2.94.103.244 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Russian Federation

Internet Service Provider: PJSC Vimpelcom

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Unauthorized connection attempt from IP address 2.94.103.244 on Port 445(SMB)	2019-08-28 07:31:13

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 2.94.103.244
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34216
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;2.94.103.244.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019082701 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Aug 28 07:31:08 CST 2019
;; MSG SIZE  rcvd: 116

Host info

Host 244.103.94.2.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 244.103.94.2.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
180.101.205.49	attack	Dec 17 07:24:03 ns3042688 sshd\[16635\]: Invalid user darwin from 180.101.205.49 Dec 17 07:24:03 ns3042688 sshd\[16635\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.101.205.49 Dec 17 07:24:05 ns3042688 sshd\[16635\]: Failed password for invalid user darwin from 180.101.205.49 port 58666 ssh2 Dec 17 07:30:58 ns3042688 sshd\[19983\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.101.205.49 user=bin Dec 17 07:31:00 ns3042688 sshd\[19983\]: Failed password for bin from 180.101.205.49 port 42096 ssh2 ...	2019-12-17 14:42:19
77.239.254.4	attackspam	Dec 17 06:48:31 meumeu sshd[17834]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.239.254.4 Dec 17 06:48:33 meumeu sshd[17834]: Failed password for invalid user zed from 77.239.254.4 port 35304 ssh2 Dec 17 06:55:17 meumeu sshd[18807]: Failed password for nagios from 77.239.254.4 port 43234 ssh2 ...	2019-12-17 14:14:15
140.255.2.110	attackspam	2019-12-16 22:54:51 dovecot_login authenticator failed for (lhkjeaxi.com) [140.255.2.110]:57352 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=ler@lerctr.org) 2019-12-16 22:55:06 dovecot_login authenticator failed for (lhkjeaxi.com) [140.255.2.110]:57929 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=ler@lerctr.org) 2019-12-16 22:55:30 dovecot_login authenticator failed for (lhkjeaxi.com) [140.255.2.110]:58774 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=ler@lerctr.org) ...	2019-12-17 14:10:28
167.172.232.99	attackbotsspam	Invalid user shimaz from 167.172.232.99 port 58180	2019-12-17 14:24:55
177.43.91.50	attack	Dec 17 06:35:22 root sshd[3032]: Failed password for root from 177.43.91.50 port 52048 ssh2 Dec 17 06:42:30 root sshd[3127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.43.91.50 Dec 17 06:42:32 root sshd[3127]: Failed password for invalid user jeffh from 177.43.91.50 port 17026 ssh2 ...	2019-12-17 13:49:38
51.75.23.173	attackspam	Dec 17 00:45:54 linuxvps sshd\[20606\]: Invalid user admin from 51.75.23.173 Dec 17 00:45:54 linuxvps sshd\[20606\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.23.173 Dec 17 00:45:56 linuxvps sshd\[20606\]: Failed password for invalid user admin from 51.75.23.173 port 49146 ssh2 Dec 17 00:52:17 linuxvps sshd\[24699\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.23.173 user=root Dec 17 00:52:20 linuxvps sshd\[24699\]: Failed password for root from 51.75.23.173 port 53161 ssh2	2019-12-17 14:03:15
218.92.0.175	attackbotsspam	Dec 17 02:50:10 firewall sshd[26903]: Failed password for root from 218.92.0.175 port 6694 ssh2 Dec 17 02:50:14 firewall sshd[26903]: Failed password for root from 218.92.0.175 port 6694 ssh2 Dec 17 02:50:19 firewall sshd[26903]: Failed password for root from 218.92.0.175 port 6694 ssh2 ...	2019-12-17 13:58:31
199.192.26.185	attack	Dec 17 06:51:32 vpn01 sshd[1239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.192.26.185 Dec 17 06:51:35 vpn01 sshd[1239]: Failed password for invalid user test from 199.192.26.185 port 47966 ssh2 ...	2019-12-17 14:04:29
128.199.84.201	attackbots	Dec 17 01:07:11 ny01 sshd[31724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.84.201 Dec 17 01:07:13 ny01 sshd[31724]: Failed password for invalid user password from 128.199.84.201 port 38390 ssh2 Dec 17 01:14:18 ny01 sshd[32427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.84.201	2019-12-17 14:27:36
140.143.208.132	attack	Dec 17 00:34:05 plusreed sshd[26186]: Invalid user alleruzzo from 140.143.208.132 ...	2019-12-17 13:51:29
78.46.99.254	attackspambots	[Tue Dec 17 13:15:06.462104 2019] [:error] [pid 11536:tid 140608303789824] [client 78.46.99.254:46288] [client 78.46.99.254] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "MJ12bot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "183"] [id "913102"] [msg "Found User-Agent associated with web crawler/bot"] [data "Matched Data: MJ12bot found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; mj12bot/v1.4.8; http://mj12bot.com/)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-crawler"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/CRAWLER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "staklim-malang.info"] [uri "/robots.txt"] [unique_id "XfhyajdimycOJwbo7IPuiAAAAIM"] ...	2019-12-17 14:26:47
222.186.180.9	attackspambots	SSH-bruteforce attempts	2019-12-17 14:16:41
189.176.49.45	attackbots	Invalid user rylea from 189.176.49.45 port 45532	2019-12-17 14:11:49
220.76.107.50	attack	detected by Fail2Ban	2019-12-17 14:11:13
5.129.190.150	attack	Unauthorized connection attempt detected from IP address 5.129.190.150 to port 445	2019-12-17 13:49:24

Recently Reported IPs

53.234.1.101	103.226.156.140	230.15.27.53	167.0.193.39
246.173.215.5	214.233.240.231	27.220.89.132	120.169.22.145
107.78.23.3	116.198.188.232	175.111.105.178	50.37.227.17
190.251.2.207	62.211.156.103	49.248.22.123	7.192.228.138
12.217.120.63	10.210.245.142	251.26.75.235	228.224.215.9