92.252.243.239

Basic Info

City: unknown

Region: unknown

Country: Russian Federation

Internet Service Provider: OJSC Rostelecom

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Automatic report - Port Scan Attack	2019-08-04 21:54:56
attackbots	Automatic report - Port Scan Attack	2019-07-27 13:50:30
attack	DATE:2019-07-19_18:33:24, IP:92.252.243.239, PORT:telnet Telnet brute force auth on honeypot server (honey-neo-dc)	2019-07-20 08:56:16

Comments on same subnet:

IP	Type	Details	Datetime
92.252.243.190	attackspam	(sshd) Failed SSH login from 92.252.243.190 (RU/Russia/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Apr 12 23:25:39 srv sshd[27244]: Invalid user alburaq from 92.252.243.190 port 45366 Apr 12 23:25:41 srv sshd[27244]: Failed password for invalid user alburaq from 92.252.243.190 port 45366 ssh2 Apr 12 23:37:55 srv sshd[28757]: Invalid user admin from 92.252.243.190 port 37941 Apr 12 23:37:57 srv sshd[28757]: Failed password for invalid user admin from 92.252.243.190 port 37941 ssh2 Apr 12 23:41:44 srv sshd[29184]: Invalid user ucpss from 92.252.243.190 port 41067	2020-04-13 04:56:03
92.252.243.190	attack	SSH login attempts.	2020-04-12 16:10:41
92.252.243.190	attack	SSH Brute Force	2020-04-04 19:48:50
92.252.243.190	attack	$f2bV_matches	2020-03-27 14:04:41
92.252.243.190	attack	Mar 21 08:13:14 server sshd\[7648\]: Invalid user jomar from 92.252.243.190 Mar 21 08:13:14 server sshd\[7648\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.252.243.190 Mar 21 08:13:17 server sshd\[7648\]: Failed password for invalid user jomar from 92.252.243.190 port 60830 ssh2 Mar 21 08:21:25 server sshd\[9625\]: Invalid user zhucm from 92.252.243.190 Mar 21 08:21:25 server sshd\[9625\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.252.243.190 ...	2020-03-21 13:40:47
92.252.243.80	attackspam	firewall-block, port(s): 445/tcp	2020-03-16 18:51:59

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 92.252.243.239
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49179
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;92.252.243.239.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019071902 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Jul 20 08:56:10 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 239.243.252.92.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 239.243.252.92.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
113.161.79.191	attackspam	Invalid user oracle from 113.161.79.191 port 59616	2020-09-11 18:30:28
77.88.5.218	attackspambots	port scan and connect, tcp 80 (http)	2020-09-11 18:17:52
93.34.12.254	attackbotsspam	(sshd) Failed SSH login from 93.34.12.254 (IT/Italy/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 10 19:13:17 jbs1 sshd[27368]: Failed password for root from 93.34.12.254 port 55132 ssh2 Sep 10 19:13:19 jbs1 sshd[27368]: Failed password for root from 93.34.12.254 port 55132 ssh2 Sep 10 19:13:21 jbs1 sshd[27368]: Failed password for root from 93.34.12.254 port 55132 ssh2 Sep 10 19:13:23 jbs1 sshd[27368]: Failed password for root from 93.34.12.254 port 55132 ssh2 Sep 10 19:13:25 jbs1 sshd[27368]: Failed password for root from 93.34.12.254 port 55132 ssh2	2020-09-11 18:29:33
61.181.80.109	attackspam	Port scan: Attack repeated for 24 hours	2020-09-11 18:16:43
113.160.148.180	attackspambots	Listed on rbldns-ru also zen-spamhaus / proto=6 . srcport=62405 . dstport=445 . (754)	2020-09-11 18:28:14
151.80.37.200	attack	Sep 11 04:14:59 lanister sshd[10604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.80.37.200 user=root Sep 11 04:15:02 lanister sshd[10604]: Failed password for root from 151.80.37.200 port 33774 ssh2 Sep 11 04:21:58 lanister sshd[10721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.80.37.200 user=root Sep 11 04:22:00 lanister sshd[10721]: Failed password for root from 151.80.37.200 port 47694 ssh2	2020-09-11 18:15:10
191.240.113.45	attackspam	Sep 8 15:23:18 mail.srvfarm.net postfix/smtpd[1835813]: warning: unknown[191.240.113.45]: SASL PLAIN authentication failed: Sep 8 15:23:19 mail.srvfarm.net postfix/smtpd[1835813]: lost connection after AUTH from unknown[191.240.113.45] Sep 8 15:25:49 mail.srvfarm.net postfix/smtps/smtpd[1833926]: warning: unknown[191.240.113.45]: SASL PLAIN authentication failed: Sep 8 15:25:49 mail.srvfarm.net postfix/smtps/smtpd[1833926]: lost connection after AUTH from unknown[191.240.113.45] Sep 8 15:32:31 mail.srvfarm.net postfix/smtps/smtpd[1834966]: warning: unknown[191.240.113.45]: SASL PLAIN authentication failed:	2020-09-11 18:37:01
45.142.120.121	attack	Sep 9 03:48:30 nlmail01.srvfarm.net postfix/smtpd[3551870]: warning: unknown[45.142.120.121]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 9 03:49:10 nlmail01.srvfarm.net postfix/smtpd[3551870]: warning: unknown[45.142.120.121]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 9 03:49:49 nlmail01.srvfarm.net postfix/smtpd[3551122]: warning: unknown[45.142.120.121]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 9 03:50:28 nlmail01.srvfarm.net postfix/smtpd[3551870]: warning: unknown[45.142.120.121]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 9 03:51:07 nlmail01.srvfarm.net postfix/smtpd[3551870]: warning: unknown[45.142.120.121]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2020-09-11 18:09:40
209.85.208.65	attack	Trying to spoof execs	2020-09-11 18:33:14
103.75.101.59	attack	"Unauthorized connection attempt on SSHD detected"	2020-09-11 18:25:40
119.202.218.23	attackbotsspam	2020-09-10 05:28:23 Reject access to port(s):3389 1 times a day	2020-09-11 18:20:23
192.34.57.113	attack	Listed on zen-spamhaus also abuseat-org / proto=6 . srcport=43027 . dstport=27782 . (432)	2020-09-11 18:26:34
114.67.254.244	attack	Sep 11 12:19:59 lnxweb62 sshd[7015]: Failed password for root from 114.67.254.244 port 52086 ssh2 Sep 11 12:19:59 lnxweb62 sshd[7015]: Failed password for root from 114.67.254.244 port 52086 ssh2	2020-09-11 18:25:10
106.51.3.214	attackbotsspam	Invalid user silby from 106.51.3.214 port 48966	2020-09-11 18:29:45
170.84.8.84	attack	SMTP brute force	2020-09-11 18:16:25

Recently Reported IPs

94.101.95.145	194.247.173.123	74.220.219.101	67.212.86.14
46.34.168.131	50.63.197.26	72.165.144.122	50.62.208.212
3.93.251.34	192.40.115.49	181.46.8.249	80.55.135.25
185.189.51.218	184.168.193.170	8.38.43.114	222.137.21.79
173.254.56.16	188.164.195.246	108.161.136.82	104.248.175.232