 11 13:56:30 newdogma sshd[590]: Disconnected from 49.248.152.76 port 38257 [preauth] Oct 11 14:07:56 newdogma sshd[772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.248.152.76 user=r.r Oct 11 14:07:58 newdogma sshd[772]: Failed password for r.r from 49.248.152.76 port 51909 ssh2 Oct 11 14:07:58 newdogma sshd[772]: Received disconnect from 49.248.152.76 port 51909:11: Bye Bye [preauth] Oct 11 14:07:58 newdogma sshd[772]: Disconnected from .... truncated .... Oct 11 13:56:28 newdogma sshd[590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser........ -------------------------------	2019-10-13 08:03:24

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 49.248.152.130
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21937
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;49.248.152.130.			IN	A

;; AUTHORITY SECTION:
.			561	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020043000 1800 900 604800 86400

;; Query time: 95 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Apr 30 23:57:31 CST 2020
;; MSG SIZE  rcvd: 118

Host info

130.152.248.49.in-addr.arpa domain name pointer mail.primus.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
130.152.248.49.in-addr.arpa	name = mail.primus.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
188.170.192.23	attack	Unauthorized connection attempt from IP address 188.170.192.23 on Port 445(SMB)	2020-06-10 03:12:18
222.186.180.8	attackbotsspam	2020-06-09T21:16:43.284805 sshd[8582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.180.8 user=root 2020-06-09T21:16:45.517364 sshd[8582]: Failed password for root from 222.186.180.8 port 39914 ssh2 2020-06-09T21:16:51.224373 sshd[8582]: Failed password for root from 222.186.180.8 port 39914 ssh2 2020-06-09T21:16:43.284805 sshd[8582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.180.8 user=root 2020-06-09T21:16:45.517364 sshd[8582]: Failed password for root from 222.186.180.8 port 39914 ssh2 2020-06-09T21:16:51.224373 sshd[8582]: Failed password for root from 222.186.180.8 port 39914 ssh2 ...	2020-06-10 03:19:45
117.201.97.14	attackbots	Unauthorized connection attempt from IP address 117.201.97.14 on Port 445(SMB)	2020-06-10 02:56:14
167.99.66.193	attack	2020-06-09T18:36:28.157060shield sshd\[3872\]: Invalid user jasleen from 167.99.66.193 port 40641 2020-06-09T18:36:28.161241shield sshd\[3872\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.66.193 2020-06-09T18:36:30.188196shield sshd\[3872\]: Failed password for invalid user jasleen from 167.99.66.193 port 40641 ssh2 2020-06-09T18:39:43.776201shield sshd\[5133\]: Invalid user messagebus from 167.99.66.193 port 38103 2020-06-09T18:39:43.779886shield sshd\[5133\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.66.193	2020-06-10 03:24:58
180.76.150.238	attackspam	Failed password for root from 180.76.150.238 port 57520 ssh2	2020-06-10 03:06:08
46.142.14.52	attackspam	User [zhangrd] from [46.142.14.52] failed to log in via [SSH] due to authorization failure. User [root] from [46.142.14.52] failed to log in via [SSH] due to authorization failure. User [deepmagic] from [46.142.14.52] failed to log in via [SSH] due to authorization failure. User [teamspeakbot] from [46.142.14.52] failed to log in via [SSH] due to authorization failure. User [ihor] from [46.142.14.52] failed to log in via [SSH] due to authorization failure. User [root] from [46.142.14.52] failed to log in via [SSH] due to authorization failure. User [admin] from [46.142.14.52] failed to log in via [SSH] due to authorization failure. User [admin] from [46.142.14.52] failed to log in via [SSH] due to authorization failure. User [yuchen] from [46.142.14.52] failed to log in via [SSH] due to authorization failure. User [root] from [46.142.14.52] failed to log in via [SSH] due to authorization failure. User [user3] from [46.142.14.52] failed to log in via [SSH] due to authorization failure.	2020-06-10 02:54:15
149.140.162.36	attack	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-06-10 03:10:32
59.6.222.103	attack	Port probing on unauthorized port 8080	2020-06-10 03:01:49
110.35.80.82	attackbots	"fail2ban match"	2020-06-10 03:06:38
49.206.195.200	attackbotsspam	Unauthorized connection attempt from IP address 49.206.195.200 on Port 445(SMB)	2020-06-10 03:28:11
188.166.172.189	attackspambots	Jun 9 10:43:38 mockhub sshd[18186]: Failed password for root from 188.166.172.189 port 40740 ssh2 ...	2020-06-10 03:14:54
197.37.214.236	attack	Unauthorized connection attempt from IP address 197.37.214.236 on Port 445(SMB)	2020-06-10 03:09:38
177.200.64.168	attack	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-06-10 03:17:44
189.59.5.81	attack	Jun 8 12:33:01 WHD8 dovecot: imap-login: Disconnected \(auth failed, 1 attempts in 5 secs\): user=\, method=PLAIN, rip=189.59.5.81, lip=10.64.89.208, TLS, session=\ Jun 9 14:30:25 WHD8 dovecot: imap-login: Disconnected \(auth failed, 1 attempts in 6 secs\): user=\, method=PLAIN, rip=189.59.5.81, lip=10.64.89.208, session=\ Jun 9 21:07:06 WHD8 dovecot: imap-login: Disconnected \(auth failed, 1 attempts in 5 secs\): user=\, method=PLAIN, rip=189.59.5.81, lip=10.64.89.208, session=\<8fOrbqunOt29OwVR\> ...	2020-06-10 03:20:13
106.253.177.150	attackspambots	Repeated brute force against a port	2020-06-10 03:23:33

Recently Reported IPs

244.234.35.203	11.51.115.73	26.174.243.23	165.185.62.200
58.78.6.184	205.64.24.228	160.99.226.193	2001:e60:3178:e399:5011:9727:7c1f:121f
157.59.28.80	223.16.101.133	69.40.72.124	72.46.242.171
221.161.203.79	206.189.199.51	185.125.32.102	179.223.104.97
177.74.252.174	176.113.161.87	221.136.221.95	173.0.37.130