207.244.92.2 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: LeaseWeb USA Inc.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	ET SCAN Sipvicious Scan - port: 5060 proto: udp cat: Attempted Information Leakbytes: 453	2020-08-07 15:02:37
attack	firewall-block, port(s): 5060/udp	2020-07-23 01:29:35

Comments on same subnet:

IP	Type	Details	Datetime
207.244.92.6	attackspambots	08/05/2020-16:00:33.975475 207.244.92.6 Protocol: 17 ET SCAN Sipvicious Scan	2020-08-06 04:07:57
207.244.92.6	attackspambots	08/02/2020-16:29:39.450307 207.244.92.6 Protocol: 17 ET SCAN Sipvicious Scan	2020-08-03 04:51:46
207.244.92.6	attackspam	08/01/2020-17:19:22.342240 207.244.92.6 Protocol: 17 ET SCAN Sipvicious Scan	2020-08-02 05:28:29
207.244.92.6	attack	207.244.92.6 was recorded 8 times by 4 hosts attempting to connect to the following ports: 5060. Incident counter (4h, 24h, all-time): 8, 24, 491	2020-08-01 06:21:28
207.244.92.6	attackbots	UDP 207.244.92.6:5118 -> port 5060, len 442	2020-07-30 22:52:29
207.244.92.6	attackspambots	07/29/2020-17:56:47.678455 207.244.92.6 Protocol: 17 ET SCAN Sipvicious Scan	2020-07-30 06:13:16
207.244.92.4	attack	Jul 28 14:07:51 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=207.244.92.4 DST=77.73.69.240 LEN=437 TOS=0x00 PREC=0x00 TTL=51 ID=54865 DF PROTO=UDP SPT=5146 DPT=47260 LEN=417 Jul 28 14:07:51 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=207.244.92.4 DST=77.73.69.240 LEN=440 TOS=0x00 PREC=0x00 TTL=50 ID=54863 DF PROTO=UDP SPT=5146 DPT=47060 LEN=420 Jul 28 14:07:51 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=207.244.92.4 DST=77.73.69.240 LEN=438 TOS=0x00 PREC=0x00 TTL=50 ID=54864 DF PROTO=UDP SPT=5146 DPT=47160 LEN=418 Jul 28 14:07:51 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=207.244.92.4 DST=77.73.69.240 LEN=437 TOS=0x00 PREC=0x00 TTL=49 ID=54867 DF PROTO=UDP SPT=5146 DPT=47460 LEN=417 Jul 28 14:07:51 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=207.244. ...	2020-07-28 20:41:39
207.244.92.6	attack	Jul 28 01:51:29 debian-2gb-nbg1-2 kernel: \[18152392.201805\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=207.244.92.6 DST=195.201.40.59 LEN=442 TOS=0x00 PREC=0x00 TTL=48 ID=27571 DF PROTO=UDP SPT=5098 DPT=5060 LEN=422	2020-07-28 07:55:32
207.244.92.6	attackspam	207.244.92.6 was recorded 12 times by 4 hosts attempting to connect to the following ports: 5060. Incident counter (4h, 24h, all-time): 12, 42, 329	2020-07-28 02:04:43
207.244.92.6	attack	207.244.92.6 was recorded 9 times by 4 hosts attempting to connect to the following ports: 5060. Incident counter (4h, 24h, all-time): 9, 42, 272	2020-07-26 22:28:02
207.244.92.6	attackbotsspam	Fail2Ban Ban Triggered	2020-07-26 05:35:09
207.244.92.6	attack	07/24/2020-10:18:28.273462 207.244.92.6 Protocol: 17 ET SCAN Sipvicious Scan	2020-07-24 22:20:04
207.244.92.6	attackspam	07/21/2020-17:34:23.057164 207.244.92.6 Protocol: 17 ET SCAN Sipvicious Scan	2020-07-22 05:49:52
207.244.92.6	attack	07/21/2020-10:06:02.306177 207.244.92.6 Protocol: 17 ET SCAN Sipvicious Scan	2020-07-21 22:30:14
207.244.92.5	attackbots	Long Request	2020-07-12 14:29:20

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 207.244.92.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4220
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;207.244.92.2.			IN	A

;; AUTHORITY SECTION:
.			370	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020072200 1800 900 604800 86400

;; Query time: 60 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Jul 23 01:29:30 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 2.92.244.207.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 2.92.244.207.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
218.92.0.148	attack	Feb 26 17:50:58 jane sshd[7099]: Failed password for root from 218.92.0.148 port 32870 ssh2 Feb 26 17:51:03 jane sshd[7099]: Failed password for root from 218.92.0.148 port 32870 ssh2 ...	2020-02-27 01:04:01
172.105.210.107	attackbotsspam	scans 1 times in preceeding hours on the ports (in chronological order) 8009 resulting in total of 6 scans from 172.104.0.0/15 block.	2020-02-27 01:14:17
93.174.93.218	attackbots	ET DROP Dshield Block Listed Source group 1 - port: 1080 proto: TCP cat: Misc Attack	2020-02-27 01:20:11
92.63.194.115	attackbots	02/26/2020-12:10:06.006304 92.63.194.115 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2020-02-27 01:22:03
83.97.20.37	attackbots	Feb 26 17:51:04 debian-2gb-nbg1-2 kernel: \[4995060.233112\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=83.97.20.37 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=46755 DPT=456 WINDOW=65535 RES=0x00 SYN URGP=0	2020-02-27 01:27:06
193.57.40.38	attackbots	Port 443 (HTTPS) access denied	2020-02-27 00:48:44
61.186.32.37	attack	scans 2 times in preceeding hours on the ports (in chronological order) 37215 37215	2020-02-27 01:29:57
66.240.205.34	attackbotsspam	ET CINS Active Threat Intelligence Poor Reputation IP group 58 - port: 7415 proto: TCP cat: Misc Attack	2020-02-27 01:01:05
88.214.26.102	attackbotsspam	firewall-block, port(s): 15587/tcp	2020-02-27 00:58:44
185.156.73.49	attackspambots	Feb 26 18:04:41 debian-2gb-nbg1-2 kernel: \[4995876.663380\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=185.156.73.49 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=36644 PROTO=TCP SPT=53984 DPT=13148 WINDOW=1024 RES=0x00 SYN URGP=0	2020-02-27 01:11:34
117.144.189.69	attackspambots	[ssh] SSH attack	2020-02-27 01:18:08
176.113.115.185	attackbotsspam	scans 11 times in preceeding hours on the ports (in chronological order) 12000 55001 17000 3889 54000 8009 53000 5889 43000 5555 1318 resulting in total of 65 scans from 176.113.115.0/24 block.	2020-02-27 01:13:41
165.227.67.64	attack	Feb 26 21:13:22 gw1 sshd[30772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.67.64 Feb 26 21:13:24 gw1 sshd[30772]: Failed password for invalid user admin from 165.227.67.64 port 59754 ssh2 ...	2020-02-27 01:16:00
185.175.93.3	attack	ET DROP Dshield Block Listed Source group 1 - port: 6564 proto: TCP cat: Misc Attack	2020-02-27 01:11:17
80.82.77.189	attackbotsspam	ET CINS Active Threat Intelligence Poor Reputation IP group 69 - port: 55409 proto: TCP cat: Misc Attack	2020-02-27 01:28:46

Recently Reported IPs

147.200.201.179	189.173.176.90	250.84.54.219	81.81.169.35
89.207.217.50	89.9.16.229	64.135.201.203	140.25.204.156
58.126.209.207	60.19.132.227	139.166.103.230	220.212.139.88
211.189.222.134	200.137.170.246	219.190.154.105	102.253.30.65
13.75.232.250	194.62.1.36	129.211.54.147	78.139.51.234