154.72.199.2 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Uganda

Internet Service Provider: National Information Technology Authority Uganda

Hostname: unknown

Organization: unknown

Usage Type: Government

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Aug 23 22:31:41 ms-srv sshd[42155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.199.2 user=root Aug 23 22:31:43 ms-srv sshd[42155]: Failed password for invalid user root from 154.72.199.2 port 2435 ssh2	2020-02-02 22:56:01

Type

Details

Datetime

attack

Aug 23 22:31:41 ms-srv sshd[42155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.72.199.2  user=root
Aug 23 22:31:43 ms-srv sshd[42155]: Failed password for invalid user root from 154.72.199.2 port 2435 ssh2

2020-02-02 22:56:01

Comments on same subnet:

IP	Type	Details	Datetime
154.72.199.38	attackspam	Dovecot Invalid User Login Attempt.	2020-08-15 23:17:22
154.72.199.38	attackbots	IP was detected trying to Brute-Force SSH, FTP, Web Apps, Port-Scan or Hacking.	2020-05-25 12:55:35
154.72.199.38	attack	Spam detected 2020.05.17 11:55:19 blocked until 2020.06.11 08:26:42	2020-05-22 22:22:04
154.72.199.146	attackspam	Unauthorized connection attempt from IP address 154.72.199.146 on Port 445(SMB)	2020-04-11 19:56:00
154.72.199.38	attackbots	spam	2020-01-24 15:24:11
154.72.199.38	attack	email spam	2019-12-19 21:31:15
154.72.199.38	attack	Attempted spam UTC Dec 7 06:06:36 from=	2019-12-07 17:10:51
154.72.199.38	attackspambots	SPAM Delivery Attempt	2019-10-29 20:51:14
154.72.199.38	attackbotsspam	proto=tcp . spt=46414 . dpt=25 . (listed on Blocklist de Sep 20) (1467)	2019-09-21 06:45:34
154.72.199.38	attackspambots	proto=tcp . spt=40590 . dpt=25 . (listed on Blocklist de Aug 11) (639)	2019-08-12 03:31:55
154.72.199.38	attackbotsspam	Mail sent to address hacked/leaked from Last.fm	2019-07-30 18:28:53

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 154.72.199.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47366
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;154.72.199.2.			IN	A

;; AUTHORITY SECTION:
.			286	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020020200 1800 900 604800 86400

;; Query time: 52 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Feb 02 22:55:52 CST 2020
;; MSG SIZE  rcvd: 116

Host info

2.199.72.154.in-addr.arpa domain name pointer h2.gou.go.ug.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
2.199.72.154.in-addr.arpa	name = h2.gou.go.ug.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
37.44.252.211	attack	B: Magento admin pass test (wrong country)	2019-09-26 15:29:58
140.143.58.46	attack	Sep 26 03:40:31 ip-172-31-62-245 sshd\[28137\]: Invalid user factorio from 140.143.58.46\ Sep 26 03:40:34 ip-172-31-62-245 sshd\[28137\]: Failed password for invalid user factorio from 140.143.58.46 port 46946 ssh2\ Sep 26 03:45:31 ip-172-31-62-245 sshd\[28151\]: Invalid user admin from 140.143.58.46\ Sep 26 03:45:32 ip-172-31-62-245 sshd\[28151\]: Failed password for invalid user admin from 140.143.58.46 port 59292 ssh2\ Sep 26 03:50:22 ip-172-31-62-245 sshd\[28163\]: Invalid user shaker from 140.143.58.46\	2019-09-26 15:28:51
51.15.43.205	attackbots	09/26/2019-05:49:41.400919 51.15.43.205 Protocol: 6 ET TOR Known Tor Exit Node Traffic group 68	2019-09-26 15:56:05
84.201.155.85	attackbots	RDP Bruteforce	2019-09-26 15:50:02
27.79.242.94	attackbotsspam	Sep 26 05:50:07 dev sshd\[15689\]: Invalid user admin from 27.79.242.94 port 44788 Sep 26 05:50:07 dev sshd\[15689\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.79.242.94 Sep 26 05:50:09 dev sshd\[15689\]: Failed password for invalid user admin from 27.79.242.94 port 44788 ssh2	2019-09-26 15:40:41
27.213.144.25	attackspambots	Unauthorised access (Sep 26) SRC=27.213.144.25 LEN=40 TTL=49 ID=26834 TCP DPT=8080 WINDOW=489 SYN Unauthorised access (Sep 25) SRC=27.213.144.25 LEN=40 TTL=49 ID=23069 TCP DPT=8080 WINDOW=6385 SYN Unauthorised access (Sep 24) SRC=27.213.144.25 LEN=40 TTL=49 ID=22917 TCP DPT=8080 WINDOW=6385 SYN Unauthorised access (Sep 23) SRC=27.213.144.25 LEN=40 TTL=49 ID=20035 TCP DPT=8080 WINDOW=6385 SYN Unauthorised access (Sep 23) SRC=27.213.144.25 LEN=40 TTL=49 ID=62976 TCP DPT=8080 WINDOW=489 SYN Unauthorised access (Sep 22) SRC=27.213.144.25 LEN=40 TTL=49 ID=18732 TCP DPT=8080 WINDOW=6385 SYN	2019-09-26 15:31:26
91.228.126.110	attackbotsspam	SSH invalid-user multiple login try	2019-09-26 15:28:10
132.232.58.52	attackspambots	Sep 26 09:27:06 vps647732 sshd[16627]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.58.52 Sep 26 09:27:08 vps647732 sshd[16627]: Failed password for invalid user user from 132.232.58.52 port 22416 ssh2 ...	2019-09-26 15:39:50
187.40.35.246	attackspambots	Sep 15 04:10:42 localhost postfix/smtpd[25861]: lost connection after EHLO from 187-40-35-246.user.veloxzone.com.br[187.40.35.246] Sep 15 04:10:43 localhost postfix/smtpd[25861]: lost connection after EHLO from 187-40-35-246.user.veloxzone.com.br[187.40.35.246] Sep 15 04:10:43 localhost postfix/smtpd[25861]: lost connection after EHLO from 187-40-35-246.user.veloxzone.com.br[187.40.35.246] Sep 15 04:10:44 localhost postfix/smtpd[25861]: lost connection after EHLO from 187-40-35-246.user.veloxzone.com.br[187.40.35.246] Sep 15 04:10:45 localhost postfix/smtpd[25861]: lost connection after EHLO from 187-40-35-246.user.veloxzone.com.br[187.40.35.246] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=187.40.35.246	2019-09-26 15:36:10
210.56.28.219	attackspam	2019-09-26T06:32:05.049641abusebot-7.cloudsearch.cf sshd\[17070\]: Invalid user hope from 210.56.28.219 port 54338	2019-09-26 16:03:30
192.99.36.76	attack	Sep 26 03:50:27 TORMINT sshd\[26761\]: Invalid user admin from 192.99.36.76 Sep 26 03:50:27 TORMINT sshd\[26761\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.99.36.76 Sep 26 03:50:29 TORMINT sshd\[26761\]: Failed password for invalid user admin from 192.99.36.76 port 52522 ssh2 ...	2019-09-26 15:52:12
77.247.181.163	attackbotsspam	Unauthorized access detected from banned ip	2019-09-26 15:48:34
111.231.239.143	attack	Sep 26 12:28:26 webhost01 sshd[30542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.231.239.143 Sep 26 12:28:28 webhost01 sshd[30542]: Failed password for invalid user nba from 111.231.239.143 port 35474 ssh2 ...	2019-09-26 15:56:33
190.107.27.165	attackbots	email spam	2019-09-26 15:44:10
114.230.134.186	attack	Unauthorised access (Sep 26) SRC=114.230.134.186 LEN=40 TOS=0x10 PREC=0x40 TTL=49 ID=62385 TCP DPT=8080 WINDOW=15101 SYN Unauthorised access (Sep 24) SRC=114.230.134.186 LEN=40 TOS=0x10 PREC=0x40 TTL=49 ID=18081 TCP DPT=8080 WINDOW=56728 SYN	2019-09-26 16:01:30

Recently Reported IPs

38.101.101.123	152.255.51.85	192.61.188.116	210.76.238.19
31.93.153.190	151.38.180.246	170.84.196.201	99.143.16.20
57.15.88.129	166.193.131.59	113.181.124.244	168.177.211.157
239.225.115.233	229.24.241.168	111.119.127.228	148.17.158.145
162.253.118.15	119.217.104.167	236.220.12.187	219.162.218.7