42.2.172.91 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Hong Kong

Internet Service Provider: Hong Kong Telecommunications (HKT) Limited

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Unauthorised access (Jul 23) SRC=42.2.172.91 LEN=40 TTL=48 ID=12050 TCP DPT=23 WINDOW=17570 SYN	2019-07-23 17:09:48

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.2.172.91
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42624
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.2.172.91.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019072300 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Tue Jul 23 17:09:39 CST 2019
;; MSG SIZE  rcvd: 115

Host info

91.172.2.42.in-addr.arpa domain name pointer 42-2-172-091.static.netvigator.com.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
91.172.2.42.in-addr.arpa	name = 42-2-172-091.static.netvigator.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
37.49.224.137	attackbotsspam	Scanning random ports - tries to find possible vulnerable services	2019-08-02 16:03:13
153.36.240.126	attackbotsspam	2019-08-02T14:52:35.729285enmeeting.mahidol.ac.th sshd\[8058\]: User root from 153.36.240.126 not allowed because not listed in AllowUsers 2019-08-02T14:52:36.045056enmeeting.mahidol.ac.th sshd\[8058\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.36.240.126 user=root 2019-08-02T14:52:38.294401enmeeting.mahidol.ac.th sshd\[8058\]: Failed password for invalid user root from 153.36.240.126 port 20527 ssh2 ...	2019-08-02 15:52:48
45.95.33.208	attack	Postfix DNSBL listed. Trying to send SPAM.	2019-08-02 16:22:48
162.247.74.217	attack	Aug 2 07:40:43 MK-Soft-VM5 sshd\[10792\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.247.74.217 user=root Aug 2 07:40:44 MK-Soft-VM5 sshd\[10792\]: Failed password for root from 162.247.74.217 port 44044 ssh2 Aug 2 07:40:46 MK-Soft-VM5 sshd\[10792\]: Failed password for root from 162.247.74.217 port 44044 ssh2 ...	2019-08-02 15:50:45
175.19.30.46	attackspambots	Invalid user f from 175.19.30.46 port 37016	2019-08-02 16:23:38
192.119.71.98	attackspam	TCP Port: 25 _ invalid blocked zen-spamhaus truncate-gbudb _ _ _ _ (3)	2019-08-02 15:43:51
164.132.62.233	attack	2019-08-01T23:12:13.234286abusebot-2.cloudsearch.cf sshd\[20733\]: Invalid user mysql from 164.132.62.233 port 56480	2019-08-02 16:15:37
191.7.119.109	attackbotsspam	[portscan] tcp/23 [TELNET] *(RWIN=16947)(08021029)	2019-08-02 16:17:19
130.61.121.78	attackbots	Automatic report - Banned IP Access	2019-08-02 16:24:21
121.122.103.212	attackspambots	Invalid user tgz from 121.122.103.212 port 54237	2019-08-02 16:25:44
117.50.13.42	attackbotsspam	Aug 2 01:13:23 mars sshd\[37329\]: Invalid user sino_zsk from 117.50.13.42 Aug 2 01:13:23 mars sshd\[37329\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.13.42 Aug 2 01:13:25 mars sshd\[37329\]: Failed password for invalid user sino_zsk from 117.50.13.42 port 39834 ssh2 ...	2019-08-02 15:36:48
218.92.0.184	attackspambots	Aug 2 15:30:43 bacztwo sshd[405]: error: PAM: Authentication failure for root from 218.92.0.184 Aug 2 15:30:45 bacztwo sshd[405]: error: PAM: Authentication failure for root from 218.92.0.184 Aug 2 15:30:48 bacztwo sshd[405]: error: PAM: Authentication failure for root from 218.92.0.184 Aug 2 15:30:48 bacztwo sshd[405]: Failed keyboard-interactive/pam for root from 218.92.0.184 port 52402 ssh2 Aug 2 15:30:40 bacztwo sshd[405]: error: PAM: Authentication failure for root from 218.92.0.184 Aug 2 15:30:43 bacztwo sshd[405]: error: PAM: Authentication failure for root from 218.92.0.184 Aug 2 15:30:45 bacztwo sshd[405]: error: PAM: Authentication failure for root from 218.92.0.184 Aug 2 15:30:48 bacztwo sshd[405]: error: PAM: Authentication failure for root from 218.92.0.184 Aug 2 15:30:48 bacztwo sshd[405]: Failed keyboard-interactive/pam for root from 218.92.0.184 port 52402 ssh2 Aug 2 15:30:51 bacztwo sshd[405]: error: PAM: Authentication failure for root from 218.92.0.184 Aug ...	2019-08-02 16:27:47
83.217.219.82	attackbots	Many RDP login attempts detected by IDS script	2019-08-02 15:54:12
82.245.177.183	attackspam	$f2bV_matches	2019-08-02 16:07:51
159.65.57.1	attackspam	Jul 31 16:39:26 wp sshd[6472]: Did not receive identification string from 159.65.57.1 Jul 31 16:41:04 wp sshd[6491]: reveeclipse mapping checking getaddrinfo for 307594.cloudwaysapps.com [159.65.57.1] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 31 16:41:04 wp sshd[6491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.57.1 user=r.r Jul 31 16:41:07 wp sshd[6491]: Failed password for r.r from 159.65.57.1 port 57044 ssh2 Jul 31 16:41:07 wp sshd[6491]: Received disconnect from 159.65.57.1: 11: Bye Bye [preauth] Jul 31 16:44:28 wp sshd[6555]: reveeclipse mapping checking getaddrinfo for 307594.cloudwaysapps.com [159.65.57.1] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 31 16:44:28 wp sshd[6555]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.57.1 user=r.r Jul 31 16:44:30 wp sshd[6555]: Failed password for r.r from 159.65.57.1 port 36489 ssh2 Jul 31 16:44:30 wp sshd[6555]: Received disconn........ -------------------------------	2019-08-02 16:04:53

Recently Reported IPs

111.231.89.162	95.13.100.25	193.254.244.43	77.42.109.158
60.76.183.125	18.138.98.163	205.144.208.246	31.89.22.242
80.202.66.183	82.64.35.71	195.98.132.195	16.132.144.70
45.116.232.22	216.100.36.13	210.211.226.231	248.201.67.46
104.214.231.44	154.182.226.115	182.185.112.231	109.105.10.176