58.229.123.142

Basic Info

City: unknown

Region: unknown

Country: None

Internet Service Provider: SK Broadband Co Ltd

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	58.229.123.142 (KR/South Korea/-) blocked for port scanning Time: Fri Oct 25 13:29:48 2019 +0000 IP: 58.229.123.142 (KR/South Korea/-) Hits: 20 Blocked: Temporary Block for 3600 seconds [PS_LIMIT] Sample of block hits: Oct 25 13:29:13 server kernel: [735332.147742] Firewall: Port Flood IN=eth0 OUT= MAC=0a:df:4c:a0:a6:86:0a:b2:a6:f2:cb:7a:08:00 SRC=58.229.123.142 DST=172.31.47.249 LEN=40 TOS=0x08 PREC=0x20 TTL=57 ID=65366 DF PROTO=TCP SPT=37540 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0 etc	2019-10-26 07:53:24

Type

Details

Datetime

attack

58.229.123.142 (KR/South Korea/-) blocked for port scanning
Time:    Fri Oct 25 13:29:48 2019 +0000
IP:      58.229.123.142 (KR/South Korea/-)
Hits:    20
Blocked: Temporary Block for 3600 seconds [PS_LIMIT]

Sample of block hits:
Oct 25 13:29:13 server kernel: [735332.147742] Firewall: *Port Flood* IN=eth0 OUT= MAC=0a:df:4c:a0:a6:86:0a:b2:a6:f2:cb:7a:08:00 SRC=58.229.123.142 DST=172.31.47.249 LEN=40 TOS=0x08 PREC=0x20 TTL=57 ID=65366 DF PROTO=TCP SPT=37540 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0 
etc

2019-10-26 07:53:24

Comments on same subnet:

IP	Type	Details	Datetime
58.229.123.184	attack	Unauthorized SSH login attempts	2019-10-26 07:35:50

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 58.229.123.142
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45347
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;58.229.123.142.			IN	A

;; AUTHORITY SECTION:
.			572	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019102502 1800 900 604800 86400

;; Query time: 122 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Oct 26 07:53:23 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 142.123.229.58.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 142.123.229.58.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
189.240.225.205	attack	May 31 05:46:21 pve1 sshd[13878]: Failed password for root from 189.240.225.205 port 43656 ssh2 ...	2020-05-31 12:00:55
106.12.193.217	attackspambots	SSH Brute-Force reported by Fail2Ban	2020-05-31 12:11:50
219.78.199.162	attackbotsspam	Port probing on unauthorized port 5555	2020-05-31 12:07:12
122.51.191.69	attackbotsspam	Bruteforce detected by fail2ban	2020-05-31 12:27:45
47.53.111.163	attackbots	1590897433 - 05/31/2020 05:57:13 Host: 47.53.111.163/47.53.111.163 Port: 445 TCP Blocked	2020-05-31 12:21:56
159.89.133.144	attackbots	SSH Brute-Force. Ports scanning.	2020-05-31 12:32:31
134.175.129.204	attack	May 31 00:52:36 firewall sshd[29092]: Failed password for invalid user matt from 134.175.129.204 port 54068 ssh2 May 31 00:57:31 firewall sshd[29218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.175.129.204 user=root May 31 00:57:33 firewall sshd[29218]: Failed password for root from 134.175.129.204 port 55312 ssh2 ...	2020-05-31 12:07:57
117.50.104.199	attackspam	Lines containing failures of 117.50.104.199 May 30 00:16:28 shared07 sshd[30225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.104.199 user=r.r May 30 00:16:31 shared07 sshd[30225]: Failed password for r.r from 117.50.104.199 port 47712 ssh2 May 30 00:16:31 shared07 sshd[30225]: Received disconnect from 117.50.104.199 port 47712:11: Bye Bye [preauth] May 30 00:16:31 shared07 sshd[30225]: Disconnected from authenticating user r.r 117.50.104.199 port 47712 [preauth] May 30 00:43:43 shared07 sshd[8524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.104.199 user=r.r May 30 00:43:45 shared07 sshd[8524]: Failed password for r.r from 117.50.104.199 port 40452 ssh2 May 30 00:43:46 shared07 sshd[8524]: Received disconnect from 117.50.104.199 port 40452:11: Bye Bye [preauth] May 30 00:43:46 shared07 sshd[8524]: Disconnected from authenticating user r.r 117.50.104.199 port 40452 [pr........ ------------------------------	2020-05-31 12:13:23
106.243.2.244	attackbotsspam	(sshd) Failed SSH login from 106.243.2.244 (KR/South Korea/-): 3 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: May 31 04:14:29 andromeda sshd[17668]: Invalid user server from 106.243.2.244 port 58738 May 31 04:14:30 andromeda sshd[17668]: Failed password for invalid user server from 106.243.2.244 port 58738 ssh2 May 31 04:16:11 andromeda sshd[17864]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.243.2.244 user=root	2020-05-31 12:38:09
112.85.42.187	attack	Brute force attempt	2020-05-31 12:34:36
86.123.218.193	attack	May 31 05:30:07 roki sshd[6161]: refused connect from 86.123.218.193 (86.123.218.193) May 31 05:34:01 roki sshd[6416]: refused connect from 86.123.218.193 (86.123.218.193) May 31 05:45:02 roki sshd[7214]: refused connect from 86.123.218.193 (86.123.218.193) May 31 05:50:57 roki sshd[7617]: refused connect from 86.123.218.193 (86.123.218.193) May 31 05:56:54 roki sshd[8014]: refused connect from 86.123.218.193 (86.123.218.193) ...	2020-05-31 12:35:31
111.229.13.242	attackbotsspam	fail2ban	2020-05-31 12:11:28
103.242.56.183	attackspambots	Invalid user bullard from 103.242.56.183 port 35570	2020-05-31 12:12:23
129.28.181.103	attackspambots	May 31 06:08:17 home sshd[15374]: Failed password for root from 129.28.181.103 port 33562 ssh2 May 31 06:10:05 home sshd[15619]: Failed password for root from 129.28.181.103 port 52884 ssh2 ...	2020-05-31 12:28:04
45.143.220.18	attack	[2020-05-30 23:57:34] NOTICE[1157] chan_sip.c: Registration from '"801" ' failed for '45.143.220.18:5610' - Wrong password [2020-05-30 23:57:34] SECURITY[1173] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-05-30T23:57:34.509-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="801",SessionID="0x7f5f1039ca78",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.143.220.18/5610",Challenge="3da4af34",ReceivedChallenge="3da4af34",ReceivedHash="cf57c4a2371d2baff48a189bf67d0017" [2020-05-30 23:57:34] NOTICE[1157] chan_sip.c: Registration from '"801" ' failed for '45.143.220.18:5610' - Wrong password [2020-05-30 23:57:34] SECURITY[1173] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-05-30T23:57:34.629-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="801",SessionID="0x7f5f1092cfb8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.143.2 ...	2020-05-31 12:05:26

Recently Reported IPs

61.75.172.222	162.125.36.1	112.175.193.1	52.221.214.168
46.99.151.204	18.141.57.148	18.136.203.7	13.250.48.33
187.113.104.100	93.133.22.51	14.169.195.3	60.184.181.253
103.131.51.66	192.166.218.25	167.114.98.96	178.104.49.165
40.78.82.103	14.123.151.218	94.23.25.77	254.221.241.99