1.2.242.0 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Thailand

Internet Service Provider: TOT Public Company Limited

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Attempt to attack host OS, exploiting network vulnerabilities, on 24-02-2020 04:55:14.	2020-02-24 15:12:03

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 1.2.242.0
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60532
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;1.2.242.0.			IN	A

;; AUTHORITY SECTION:
.			489	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020022400 1800 900 604800 86400

;; Query time: 107 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Feb 24 15:11:59 CST 2020
;; MSG SIZE  rcvd: 113

Host info

0.242.2.1.in-addr.arpa domain name pointer node-mio.pool-1-2.dynamic.totinternet.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
0.242.2.1.in-addr.arpa	name = node-mio.pool-1-2.dynamic.totinternet.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
113.190.242.134	attackspam	1580460396 - 01/31/2020 09:46:36 Host: 113.190.242.134/113.190.242.134 Port: 445 TCP Blocked	2020-01-31 20:09:29
49.88.112.118	attackbotsspam	2020-01-31T10:56:18.705991scmdmz1 sshd[16750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.118 user=root 2020-01-31T10:56:20.502241scmdmz1 sshd[16750]: Failed password for root from 49.88.112.118 port 50515 ssh2 2020-01-31T10:56:22.482727scmdmz1 sshd[16750]: Failed password for root from 49.88.112.118 port 50515 ssh2 2020-01-31T10:56:18.705991scmdmz1 sshd[16750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.118 user=root 2020-01-31T10:56:20.502241scmdmz1 sshd[16750]: Failed password for root from 49.88.112.118 port 50515 ssh2 2020-01-31T10:56:22.482727scmdmz1 sshd[16750]: Failed password for root from 49.88.112.118 port 50515 ssh2 2020-01-31T10:56:18.705991scmdmz1 sshd[16750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.118 user=root 2020-01-31T10:56:20.502241scmdmz1 sshd[16750]: Failed password for root from 49.88.112.118 port 50515 ssh2 2020-01-3	2020-01-31 19:38:46
111.229.252.207	attackspambots	Jan 31 12:20:11 localhost sshd\[15603\]: Invalid user jagatprana from 111.229.252.207 port 55310 Jan 31 12:20:11 localhost sshd\[15603\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.229.252.207 Jan 31 12:20:13 localhost sshd\[15603\]: Failed password for invalid user jagatprana from 111.229.252.207 port 55310 ssh2	2020-01-31 19:33:01
103.74.120.101	attackspam	Lines containing failures of 103.74.120.101 Jan 27 04:36:36 shared03 postfix/smtpd[3642]: connect from ip5.adsose.com[103.74.120.101] Jan 27 04:36:39 shared03 policyd-spf[6333]: prepend Received-SPF: Pass (mailfrom) identhostnamey=mailfrom; client-ip=103.74.120.101; helo=mail.peace-lon.com.vn; envelope-from=x@x Jan x@x Jan x@x Jan x@x Jan x@x Jan x@x Jan x@x Jan 27 04:36:52 shared03 postfix/smtpd[3642]: lost connection after RCPT from ip5.adsose.com[103.74.120.101] Jan 27 04:36:52 shared03 postfix/smtpd[3642]: disconnect from ip5.adsose.com[103.74.120.101] ehlo=1 mail=1 rcpt=0/6 commands=2/8 Jan 27 07:56:18 shared03 postfix/smtpd[4162]: connect from ip5.adsose.com[103.74.120.101] Jan 27 07:56:20 shared03 policyd-spf[5390]: prepend Received-SPF: Pass (mailfrom) identhostnamey=mailfrom; client-ip=103.74.120.101; helo=mail.peace-lon.com.vn; envelope-from=x@x Jan x@x Jan x@x Jan x@x Jan x@x Jan 27 07:56:22 shared03 postfix/smtpd[4162]: lost connection after RCPT from ip5.ads........ ------------------------------	2020-01-31 19:36:30
79.6.125.139	attackspambots	DATE:2020-01-31 12:25:12, IP:79.6.125.139, PORT:ssh SSH brute force auth on honeypot server (epe-honey1-hq)	2020-01-31 19:48:51
103.239.252.66	attack	Portscan or hack attempt detected by psad/fwsnort	2020-01-31 19:41:52
154.202.13.106	attack	[portscan] Port scan	2020-01-31 20:16:31
202.152.4.75	attack	Unauthorized connection attempt detected from IP address 202.152.4.75 to port 2220 [J]	2020-01-31 20:15:48
191.5.0.212	attackspambots	Unauthorized connection attempt detected from IP address 191.5.0.212 to port 2220 [J]	2020-01-31 19:49:12
106.52.6.248	attackspam	Unauthorized connection attempt detected from IP address 106.52.6.248 to port 2220 [J]	2020-01-31 20:13:30
77.43.156.24	attack	Telnet Server BruteForce Attack	2020-01-31 20:14:53
36.65.5.63	attack	Unauthorized connection attempt from IP address 36.65.5.63 on Port 445(SMB)	2020-01-31 20:06:20
37.18.63.163	attackbots	Unauthorized connection attempt from IP address 37.18.63.163 on Port 445(SMB)	2020-01-31 20:03:17
91.204.241.241	attack	Unauthorized connection attempt from IP address 91.204.241.241 on Port 445(SMB)	2020-01-31 19:47:18
59.36.142.180	attack	Unauthorized connection attempt detected from IP address 59.36.142.180 to port 2220 [J]	2020-01-31 19:47:54

Recently Reported IPs

123.17.27.10	88.233.207.189	42.116.235.124	103.143.173.27
178.27.221.46	220.189.88.101	203.155.52.7	138.75.15.228
218.161.35.187	36.65.243.150	14.231.9.15	191.254.87.36
180.180.216.17	80.213.194.167	203.114.208.147	118.251.27.74
203.73.216.147	217.112.142.87	58.97.18.91	64.94.211.39