154.72.199.2 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Uganda

Internet Service Provider: National Information Technology Authority Uganda

Hostname: unknown

Organization: unknown

Usage Type: Government

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Aug 23 22:31:41 ms-srv sshd[42155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.199.2 user=root Aug 23 22:31:43 ms-srv sshd[42155]: Failed password for invalid user root from 154.72.199.2 port 2435 ssh2	2020-02-02 22:56:01

Type

Details

Datetime

attack

Aug 23 22:31:41 ms-srv sshd[42155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.199.2  user=root
Aug 23 22:31:43 ms-srv sshd[42155]: Failed password for invalid user root from 154.72.199.2 port 2435 ssh2

2020-02-02 22:56:01

Comments on same subnet:

IP	Type	Details	Datetime
154.72.199.38	attackspam	Dovecot Invalid User Login Attempt.	2020-08-15 23:17:22
154.72.199.38	attackbots	IP was detected trying to Brute-Force SSH, FTP, Web Apps, Port-Scan or Hacking.	2020-05-25 12:55:35
154.72.199.38	attack	Spam detected 2020.05.17 11:55:19 blocked until 2020.06.11 08:26:42	2020-05-22 22:22:04
154.72.199.146	attackspam	Unauthorized connection attempt from IP address 154.72.199.146 on Port 445(SMB)	2020-04-11 19:56:00
154.72.199.38	attackbots	spam	2020-01-24 15:24:11
154.72.199.38	attack	email spam	2019-12-19 21:31:15
154.72.199.38	attack	Attempted spam UTC Dec 7 06:06:36 from=	2019-12-07 17:10:51
154.72.199.38	attackspambots	SPAM Delivery Attempt	2019-10-29 20:51:14
154.72.199.38	attackbotsspam	proto=tcp . spt=46414 . dpt=25 . (listed on Blocklist de Sep 20) (1467)	2019-09-21 06:45:34
154.72.199.38	attackspambots	proto=tcp . spt=40590 . dpt=25 . (listed on Blocklist de Aug 11) (639)	2019-08-12 03:31:55
154.72.199.38	attackbotsspam	Mail sent to address hacked/leaked from Last.fm	2019-07-30 18:28:53

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 154.72.199.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47366
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;154.72.199.2.			IN	A

;; AUTHORITY SECTION:
.			286	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020020200 1800 900 604800 86400

;; Query time: 52 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Feb 02 22:55:52 CST 2020
;; MSG SIZE  rcvd: 116

Host info

2.199.72.154.in-addr.arpa domain name pointer h2.gou.go.ug.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
2.199.72.154.in-addr.arpa	name = h2.gou.go.ug.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
159.226.169.49	attack	Feb 15 05:53:45 localhost sshd\[32734\]: Invalid user empleado from 159.226.169.49 port 54025 Feb 15 05:53:45 localhost sshd\[32734\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.226.169.49 Feb 15 05:53:47 localhost sshd\[32734\]: Failed password for invalid user empleado from 159.226.169.49 port 54025 ssh2	2020-02-15 15:04:37
198.245.63.94	attackbots	$f2bV_matches	2020-02-15 15:14:52
106.13.182.60	attackspambots	Feb 15 07:21:45 dedicated sshd[5414]: Invalid user chad from 106.13.182.60 port 47322	2020-02-15 14:53:00
85.105.105.66	attackspambots	Automatic report - Port Scan Attack	2020-02-15 14:50:05
139.59.9.234	attackspam	Feb 14 21:00:49 web1 sshd\[23331\]: Invalid user extdemo2 from 139.59.9.234 Feb 14 21:00:49 web1 sshd\[23331\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.9.234 Feb 14 21:00:51 web1 sshd\[23331\]: Failed password for invalid user extdemo2 from 139.59.9.234 port 41538 ssh2 Feb 14 21:05:04 web1 sshd\[23755\]: Invalid user roxanna from 139.59.9.234 Feb 14 21:05:04 web1 sshd\[23755\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.9.234	2020-02-15 15:32:05
51.254.51.182	attackbotsspam	$f2bV_matches	2020-02-15 15:08:33
198.71.240.27	attackbotsspam	Automatic report - XMLRPC Attack	2020-02-15 15:09:37
111.254.39.8	attack	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-15 14:57:21
192.99.39.157	attack	xmlrpc attack	2020-02-15 14:57:54
151.69.170.146	attackspambots	Invalid user sarita from 151.69.170.146 port 36073	2020-02-15 15:05:29
66.42.56.59	attackbots	Feb 15 08:19:42 server sshd\[29752\]: Invalid user admin2 from 66.42.56.59 Feb 15 08:19:42 server sshd\[29752\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.42.56.59 Feb 15 08:19:45 server sshd\[29752\]: Failed password for invalid user admin2 from 66.42.56.59 port 33598 ssh2 Feb 15 08:43:52 server sshd\[766\]: Invalid user colab from 66.42.56.59 Feb 15 08:43:52 server sshd\[766\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.42.56.59 ...	2020-02-15 15:27:55
111.254.210.229	attackbotsspam	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-15 15:01:30
115.178.100.70	attack	Feb 14 09:50:48 server sshd\[4608\]: Invalid user admin from 115.178.100.70 Feb 14 09:50:48 server sshd\[4608\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.100.70 Feb 14 09:50:50 server sshd\[4608\]: Failed password for invalid user admin from 115.178.100.70 port 64915 ssh2 Feb 15 07:53:58 server sshd\[25718\]: Invalid user admin from 115.178.100.70 Feb 15 07:53:58 server sshd\[25718\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.178.100.70 ...	2020-02-15 14:57:01
115.216.156.42	attackbotsspam	unauthorized connection attempt	2020-02-15 15:30:37
129.211.22.160	attackspambots	Feb 14 21:25:58 auw2 sshd\[9262\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.211.22.160 user=root Feb 14 21:26:01 auw2 sshd\[9262\]: Failed password for root from 129.211.22.160 port 52794 ssh2 Feb 14 21:32:13 auw2 sshd\[9906\]: Invalid user weblogic from 129.211.22.160 Feb 14 21:32:13 auw2 sshd\[9906\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.211.22.160 Feb 14 21:32:15 auw2 sshd\[9906\]: Failed password for invalid user weblogic from 129.211.22.160 port 48956 ssh2	2020-02-15 15:34:21

Recently Reported IPs

38.101.101.123	152.255.51.85	192.61.188.116	210.76.238.19
31.93.153.190	151.38.180.246	170.84.196.201	99.143.16.20
57.15.88.129	166.193.131.59	113.181.124.244	168.177.211.157
239.225.115.233	229.24.241.168	111.119.127.228	148.17.158.145
162.253.118.15	119.217.104.167	236.220.12.187	219.162.218.7