172.89.2.42 - IPInfo

Basic Info

City: Los Angeles

Region: California

Country: United States

Internet Service Provider: Charter Communications Inc

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	Honeypot attack, port: 445, PTR: cpe-172-89-2-42.socal.res.rr.com.	2020-06-04 06:38:51

Comments on same subnet:

IP	Type	Details	Datetime
172.89.2.62	attackspambots	Honeypot attack, port: 445, PTR: cpe-172-89-2-62.socal.res.rr.com.	2020-05-01 06:10:08
172.89.24.35	attack	Automatic report - Port Scan Attack	2020-04-25 19:25:44
172.89.206.82	attackspam	Brainless IDIOT Website Spammer~	2019-11-12 18:47:27

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 172.89.2.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52354
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;172.89.2.42.			IN	A

;; AUTHORITY SECTION:
.			364	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020060302 1800 900 604800 86400

;; Query time: 59 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Jun 04 06:38:47 CST 2020
;; MSG SIZE  rcvd: 115

Host info

42.2.89.172.in-addr.arpa domain name pointer cpe-172-89-2-42.socal.res.rr.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
42.2.89.172.in-addr.arpa	name = cpe-172-89-2-42.socal.res.rr.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
52.188.69.174	attackspam	Sep 17 15:18:09 host1 sshd[692899]: Failed password for root from 52.188.69.174 port 58386 ssh2 Sep 17 15:21:50 host1 sshd[693061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.188.69.174 user=root Sep 17 15:21:51 host1 sshd[693061]: Failed password for root from 52.188.69.174 port 44430 ssh2 Sep 17 15:21:50 host1 sshd[693061]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.188.69.174 user=root Sep 17 15:21:51 host1 sshd[693061]: Failed password for root from 52.188.69.174 port 44430 ssh2 ...	2020-09-17 21:57:51
212.70.149.4	attackspam	Sep 17 15:39:17 relay postfix/smtpd\[647\]: warning: unknown\[212.70.149.4\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 17 15:42:26 relay postfix/smtpd\[2450\]: warning: unknown\[212.70.149.4\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 17 15:45:33 relay postfix/smtpd\[1410\]: warning: unknown\[212.70.149.4\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 17 15:48:40 relay postfix/smtpd\[646\]: warning: unknown\[212.70.149.4\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 17 15:51:48 relay postfix/smtpd\[30216\]: warning: unknown\[212.70.149.4\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-09-17 22:00:47
58.214.84.149	attackbotsspam	Cluster member 67.227.229.95 (US/United States/host.cjthedj97.me) said, DENY 58.214.84.149, Reason:[(sshd) Failed SSH login from 58.214.84.149 (CN/China/-): 1 in the last 3600 secs]; Ports: *; Direction: inout; Trigger: LF_CLUSTER	2020-09-17 21:45:42
54.37.71.203	attackspam	Cowrie Honeypot: 3 unauthorised SSH/Telnet login attempts between 2020-09-17T10:50:12Z and 2020-09-17T11:04:53Z	2020-09-17 21:53:37
176.106.132.131	attackbots	2020-09-17T12:32:54.210857dmca.cloudsearch.cf sshd[6164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.106.132.131 user=root 2020-09-17T12:32:56.740752dmca.cloudsearch.cf sshd[6164]: Failed password for root from 176.106.132.131 port 59183 ssh2 2020-09-17T12:36:31.139434dmca.cloudsearch.cf sshd[6322]: Invalid user test from 176.106.132.131 port 60991 2020-09-17T12:36:31.145129dmca.cloudsearch.cf sshd[6322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.106.132.131 2020-09-17T12:36:31.139434dmca.cloudsearch.cf sshd[6322]: Invalid user test from 176.106.132.131 port 60991 2020-09-17T12:36:33.134341dmca.cloudsearch.cf sshd[6322]: Failed password for invalid user test from 176.106.132.131 port 60991 ssh2 2020-09-17T12:40:13.874285dmca.cloudsearch.cf sshd[6407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.106.132.131 user=root 2020-09-17T12:40:15.005 ...	2020-09-17 21:52:39
37.152.178.44	attackbotsspam	SSH BruteForce Attack	2020-09-17 21:42:27
115.236.67.42	attackspam	$f2bV_matches	2020-09-17 21:50:53
206.189.2.54	attack	206.189.2.54 - - [16/Sep/2020:20:21:34 +0200] "GET /wp-login.php HTTP/1.1" 200 1984 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 206.189.2.54 - - [16/Sep/2020:20:21:34 +0200] "POST /wp-login.php HTTP/1.1" 200 2104 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 206.189.2.54 - - [16/Sep/2020:20:21:39 +0200] "GET /wp-login.php HTTP/1.1" 200 1984 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 206.189.2.54 - - [16/Sep/2020:20:21:39 +0200] "POST /wp-login.php HTTP/1.1" 200 2078 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 206.189.2.54 - - [16/Sep/2020:20:21:44 +0200] "GET /wp-login.php HTTP/1.1" 200 1984 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 206.189.2.54 - - [16/Sep/2020:20:21:45 +0200] "POST /wp-login.php HTTP/1.1" 200 2078 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/6 ...	2020-09-17 22:05:35
212.83.138.123	attackspambots	[2020-09-17 07:04:19] NOTICE[1239] chan_sip.c: Registration from '"2122" ' failed for '212.83.138.123:5072' - Wrong password [2020-09-17 07:04:19] SECURITY[1264] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-09-17T07:04:19.584-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="2122",SessionID="0x7f4d482a90b8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/212.83.138.123/5072",Challenge="52054486",ReceivedChallenge="52054486",ReceivedHash="cd94d9d9f5782dff79a3ec93688448e2" [2020-09-17 07:04:43] NOTICE[1239] chan_sip.c: Registration from '"221" ' failed for '212.83.138.123:5069' - Wrong password [2020-09-17 07:04:43] SECURITY[1264] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-09-17T07:04:43.967-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="221",SessionID="0x7f4d482299d8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/21 ...	2020-09-17 21:51:45
24.54.88.61	attackbotsspam	Brute-force attempt banned	2020-09-17 21:37:56
45.227.255.4	attackbots	Sep 17 14:26:06 ip106 sshd[8333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.227.255.4 Sep 17 14:26:08 ip106 sshd[8333]: Failed password for invalid user misp from 45.227.255.4 port 24651 ssh2 ...	2020-09-17 21:50:07
223.17.178.148	attackspambots	Honeypot attack, port: 5555, PTR: 148-178-17-223-on-nets.com.	2020-09-17 21:51:09
196.218.5.243	attack	Honeypot attack, port: 81, PTR: host-196.218.5.243-static.tedata.net.	2020-09-17 21:27:08
213.150.184.62	attack	2020-09-17T16:40:18.903535mail.standpoint.com.ua sshd[25997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.150.184.62 2020-09-17T16:40:18.900821mail.standpoint.com.ua sshd[25997]: Invalid user kongxx from 213.150.184.62 port 35446 2020-09-17T16:40:20.937994mail.standpoint.com.ua sshd[25997]: Failed password for invalid user kongxx from 213.150.184.62 port 35446 ssh2 2020-09-17T16:42:57.039798mail.standpoint.com.ua sshd[26303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.150.184.62 user=root 2020-09-17T16:42:59.234963mail.standpoint.com.ua sshd[26303]: Failed password for root from 213.150.184.62 port 46732 ssh2 ...	2020-09-17 21:55:26
213.160.156.181	attackbots	(sshd) Failed SSH login from 213.160.156.181 (UA/Ukraine/-): 3 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD	2020-09-17 21:42:55

Recently Reported IPs

73.103.58.190	85.57.145.133	77.228.1.80	201.62.111.64
220.137.130.19	91.32.161.186	1.46.123.6	165.234.105.233
149.7.216.192	88.200.214.71	58.37.215.178	147.133.183.34
186.229.0.4	109.179.109.166	50.79.17.40	35.187.148.132
210.136.166.27	144.2.164.72	115.48.179.180	171.173.6.27