169.239.2.22 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Tanzania, United Republic of

Internet Service Provider: Simply Computers Tanzania Ltd

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Unauthorized connection attempt from IP address 169.239.2.22 on Port 445(SMB)	2020-01-23 23:52:48

Comments on same subnet:

IP	Type	Details	Datetime
169.239.213.9	attackbotsspam	Automatic report - Port Scan Attack	2020-08-22 12:18:33
169.239.236.101	attackbots	srvr1: (mod_security) mod_security (id:942100) triggered by 169.239.236.101 (NG/-/-): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/21 12:06:03 [error] 482759#0: 840602 [client 169.239.236.101] ModSecurity: Access denied with code 406 (phase 2). [file "/etc/modsecurity.d/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "45"] [id "942100"] [rev ""] [msg ""] [redacted] [severity "0"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [redacted] [uri "/forum/viewthread.php"] [unique_id "159801156315.457822"] [ref ""], client: 169.239.236.101, [redacted] request: "GET /forum/viewthread.php?thread_id=1122%27%29%29%29+OR+++%28%28%288824%3D0 HTTP/1.1" [redacted]	2020-08-21 22:20:08
169.239.248.122	attack	firewall-block, port(s): 445/tcp	2020-07-05 00:58:05
169.239.212.22	attackspam	Feb 18 23:02:57 cp sshd[22467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=169.239.212.22 Feb 18 23:02:57 cp sshd[22467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=169.239.212.22	2020-02-19 06:09:14
169.239.212.22	attackbots	Invalid user web1 from 169.239.212.22 port 36452	2020-02-15 02:19:10
169.239.220.35	attack	Brute force attempt	2020-02-08 14:10:07
169.239.212.22	attackbots	Feb 1 12:12:45 web9 sshd\[21793\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=169.239.212.22 user=root Feb 1 12:12:48 web9 sshd\[21793\]: Failed password for root from 169.239.212.22 port 34002 ssh2 Feb 1 12:17:15 web9 sshd\[22132\]: Invalid user tom from 169.239.212.22 Feb 1 12:17:15 web9 sshd\[22132\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=169.239.212.22 Feb 1 12:17:17 web9 sshd\[22132\]: Failed password for invalid user tom from 169.239.212.22 port 34626 ssh2	2020-02-02 06:21:49
169.239.222.251	attackspam	1580460271 - 01/31/2020 09:44:31 Host: 169.239.222.251/169.239.222.251 Port: 445 TCP Blocked	2020-01-31 22:15:02
169.239.212.75	attackspam	Unauthorized connection attempt detected from IP address 169.239.212.75 to port 80 [J]	2020-01-21 14:25:34
169.239.252.86	attack	2020-01-04T03:47:56.024297-07:00 suse-nuc sshd[16139]: Invalid user test3 from 169.239.252.86 port 33274 ...	2020-01-04 21:03:33
169.239.220.35	attackspam	Autoban 169.239.220.35 ABORTED AUTH	2019-11-18 21:18:57
169.239.220.35	attackbotsspam	Oct 25 20:18:22 flomail dovecot: imap-login: Disconnected (auth failed, 1 attempts in 4 secs): user=, method=PLAIN, rip=169.239.220.35, lip=10.140.194.78, TLS: Disconnected, session= Oct 25 20:19:33 flomail dovecot: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=169.239.220.35, lip=10.140.194.78, TLS, session= Oct 25 20:27:03 flomail dovecot: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=169.239.220.35, lip=10.140.194.78, TLS: Disconnected, session=	2019-10-26 06:13:02
169.239.223.106	attack	Brute force RDP, port 3389	2019-10-13 17:36:34
169.239.236.102	attack	169.239.236.102 has been banned for [spam] ...	2019-08-27 13:15:23
169.239.218.24	attackbots	243"or(1,2)=(select*from(selectname_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const(CHAR(111,108,111,108,111,115,104,101,114),1))a)--"x"="x	2019-07-26 06:03:22

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 169.239.2.22
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58552
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;169.239.2.22.			IN	A

;; AUTHORITY SECTION:
.			243	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020012300 1800 900 604800 86400

;; Query time: 52 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Jan 23 23:52:39 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 22.2.239.169.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 22.2.239.169.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
51.158.123.160	attack	$f2bV_matches	2020-03-20 02:34:59
189.84.118.114	attackspambots	...	2020-03-20 02:39:27
140.143.189.177	attackbots	(sshd) Failed SSH login from 140.143.189.177 (CN/China/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Mar 19 13:59:29 ubnt-55d23 sshd[9805]: Invalid user laravel from 140.143.189.177 port 40150 Mar 19 13:59:30 ubnt-55d23 sshd[9805]: Failed password for invalid user laravel from 140.143.189.177 port 40150 ssh2	2020-03-20 02:55:24
139.59.140.44	attackbots	WordPress login Brute force / Web App Attack on client site.	2020-03-20 02:55:48
71.6.232.4	attack	Mar 17 21:03:37 dev postfix/anvil\[21545\]: statistics: max connection rate 1/60s for $submission:71.6.232.4$ at Mar 17 21:00:17 ...	2020-03-20 02:36:33
51.68.190.223	attack	$f2bV_matches \| Triggered by Fail2Ban at Vostok web server	2020-03-20 02:29:32
173.208.218.130	attack	20 attempts against mh-misbehave-ban on storm	2020-03-20 03:02:18
77.75.79.32	attackspam	fulltextrobot-77-75-79-32.seznam.cz THIS .CZ HAS NO BUSINESS AT OUR WEBSITE	2020-03-20 02:43:52
104.168.88.225	attackspam	Invalid user newadmin from 104.168.88.225 port 55006	2020-03-20 02:28:39
169.197.108.6	attack	port scan and connect, tcp 443 (https)	2020-03-20 02:51:45
167.160.78.66	attack	(From ettienne@rugoshath.com) I'm currently looking at businesses who are close to ranking on page one of Google, and noticed that your website https://www.njchiro.com/page/doctor.html is currently in the top 100 pages of search results for "doctor", which is a profitable phrase we can build on and push up the rankings. I know you're very busy and I appreciate your time reading this. Would you like an edge over your competitors? If I could save you time and get you more leads would you be interested? I'd like to offer you the chance to discuss your business and see where you can make even MORE money, free of charge. If interested you can mail me anytime to discuss your business needs, we do everything from content and video creation, copywriting, competitor analysis, SEO, digital and social media marketing, Wordpress and sales funnel setup and design, email marketing campaigns and more. Everything you need to grow your business online. I'm also available on Skype should you prefer	2020-03-20 02:30:30
183.82.100.141	attackbots	Automatic report BANNED IP	2020-03-20 03:04:36
200.170.151.3	attackbotsspam	Invalid user odroid from 200.170.151.3 port 34970	2020-03-20 03:03:02
159.65.30.66	attack	Mar 19 19:18:41 legacy sshd[26576]: Failed password for root from 159.65.30.66 port 51718 ssh2 Mar 19 19:25:13 legacy sshd[26759]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.30.66 Mar 19 19:25:16 legacy sshd[26759]: Failed password for invalid user hubihao from 159.65.30.66 port 43358 ssh2 ...	2020-03-20 03:07:33
49.234.42.254	attack	frenzy	2020-03-20 02:42:25

Recently Reported IPs

42.123.99.102	87.103.175.101	195.33.201.195	93.119.33.82
151.181.55.171	79.2.24.44	177.15.56.231	120.79.196.46
32.171.68.229	139.244.187.138	92.38.173.11	151.117.248.151
195.231.4.32	16.244.207.36	181.112.139.222	191.171.21.230
200.201.193.34	179.242.188.2	91.134.185.80	178.46.213.146