58.220.2.92 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Jiangsu Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	2019-11-22T13:57:20.292Z CLOSE host=58.220.2.92 port=60986 fd=5 time=30.003 bytes=54 2019-11-22T13:57:20.292Z CLOSE host=58.220.2.92 port=60990 fd=6 time=30.002 bytes=46 2019-11-22T13:57:20.294Z CLOSE host=58.220.2.92 port=60978 fd=7 time=30.001 bytes=41 2019-11-22T13:57:20.295Z CLOSE host=58.220.2.92 port=60982 fd=8 time=30.002 bytes=44 2019-11-22T13:57:20.302Z CLOSE host=58.220.2.92 port=60992 fd=9 time=30.001 bytes=19 ...	2020-03-13 02:54:36
attackspam	SSH brute-force: detected 6 distinct usernames within a 24-hour window.	2019-11-22 23:03:33

Type

Details

Datetime

attackspam

2019-11-22T13:57:20.292Z CLOSE host=58.220.2.92 port=60986 fd=5 time=30.003 bytes=54
2019-11-22T13:57:20.292Z CLOSE host=58.220.2.92 port=60990 fd=6 time=30.002 bytes=46
2019-11-22T13:57:20.294Z CLOSE host=58.220.2.92 port=60978 fd=7 time=30.001 bytes=41
2019-11-22T13:57:20.295Z CLOSE host=58.220.2.92 port=60982 fd=8 time=30.002 bytes=44
2019-11-22T13:57:20.302Z CLOSE host=58.220.2.92 port=60992 fd=9 time=30.001 bytes=19
...

2020-03-13 02:54:36

attackspam

SSH brute-force: detected 6 distinct usernames within a 24-hour window.

2019-11-22 23:03:33

Comments on same subnet:

IP	Type	Details	Datetime
58.220.248.122	attackspam	08/06/2020-09:21:36.340580 58.220.248.122 Protocol: 6 ET SCAN Suspicious inbound to MSSQL port 1433	2020-08-07 02:20:10
58.220.248.187	attack	firewall-block, port(s): 1433/tcp	2020-08-05 01:07:07
58.220.25.2	attackbotsspam	firewall-block, port(s): 1433/tcp	2020-04-12 18:15:18
58.220.249.130	attackbots	SIP/5060 Probe, BF, Hack -	2020-04-08 02:20:05
58.220.220.92	attackspambots	IP reached maximum auth failures	2020-04-07 17:03:03
58.220.249.130	attackspambots	SIP/5060 Probe, BF, Hack -	2020-04-04 20:42:13
58.220.249.130	attackbotsspam	33900/tcp 57858/tcp 33889/tcp... [2020-02-03/03-30]50pkt,24pt.(tcp)	2020-03-31 02:21:27
58.220.249.130	attackspam	firewall-block, port(s): 33895/tcp	2020-03-17 09:52:09
58.220.249.130	attackbots	firewall-block, port(s): 33896/tcp	2020-03-17 03:08:08
58.220.249.130	attackbots	firewall-block, port(s): 3398/tcp	2020-03-05 09:01:28
58.220.244.106	attackspambots	Honeypot attack, port: 5555, PTR: PTR record not found	2020-02-21 20:17:45
58.220.201.87	attackbotsspam	unauthorized connection attempt	2020-02-16 21:42:32
58.220.234.18	attack	Brute force attempt	2020-02-16 03:14:32
58.220.253.253	attack	Automatic report - Banned IP Access	2020-02-14 23:54:56
58.220.234.18	attackspam	IMAP brute force ...	2020-02-06 03:25:04

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 58.220.2.92
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15316
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;58.220.2.92.			IN	A

;; AUTHORITY SECTION:
.			431	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019112200 1800 900 604800 86400

;; Query time: 112 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Nov 22 23:03:29 CST 2019
;; MSG SIZE  rcvd: 115

Host info

Host 92.2.220.58.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 92.2.220.58.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
150.255.2.223	attackspambots	/index_style.css /currentsetting.htm	2019-11-07 17:03:09
167.114.224.211	attackspam	Wordpress bruteforce	2019-11-07 16:39:37
54.37.131.176	attackbots	Nov 7 09:21:24 SilenceServices sshd[31551]: Failed password for root from 54.37.131.176 port 32956 ssh2 Nov 7 09:25:32 SilenceServices sshd[32710]: Failed password for root from 54.37.131.176 port 44010 ssh2	2019-11-07 16:42:24
2607:5300:61:404::	attackbots	xmlrpc attack	2019-11-07 17:00:33
73.59.165.164	attackspambots	Nov 7 02:48:08 server sshd\[1613\]: Failed password for invalid user kynaa from 73.59.165.164 port 45908 ssh2 Nov 7 09:07:37 server sshd\[3568\]: Invalid user Seneca from 73.59.165.164 Nov 7 09:07:37 server sshd\[3568\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=c-73-59-165-164.hsd1.tn.comcast.net Nov 7 09:07:39 server sshd\[3568\]: Failed password for invalid user Seneca from 73.59.165.164 port 57992 ssh2 Nov 7 09:27:09 server sshd\[8590\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=c-73-59-165-164.hsd1.tn.comcast.net user=root ...	2019-11-07 17:12:11
92.222.34.211	attack	Nov 7 09:27:35 localhost sshd\[11587\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.222.34.211 user=root Nov 7 09:27:37 localhost sshd\[11587\]: Failed password for root from 92.222.34.211 port 54888 ssh2 Nov 7 09:31:38 localhost sshd\[11984\]: Invalid user zs from 92.222.34.211 port 37230 Nov 7 09:31:38 localhost sshd\[11984\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.222.34.211	2019-11-07 16:48:15
111.93.228.190	attackbots	Nov 7 08:22:17 server sshd\[19461\]: Invalid user kathy from 111.93.228.190 port 40349 Nov 7 08:22:17 server sshd\[19461\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.93.228.190 Nov 7 08:22:19 server sshd\[19461\]: Failed password for invalid user kathy from 111.93.228.190 port 40349 ssh2 Nov 7 08:27:39 server sshd\[13337\]: Invalid user test2 from 111.93.228.190 port 58563 Nov 7 08:27:39 server sshd\[13337\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.93.228.190	2019-11-07 16:52:29
218.77.107.84	attackspam	Nov 3 22:06:58 pl3server sshd[2366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.77.107.84 user=r.r Nov 3 22:07:01 pl3server sshd[2366]: Failed password for r.r from 218.77.107.84 port 58934 ssh2 Nov 3 22:07:01 pl3server sshd[2366]: Received disconnect from 218.77.107.84: 11: Bye Bye [preauth] Nov 3 22:14:35 pl3server sshd[16879]: Invalid user ub from 218.77.107.84 Nov 3 22:14:35 pl3server sshd[16879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.77.107.84 Nov 3 22:14:37 pl3server sshd[16879]: Failed password for invalid user ub from 218.77.107.84 port 49333 ssh2 Nov 7 06:54:32 pl3server sshd[29960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.77.107.84 user=r.r Nov 7 06:54:34 pl3server sshd[29960]: Failed password for r.r from 218.77.107.84 port 28045 ssh2 Nov 7 06:54:34 pl3server sshd[29960]: Received disconnect from........ -------------------------------	2019-11-07 17:01:47
185.85.191.196	attackspambots	WordPress login Brute force / Web App Attack on client site.	2019-11-07 16:54:57
203.195.201.129	attackbotsspam	Nov 7 04:08:58 h2570396 sshd[8925]: Failed password for invalid user demo from 203.195.201.129 port 35640 ssh2 Nov 7 04:08:59 h2570396 sshd[8925]: Received disconnect from 203.195.201.129: 11: Bye Bye [preauth] Nov 7 04:28:23 h2570396 sshd[9346]: Failed password for invalid user wildfly from 203.195.201.129 port 58672 ssh2 Nov 7 04:28:24 h2570396 sshd[9346]: Received disconnect from 203.195.201.129: 11: Bye Bye [preauth] Nov 7 04:32:22 h2570396 sshd[9459]: Failed password for invalid user tamonash from 203.195.201.129 port 36748 ssh2 Nov 7 04:32:22 h2570396 sshd[9459]: Received disconnect from 203.195.201.129: 11: Bye Bye [preauth] Nov 7 04:36:16 h2570396 sshd[9548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.201.129 user=r.r Nov 7 04:36:18 h2570396 sshd[9548]: Failed password for r.r from 203.195.201.129 port 43056 ssh2 Nov 7 04:36:18 h2570396 sshd[9548]: Received disconnect from 203.195.201.129: 11: Bye By........ -------------------------------	2019-11-07 17:18:15
132.232.33.161	attack	SSH Brute-Force reported by Fail2Ban	2019-11-07 16:46:58
157.245.181.3	attackbotsspam	Nov 7 08:27:25 server2 sshd\[20137\]: Invalid user fake from 157.245.181.3 Nov 7 08:27:26 server2 sshd\[20139\]: Invalid user admin from 157.245.181.3 Nov 7 08:27:28 server2 sshd\[20142\]: User root from 157.245.181.3 not allowed because not listed in AllowUsers Nov 7 08:27:29 server2 sshd\[20145\]: Invalid user ubnt from 157.245.181.3 Nov 7 08:27:30 server2 sshd\[20147\]: Invalid user guest from 157.245.181.3 Nov 7 08:27:32 server2 sshd\[20149\]: Invalid user support from 157.245.181.3	2019-11-07 16:57:34
139.59.135.84	attackspam	Nov 7 07:13:23 game-panel sshd[3513]: Failed password for root from 139.59.135.84 port 42556 ssh2 Nov 7 07:17:22 game-panel sshd[3626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.135.84 Nov 7 07:17:24 game-panel sshd[3626]: Failed password for invalid user irina from 139.59.135.84 port 52026 ssh2	2019-11-07 17:11:19
189.123.234.183	attack	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/189.123.234.183/ BR - 1H : (291) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : BR NAME ASN : ASN28573 IP : 189.123.234.183 CIDR : 189.123.192.0/18 PREFIX COUNT : 1254 UNIQUE IP COUNT : 9653760 ATTACKS DETECTED ASN28573 : 1H - 1 3H - 3 6H - 7 12H - 21 24H - 27 DateTime : 2019-11-07 07:27:15 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-11-07 17:07:01
103.39.208.66	attackspam	[Aegis] @ 2019-11-07 08:42:55 0000 -> SSH insecure connection attempt (scan).	2019-11-07 16:51:49

Recently Reported IPs

122.246.242.124	240e:fc:c3e3:de00:d545:206e:1e57:cad	24.244.132.35	68.35.125.215
54.236.242.9	113.77.131.224	117.211.211.126	123.9.203.185
27.76.83.239	123.160.246.72	196.191.159.210	41.60.233.107
176.235.215.247	163.179.218.185	61.132.170.209	106.57.23.173
221.225.183.205	60.160.143.233	228.121.103.76	186.225.184.102