154.72.199.2 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Uganda

Internet Service Provider: National Information Technology Authority Uganda

Hostname: unknown

Organization: unknown

Usage Type: Government

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Aug 23 22:31:41 ms-srv sshd[42155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.199.2 user=root Aug 23 22:31:43 ms-srv sshd[42155]: Failed password for invalid user root from 154.72.199.2 port 2435 ssh2	2020-02-02 22:56:01

Type

Details

Datetime

attack

Aug 23 22:31:41 ms-srv sshd[42155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.199.2  user=root
Aug 23 22:31:43 ms-srv sshd[42155]: Failed password for invalid user root from 154.72.199.2 port 2435 ssh2

2020-02-02 22:56:01

Comments on same subnet:

IP	Type	Details	Datetime
154.72.199.38	attackspam	Dovecot Invalid User Login Attempt.	2020-08-15 23:17:22
154.72.199.38	attackbots	IP was detected trying to Brute-Force SSH, FTP, Web Apps, Port-Scan or Hacking.	2020-05-25 12:55:35
154.72.199.38	attack	Spam detected 2020.05.17 11:55:19 blocked until 2020.06.11 08:26:42	2020-05-22 22:22:04
154.72.199.146	attackspam	Unauthorized connection attempt from IP address 154.72.199.146 on Port 445(SMB)	2020-04-11 19:56:00
154.72.199.38	attackbots	spam	2020-01-24 15:24:11
154.72.199.38	attack	email spam	2019-12-19 21:31:15
154.72.199.38	attack	Attempted spam UTC Dec 7 06:06:36 from=	2019-12-07 17:10:51
154.72.199.38	attackspambots	SPAM Delivery Attempt	2019-10-29 20:51:14
154.72.199.38	attackbotsspam	proto=tcp . spt=46414 . dpt=25 . (listed on Blocklist de Sep 20) (1467)	2019-09-21 06:45:34
154.72.199.38	attackspambots	proto=tcp . spt=40590 . dpt=25 . (listed on Blocklist de Aug 11) (639)	2019-08-12 03:31:55
154.72.199.38	attackbotsspam	Mail sent to address hacked/leaked from Last.fm	2019-07-30 18:28:53

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 154.72.199.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47366
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;154.72.199.2.			IN	A

;; AUTHORITY SECTION:
.			286	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020020200 1800 900 604800 86400

;; Query time: 52 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Feb 02 22:55:52 CST 2020
;; MSG SIZE  rcvd: 116

Host info

2.199.72.154.in-addr.arpa domain name pointer h2.gou.go.ug.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
2.199.72.154.in-addr.arpa	name = h2.gou.go.ug.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
168.63.250.137	attackspambots	rdp brute-force attack (aggressivity: medium)	2019-11-27 06:34:45
35.247.138.99	attack	35.247.138.99 - - \[26/Nov/2019:15:35:56 +0100\] "POST /wp-login.php HTTP/1.0" 200 5731 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 35.247.138.99 - - \[26/Nov/2019:15:35:59 +0100\] "POST /wp-login.php HTTP/1.0" 200 5598 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 35.247.138.99 - - \[26/Nov/2019:15:36:03 +0100\] "POST /wp-login.php HTTP/1.0" 200 5594 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-11-27 06:05:43
101.50.3.215	attackbotsspam	Nov 27 01:14:07 server sshd\[6756\]: Invalid user borsa from 101.50.3.215 Nov 27 01:14:07 server sshd\[6756\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.50.3.215 Nov 27 01:14:08 server sshd\[6756\]: Failed password for invalid user borsa from 101.50.3.215 port 35722 ssh2 Nov 27 01:32:39 server sshd\[11260\]: Invalid user hertweck from 101.50.3.215 Nov 27 01:32:39 server sshd\[11260\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.50.3.215 ...	2019-11-27 06:35:43
185.234.216.221	attackspambots	Rude login attack (31 tries in 1d)	2019-11-27 06:40:34
159.138.152.49	attackspambots	badbot	2019-11-27 06:30:59
162.158.119.82	attack	162.158.119.82 - - [26/Nov/2019:14:35:40 +0000] "POST /wp-login.php HTTP/1.1" 200 1458 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-11-27 06:16:47
85.105.245.135	attackbotsspam	Automatic report - Port Scan Attack	2019-11-27 06:23:07
159.138.159.167	attack	badbot	2019-11-27 06:27:32
159.138.156.101	attackspambots	badbot	2019-11-27 06:03:17
106.12.178.246	attackbotsspam	Nov 26 19:49:05 server sshd\[14597\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.178.246 user=root Nov 26 19:49:07 server sshd\[14597\]: Failed password for root from 106.12.178.246 port 35610 ssh2 Nov 26 20:12:39 server sshd\[31241\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.178.246 user=root Nov 26 20:12:41 server sshd\[31241\]: Failed password for root from 106.12.178.246 port 47576 ssh2 Nov 26 20:19:26 server sshd\[312\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.178.246 user=root ...	2019-11-27 06:22:48
134.209.63.140	attack	Nov 26 04:48:21 hanapaa sshd\[17561\]: Invalid user kabashima from 134.209.63.140 Nov 26 04:48:21 hanapaa sshd\[17561\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.63.140 Nov 26 04:48:23 hanapaa sshd\[17561\]: Failed password for invalid user kabashima from 134.209.63.140 port 51678 ssh2 Nov 26 04:55:02 hanapaa sshd\[18114\]: Invalid user throgmorton from 134.209.63.140 Nov 26 04:55:02 hanapaa sshd\[18114\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.63.140	2019-11-27 06:32:38
41.39.171.24	attackbots	Nov 26 15:33:12 xeon cyrus/imap[60680]: badlogin: host-41.39.171.24.tedata.net [41.39.171.24] plain [SASL(-13): authentication failure: Password verification failed]	2019-11-27 06:07:59
66.249.155.244	attackbotsspam	$f2bV_matches	2019-11-27 06:26:37
124.161.231.150	attackbots	$f2bV_matches	2019-11-27 06:29:35
159.138.150.254	attackspam	badbot	2019-11-27 06:36:26

Recently Reported IPs

38.101.101.123	152.255.51.85	192.61.188.116	210.76.238.19
31.93.153.190	151.38.180.246	170.84.196.201	99.143.16.20
57.15.88.129	166.193.131.59	113.181.124.244	168.177.211.157
239.225.115.233	229.24.241.168	111.119.127.228	148.17.158.145
162.253.118.15	119.217.104.167	236.220.12.187	219.162.218.7