36.66.242.2 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Indonesia

Internet Service Provider: PT Telkom Indonesia

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Unauthorized connection attempt from IP address 36.66.242.2 on Port 445(SMB)	2019-12-24 19:58:43

Comments on same subnet:

IP	Type	Details	Datetime
36.66.242.146	attackbotsspam	Aug 26 04:39:16 shivevps sshd[22324]: Bad protocol version identification '\024' from 36.66.242.146 port 34095 Aug 26 04:42:45 shivevps sshd[27809]: Bad protocol version identification '\024' from 36.66.242.146 port 40161 Aug 26 04:43:40 shivevps sshd[29668]: Bad protocol version identification '\024' from 36.66.242.146 port 41477 ...	2020-08-26 15:21:35
36.66.242.74	attackspam	23/tcp [2019-10-30]1pkt	2019-10-30 18:09:17
36.66.242.74	attackspam	scan z	2019-08-24 18:26:11

Type

Details

Datetime

36.66.242.146

attackbotsspam

Aug 26 04:39:16 shivevps sshd[22324]: Bad protocol version identification '\024' from 36.66.242.146 port 34095
Aug 26 04:42:45 shivevps sshd[27809]: Bad protocol version identification '\024' from 36.66.242.146 port 40161
Aug 26 04:43:40 shivevps sshd[29668]: Bad protocol version identification '\024' from 36.66.242.146 port 41477
...

2020-08-26 15:21:35

36.66.242.74

attackspam

23/tcp
[2019-10-30]1pkt

2019-10-30 18:09:17

36.66.242.74

attackspam

scan z

2019-08-24 18:26:11

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 36.66.242.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65017
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;36.66.242.2.			IN	A

;; AUTHORITY SECTION:
.			444	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019122400 1800 900 604800 86400

;; Query time: 109 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Dec 24 19:58:39 CST 2019
;; MSG SIZE  rcvd: 115

Host info

Host 2.242.66.36.in-addr.arpa not found: 2(SERVFAIL)

Nslookup info:

;; Got SERVFAIL reply from 183.60.83.19, trying next server
Server:		183.60.82.98
Address:	183.60.82.98#53

** server can't find 2.242.66.36.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
183.171.64.144	attackspam	Trolling for resource vulnerabilities	2020-08-20 18:59:02
176.104.128.248	attack	20/8/20@02:00:14: FAIL: Alarm-Network address from=176.104.128.248 20/8/20@02:00:15: FAIL: Alarm-Network address from=176.104.128.248 ...	2020-08-20 18:57:39
51.75.123.7	attackbotsspam	xmlrpc attack	2020-08-20 18:59:29
27.205.118.227	attackspam	Unauthorised access (Aug 20) SRC=27.205.118.227 LEN=40 TTL=46 ID=34118 TCP DPT=8080 WINDOW=31753 SYN	2020-08-20 19:19:36
157.55.39.85	attackbots	[Thu Aug 20 10:47:50.008433 2020] [:error] [pid 24698:tid 140548207650560] [client 157.55.39.85:2681] [client 157.55.39.85] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/swiper-v77.js"] [unique_id "Xz3yZqGeI0GCUMzG@ueWgAAAAC0"] ...	2020-08-20 19:24:46
118.24.123.34	attack	Aug 20 02:34:05 askasleikir sshd[5352]: Failed password for root from 118.24.123.34 port 45896 ssh2	2020-08-20 19:28:23
81.171.29.146	attack	Aug 20 10:53:19 sticky sshd\[2014\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.171.29.146 user=root Aug 20 10:53:21 sticky sshd\[2014\]: Failed password for root from 81.171.29.146 port 39172 ssh2 Aug 20 10:53:24 sticky sshd\[2014\]: Failed password for root from 81.171.29.146 port 39172 ssh2 Aug 20 10:53:26 sticky sshd\[2014\]: Failed password for root from 81.171.29.146 port 39172 ssh2 Aug 20 10:53:28 sticky sshd\[2014\]: Failed password for root from 81.171.29.146 port 39172 ssh2	2020-08-20 19:28:41
165.232.46.152	attackspam	Fail2Ban Ban Triggered	2020-08-20 19:29:48
189.206.160.153	attackspam	Aug 20 07:23:13 abendstille sshd\[21977\]: Invalid user ftp03 from 189.206.160.153 Aug 20 07:23:13 abendstille sshd\[21977\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.206.160.153 Aug 20 07:23:15 abendstille sshd\[21977\]: Failed password for invalid user ftp03 from 189.206.160.153 port 40544 ssh2 Aug 20 07:27:31 abendstille sshd\[26008\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.206.160.153 user=root Aug 20 07:27:34 abendstille sshd\[26008\]: Failed password for root from 189.206.160.153 port 41439 ssh2 ...	2020-08-20 19:07:54
185.222.202.12	attackbotsspam	Aug 20 14:54:17 dhoomketu sshd[2510956]: Failed password for root from 185.222.202.12 port 53362 ssh2 Aug 20 14:54:19 dhoomketu sshd[2510956]: Failed password for root from 185.222.202.12 port 53362 ssh2 Aug 20 14:54:22 dhoomketu sshd[2510956]: Failed password for root from 185.222.202.12 port 53362 ssh2 Aug 20 14:54:25 dhoomketu sshd[2510956]: Failed password for root from 185.222.202.12 port 53362 ssh2 Aug 20 14:54:31 dhoomketu sshd[2510956]: error: maximum authentication attempts exceeded for root from 185.222.202.12 port 53362 ssh2 [preauth] ...	2020-08-20 19:18:36
106.75.181.119	attackspam	Aug 20 11:53:59 vm1 sshd[6655]: Failed password for root from 106.75.181.119 port 36916 ssh2 ...	2020-08-20 18:55:16
106.12.74.99	attackbotsspam	Aug 20 06:36:32 Invalid user gok from 106.12.74.99 port 52350	2020-08-20 19:24:25
31.24.224.121	attackbotsspam	1 Attack(s) Detected [DoS Attack: ACK Scan] from source: 31.24.224.121, port 443, Tuesday, August 18, 2020 23:19:58	2020-08-20 18:50:46
113.92.35.33	attack	Aug 20 08:15:55 cosmoit sshd[16337]: Failed password for root from 113.92.35.33 port 36644 ssh2	2020-08-20 19:11:11
51.15.125.53	attackbotsspam	Aug 20 11:06:53 electroncash sshd[64522]: Invalid user avon from 51.15.125.53 port 56106 Aug 20 11:06:53 electroncash sshd[64522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.125.53 Aug 20 11:06:53 electroncash sshd[64522]: Invalid user avon from 51.15.125.53 port 56106 Aug 20 11:06:55 electroncash sshd[64522]: Failed password for invalid user avon from 51.15.125.53 port 56106 ssh2 Aug 20 11:10:52 electroncash sshd[65534]: Invalid user yuhui from 51.15.125.53 port 36114 ...	2020-08-20 19:12:39

Recently Reported IPs

115.75.88.52	247.140.133.103	233.10.42.91	216.82.43.138
156.206.2.30	34.204.96.111	123.103.76.224	49.229.53.18
3.161.74.163	101.108.69.2	3.127.137.193	85.174.83.194
42.113.63.217	207.109.216.250	14.172.80.114	235.11.211.89
180.251.201.101	90.109.68.248	105.233.226.138	127.36.153.208