5.248.1.55 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Ukraine

Internet Service Provider: Kyivstar PJSC

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Honeypot attack, port: 5555, PTR: 5-248-1-55.broadband.kyivstar.net.	2020-04-02 01:20:56

Comments on same subnet:

IP	Type	Details	Datetime
5.248.117.54	attackspam	Icarus honeypot on github	2020-09-10 01:37:26
5.248.164.76	attack	Spam comment : Добрый день Доктор посоветовала Лучшая Интернет Аптека яквинус цена +в москве	2020-07-29 08:03:18
5.248.164.76	attack	"US-ASCII Malformed Encoding XSS Filter - Attack Detected - Matched Data: \xbc\xd1\x8b\xd0\xb5 \xd0\xbf\xd0\xbe found within ARGS:comentario: \xd0\x9f\xd1\x80\xd0\xb8\xd0\xb2\xd0\xb5\xd1\x82\xd1\x81\xd1\x82\xd0\xb2\xd1\x83\xd1\x8e \xd0\xb2\xd0\xb0\xd1\x81 \x0d\x0a\xd0\x97\xd0\xbd\xd0\xb0\xd0\xba\xd0\xbe\xd0\xbc\xd1\x8b\xd0\xb5 \xd0\xbf\xd0\xbe\xd0\xba\xd1\x83\xd0\xbf\xd0\xb0\xd0\xbb\xd0\xb8 \x0d\x0a\xd0\x92\xd1\x8b\xd1\x81\xd0\xbe\xd1\x87\xd0\xb0\xd0\xb9\xd1\x88\xd0\xb5\xd0\xb5 \xd0\xba\xd0\xb0\xd1\x87\xd0\xb5\xd1\x81\xd1\x82\xd0\xb2\xd0\xbe \xd0\xbb\xd0\xb5\xd0\..."	2020-07-02 04:00:59
5.248.164.76	attackspam	0,16-02/23 [bc01/m23] PostRequest-Spammer scoring: essen	2020-06-28 22:39:58
5.248.107.181	attack	Chat Spam	2020-05-10 15:22:00
5.248.188.250	attackspambots	Honeypot attack, port: 445, PTR: 5-248-188-250.broadband.kyivstar.net.	2020-02-02 05:22:06
5.248.168.168	attack	Unauthorized connection attempt detected from IP address 5.248.168.168 to port 1433	2020-01-01 03:02:50
5.248.112.254	attackspambots	Unauthorized connection attempt detected from IP address 5.248.112.254 to port 445	2019-12-16 02:41:03
5.248.193.47	attackspambots	SMB Server BruteForce Attack	2019-11-16 23:28:04
5.248.156.70	attack	" "	2019-11-15 00:35:12
5.248.165.110	attack	Joomla User : try to access forms...	2019-10-05 12:10:14
5.248.165.110	attack	Blocked range because of multiple attacks in the past. @ 2019-09-03T17:33:34+02:00.	2019-09-08 14:02:03

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 5.248.1.55
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32781
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;5.248.1.55.			IN	A

;; AUTHORITY SECTION:
.			223	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020040100 1800 900 604800 86400

;; Query time: 97 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Apr 02 01:20:48 CST 2020
;; MSG SIZE  rcvd: 114

Host info

55.1.248.5.in-addr.arpa domain name pointer 5-248-1-55.broadband.kyivstar.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
55.1.248.5.in-addr.arpa	name = 5-248-1-55.broadband.kyivstar.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
206.189.142.107	attackbots	Invalid user miyazawa from 206.189.142.107 port 58764	2020-02-28 10:13:11
202.137.10.186	attackbotsspam	Feb 28 05:35:35 server sshd[2264846]: Failed password for invalid user lisha from 202.137.10.186 port 38268 ssh2 Feb 28 05:46:16 server sshd[2266937]: Failed password for invalid user scanner from 202.137.10.186 port 52346 ssh2 Feb 28 05:56:58 server sshd[2269071]: Failed password for invalid user gerrit from 202.137.10.186 port 38224 ssh2	2020-02-28 13:03:32
185.53.88.26	attackbotsspam	[2020-02-28 00:17:10] NOTICE[1148][C-0000c9a0] chan_sip.c: Call from '' (185.53.88.26:59304) to extension '011442037694876' rejected because extension not found in context 'public'. [2020-02-28 00:17:10] SECURITY[1163] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-02-28T00:17:10.656-0500",Severity="Error",Service="SIP",EventVersion="1",AccountID="011442037694876",SessionID="0x7fd82c538db8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.53.88.26/59304",ACLName="no_extension_match" [2020-02-28 00:17:15] NOTICE[1148][C-0000c9a1] chan_sip.c: Call from '' (185.53.88.26:50022) to extension '011442037694876' rejected because extension not found in context 'public'. [2020-02-28 00:17:15] SECURITY[1163] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-02-28T00:17:15.128-0500",Severity="Error",Service="SIP",EventVersion="1",AccountID="011442037694876",SessionID="0x7fd82c3faf98",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185 ...	2020-02-28 13:19:54
206.72.197.226	attack	exploit netcore router back door access	2020-02-28 10:34:29
222.175.232.114	attackbotsspam	Invalid user ftptest from 222.175.232.114 port 46890	2020-02-28 10:10:14
66.44.209.102	attack	Feb 27 22:57:17 mailman postfix/smtpd[24167]: NOQUEUE: reject: RCPT from unknown[66.44.209.102]: 554 5.7.1 Service unavailable; Client host [66.44.209.102] blocked using sbl-xbl.spamhaus.org; https://www.spamhaus.org/query/ip/66.44.209.102 / https://www.spamhaus.org/sbl/query/SBLCSS; from= to= proto=SMTP helo= Feb 27 22:57:18 mailman postfix/smtpd[24167]: NOQUEUE: reject: RCPT from unknown[66.44.209.102]: 554 5.7.1 Service unavailable; Client host [66.44.209.102] blocked using sbl-xbl.spamhaus.org; https://www.spamhaus.org/query/ip/66.44.209.102 / https://www.spamhaus.org/sbl/query/SBLCSS; from= to= proto=SMTP helo=	2020-02-28 13:05:29
63.159.128.142	attackspam	Repeated RDP login failures. Last user: Video	2020-02-28 13:11:36
135.23.58.151	attackspam	Honeypot attack, port: 5555, PTR: 135-23-58-151.cpe.pppoe.ca.	2020-02-28 13:10:59
218.92.0.210	attackspambots	2020-02-28T06:06:10.785830scmdmz1 sshd[26988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210 user=root 2020-02-28T06:06:12.789972scmdmz1 sshd[26988]: Failed password for root from 218.92.0.210 port 33922 ssh2 2020-02-28T06:06:15.104139scmdmz1 sshd[26988]: Failed password for root from 218.92.0.210 port 33922 ssh2 2020-02-28T06:06:10.785830scmdmz1 sshd[26988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210 user=root 2020-02-28T06:06:12.789972scmdmz1 sshd[26988]: Failed password for root from 218.92.0.210 port 33922 ssh2 2020-02-28T06:06:15.104139scmdmz1 sshd[26988]: Failed password for root from 218.92.0.210 port 33922 ssh2 2020-02-28T06:06:10.785830scmdmz1 sshd[26988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210 user=root 2020-02-28T06:06:12.789972scmdmz1 sshd[26988]: Failed password for root from 218.92.0.210 port 33922 ssh2 2020-02-28T06:06:	2020-02-28 13:16:06
111.93.156.74	attackspambots	Feb 28 05:49:48 vps691689 sshd[12953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.93.156.74 Feb 28 05:49:50 vps691689 sshd[12953]: Failed password for invalid user weblogic from 111.93.156.74 port 44422 ssh2 ...	2020-02-28 13:05:13
14.234.11.97	attackspam	Honeypot attack, port: 445, PTR: static.vnpt.vn.	2020-02-28 13:04:29
222.186.175.150	attackspambots	Feb 28 06:07:48 h2177944 sshd\[31529\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.150 user=root Feb 28 06:07:51 h2177944 sshd\[31529\]: Failed password for root from 222.186.175.150 port 11158 ssh2 Feb 28 06:07:55 h2177944 sshd\[31529\]: Failed password for root from 222.186.175.150 port 11158 ssh2 Feb 28 06:07:58 h2177944 sshd\[31529\]: Failed password for root from 222.186.175.150 port 11158 ssh2 ...	2020-02-28 13:10:07
190.64.204.140	attack	Feb 28 01:59:13 localhost sshd\[55615\]: Invalid user yueyimin from 190.64.204.140 port 52444 Feb 28 01:59:13 localhost sshd\[55615\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.64.204.140 Feb 28 01:59:15 localhost sshd\[55615\]: Failed password for invalid user yueyimin from 190.64.204.140 port 52444 ssh2 Feb 28 02:09:32 localhost sshd\[55823\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.64.204.140 user=root Feb 28 02:09:34 localhost sshd\[55823\]: Failed password for root from 190.64.204.140 port 34493 ssh2 ...	2020-02-28 10:14:03
198.20.87.98	attack	firewall-block, port(s): 1025/tcp	2020-02-28 13:19:29
106.215.38.220	attack	Automatic report BANNED IP	2020-02-28 13:31:18

Recently Reported IPs

163.58.181.105	101.40.43.43	58.186.120.35	254.250.23.119
195.106.198.221	80.134.252.124	42.112.170.221	65.221.59.199
147.7.11.114	36.71.235.208	37.140.251.248	238.10.246.203
162.158.150.125	218.204.253.38	214.251.167.136	138.17.63.125
120.188.5.55	223.91.208.180	136.51.203.170	205.5.63.100