2.91.252.143 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Saudi Arabia

Internet Service Provider: Saudi Telecom Company JSC

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Zyxel Multiple Products Command Injection Vulnerability	2020-05-29 00:38:38

Comments on same subnet:

IP	Type	Details	Datetime
2.91.252.67	attackbotsspam	Automatic report - Port Scan Attack	2020-09-01 15:30:54
2.91.252.230	attackspambots	port scan and connect, tcp 22 (ssh)	2019-09-22 03:31:32

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 2.91.252.143
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30478
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;2.91.252.143.			IN	A

;; AUTHORITY SECTION:
.			578	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020052800 1800 900 604800 86400

;; Query time: 217 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri May 29 00:38:30 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 143.252.91.2.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 143.252.91.2.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
106.51.70.251	attackspambots	Aug 9 20:29:28 OPSO sshd\[8243\]: Invalid user fish from 106.51.70.251 port 37630 Aug 9 20:29:28 OPSO sshd\[8243\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.70.251 Aug 9 20:29:29 OPSO sshd\[8243\]: Failed password for invalid user fish from 106.51.70.251 port 37630 ssh2 Aug 9 20:34:23 OPSO sshd\[8871\]: Invalid user photos from 106.51.70.251 port 58340 Aug 9 20:34:23 OPSO sshd\[8871\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.51.70.251	2019-08-10 02:42:47
138.197.195.174	attack	Brute force SMTP login attempted. ...	2019-08-10 03:12:56
101.71.2.111	attack	2019-08-09T19:10:54.661043abusebot-2.cloudsearch.cf sshd\[23698\]: Invalid user bob from 101.71.2.111 port 56259	2019-08-10 03:22:33
67.205.11.86	attackbots	Automatic report - Banned IP Access	2019-08-10 03:20:21
138.219.254.68	attackbotsspam	Brute force SMTP login attempted. ...	2019-08-10 02:55:34
138.197.180.29	attack	Brute force SMTP login attempted. ...	2019-08-10 03:14:40
14.238.10.110	attackbotsspam	Aug 9 21:35:00 server sshd\[4448\]: Invalid user ac from 14.238.10.110 port 50622 Aug 9 21:35:00 server sshd\[4448\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.238.10.110 Aug 9 21:35:01 server sshd\[4448\]: Failed password for invalid user ac from 14.238.10.110 port 50622 ssh2 Aug 9 21:40:02 server sshd\[5832\]: Invalid user super from 14.238.10.110 port 56464 Aug 9 21:40:02 server sshd\[5832\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.238.10.110	2019-08-10 02:54:08
138.197.170.118	attackspambots	Brute force SMTP login attempted. ...	2019-08-10 03:17:12
36.27.30.141	attack	Aug 9 19:00:00 mxgate1 postfix/postscreen[16813]: CONNECT from [36.27.30.141]:49593 to [176.31.12.44]:25 Aug 9 19:00:00 mxgate1 postfix/dnsblog[16864]: addr 36.27.30.141 listed by domain cbl.abuseat.org as 127.0.0.2 Aug 9 19:00:00 mxgate1 postfix/dnsblog[16863]: addr 36.27.30.141 listed by domain zen.spamhaus.org as 127.0.0.4 Aug 9 19:00:00 mxgate1 postfix/dnsblog[16876]: addr 36.27.30.141 listed by domain ix.dnsbl.xxxxxx.net as 127.0.0.2 Aug 9 19:00:00 mxgate1 postfix/dnsblog[16866]: addr 36.27.30.141 listed by domain bl.spamcop.net as 127.0.0.2 Aug 9 19:00:00 mxgate1 postfix/dnsblog[16865]: addr 36.27.30.141 listed by domain b.barracudacentral.org as 127.0.0.2 Aug 9 19:00:06 mxgate1 postfix/postscreen[16813]: DNSBL rank 6 for [36.27.30.141]:49593 Aug x@x Aug 9 19:00:07 mxgate1 postfix/postscreen[16813]: DISCONNECT [36.27.30.141]:49593 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=36.27.30.141	2019-08-10 03:28:00
217.182.252.63	attackbotsspam	Aug 9 19:54:34 SilenceServices sshd[7280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.182.252.63 Aug 9 19:54:36 SilenceServices sshd[7280]: Failed password for invalid user cmc from 217.182.252.63 port 52090 ssh2 Aug 9 20:03:18 SilenceServices sshd[13639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.182.252.63	2019-08-10 02:39:49
110.90.137.202	attackbotsspam	Aug 9 18:58:02 h2421860 postfix/postscreen[30029]: CONNECT from [110.90.137.202]:49694 to [85.214.119.52]:25 Aug 9 18:58:02 h2421860 postfix/dnsblog[30037]: addr 110.90.137.202 listed by domain zen.spamhaus.org as 127.0.0.4 Aug 9 18:58:02 h2421860 postfix/dnsblog[30037]: addr 110.90.137.202 listed by domain zen.spamhaus.org as 127.0.0.3 Aug 9 18:58:02 h2421860 postfix/dnsblog[30037]: addr 110.90.137.202 listed by domain zen.spamhaus.org as 127.0.0.11 Aug 9 18:58:02 h2421860 postfix/dnsblog[30038]: addr 110.90.137.202 listed by domain Unknown.trblspam.com as 185.53.179.7 Aug 9 18:58:02 h2421860 postfix/dnsblog[30034]: addr 110.90.137.202 listed by domain b.barracudacentral.org as 127.0.0.2 Aug 9 18:58:08 h2421860 postfix/postscreen[30029]: DNSBL rank 6 for [110.90.137.202]:49694 Aug x@x Aug 9 18:58:09 h2421860 postfix/postscreen[30029]: HANGUP after 1 from [110.90.137.202]:49694 in tests after SMTP handshake Aug 9 18:58:09 h2421860 postfix/postscreen[30029]: DIS........ -------------------------------	2019-08-10 02:54:50
45.65.65.18	attackspam	2019-08-09 12:35:25 H=(litoexpress.it) [45.65.65.18]:48794 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3, 127.0.0.4) (https://www.spamhaus.org/query/ip/45.65.65.18) 2019-08-09 12:35:26 H=(litoexpress.it) [45.65.65.18]:48794 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.4, 127.0.0.3) (https://www.spamhaus.org/query/ip/45.65.65.18) 2019-08-09 12:35:27 H=(litoexpress.it) [45.65.65.18]:48794 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.4, 127.0.0.3) (https://www.spamhaus.org/sbl/query/SBLCSS) ...	2019-08-10 03:25:15
138.68.158.109	attack	Brute force SMTP login attempted. ...	2019-08-10 02:44:54
138.197.171.124	attackspambots	Brute force SMTP login attempted. ...	2019-08-10 03:16:40
209.97.142.250	attackbotsspam	Automatic report - Banned IP Access	2019-08-10 03:04:34

Recently Reported IPs

112.15.38.248	183.167.59.77	30.168.195.46	208.69.249.108
95.201.206.204	220.101.44.229	47.98.133.204	18.162.115.5
11.152.169.119	82.102.173.90	37.45.15.7	39.36.117.244
201.81.241.47	203.217.140.8	201.28.197.75	180.120.208.76
111.109.17.230	108.119.254.7	138.99.195.179	114.232.109.160