85.13.2.117 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Austria

Internet Service Provider: JM-DATA GmbH

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Unauthorised access (Oct 15) SRC=85.13.2.117 LEN=40 TTL=54 ID=4759 TCP DPT=8080 WINDOW=692 SYN	2019-10-15 21:04:47
attack	Unauthorised access (Sep 5) SRC=85.13.2.117 LEN=40 TTL=54 ID=13101 TCP DPT=8080 WINDOW=32114 SYN	2019-09-05 08:26:02

Comments on same subnet:

IP	Type	Details	Datetime
85.13.247.34	attack	TCP (SYN,ACK) 85.13.247.34:443 -> port 2592, len 44	2020-07-28 03:26:15
85.13.253.154	attackspam	Brute forcing RDP port 3389	2020-02-20 08:50:20

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 85.13.2.117
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20942
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;85.13.2.117.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019090402 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu Sep 05 08:25:55 CST 2019
;; MSG SIZE  rcvd: 115

Host info

117.2.13.85.in-addr.arpa domain name pointer 85.13.2.117.jm-data.at.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
117.2.13.85.in-addr.arpa	name = 85.13.2.117.jm-data.at.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
167.71.111.16	attack	167.71.111.16 - - [30/Aug/2020:11:02:57 +0200] "GET /wp-login.php HTTP/1.1" 200 9040 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 167.71.111.16 - - [30/Aug/2020:11:02:58 +0200] "POST /wp-login.php HTTP/1.1" 200 9291 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 167.71.111.16 - - [30/Aug/2020:11:02:59 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-30 17:13:07
197.50.72.181	attackbotsspam	Unauthorized connection attempt from IP address 197.50.72.181 on Port 445(SMB)	2020-08-30 17:26:42
201.242.104.203	attackspambots	Unauthorized connection attempt from IP address 201.242.104.203 on Port 445(SMB)	2020-08-30 17:19:10
94.102.51.33	attackbots	[H1.VM6] Blocked by UFW	2020-08-30 16:57:18
182.254.166.215	attack	Time: Sun Aug 30 05:43:58 2020 +0200 IP: 182.254.166.215 (CN/China/-) Failures: 5 (sshd) Interval: 3600 seconds Blocked: Permanent Block [LF_SSHD] Log entries: Aug 18 11:53:52 mail-03 sshd[14041]: Invalid user cherie from 182.254.166.215 port 59030 Aug 18 11:53:54 mail-03 sshd[14041]: Failed password for invalid user cherie from 182.254.166.215 port 59030 ssh2 Aug 18 11:59:06 mail-03 sshd[14426]: Invalid user alfresco from 182.254.166.215 port 53062 Aug 18 11:59:08 mail-03 sshd[14426]: Failed password for invalid user alfresco from 182.254.166.215 port 53062 ssh2 Aug 18 12:00:54 mail-03 sshd[17193]: Invalid user x from 182.254.166.215 port 44494	2020-08-30 16:54:35
200.34.226.103	attackbotsspam	Attempted connection to port 1433.	2020-08-30 17:29:40
212.83.163.170	attackspam	[2020-08-30 04:42:32] NOTICE[1185] chan_sip.c: Registration from '"222"' failed for '212.83.163.170:7400' - Wrong password [2020-08-30 04:42:32] SECURITY[1203] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-08-30T04:42:32.213-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="222",SessionID="0x7f10c43e3a48",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/212.83.163.170/7400",Challenge="307483ea",ReceivedChallenge="307483ea",ReceivedHash="a9a39ab8b0c0827cd89b48ef663072b8" [2020-08-30 04:43:23] NOTICE[1185] chan_sip.c: Registration from '"223"' failed for '212.83.163.170:7453' - Wrong password [2020-08-30 04:43:23] SECURITY[1203] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-08-30T04:43:23.624-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="223",SessionID="0x7f10c41780b8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/212.83. ...	2020-08-30 16:51:47
95.154.24.73	attack	Triggered by Fail2Ban at Ares web server	2020-08-30 17:01:09
42.118.180.109	attack	Attempted connection to port 445.	2020-08-30 17:27:31
141.98.9.33	attackbotsspam	Aug 30 10:48:11 Ubuntu-1404-trusty-64-minimal sshd\[13199\]: Invalid user admin from 141.98.9.33 Aug 30 10:48:11 Ubuntu-1404-trusty-64-minimal sshd\[13199\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.9.33 Aug 30 10:48:13 Ubuntu-1404-trusty-64-minimal sshd\[13199\]: Failed password for invalid user admin from 141.98.9.33 port 38147 ssh2 Aug 30 10:48:25 Ubuntu-1404-trusty-64-minimal sshd\[13321\]: Invalid user Admin from 141.98.9.33 Aug 30 10:48:25 Ubuntu-1404-trusty-64-minimal sshd\[13321\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.9.33	2020-08-30 17:11:19
194.114.131.86	attackbotsspam	Attempted connection to port 445.	2020-08-30 17:31:01
180.140.243.207	attackbots	Aug 30 07:08:47 eventyay sshd[6922]: Failed password for root from 180.140.243.207 port 38812 ssh2 Aug 30 07:14:51 eventyay sshd[7093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.140.243.207 Aug 30 07:14:53 eventyay sshd[7093]: Failed password for invalid user zjw from 180.140.243.207 port 33316 ssh2 ...	2020-08-30 17:21:26
92.22.81.200	attackbotsspam	Attempted connection to port 37215.	2020-08-30 17:24:19
51.195.167.73	attack	Attempted connection to port 8443.	2020-08-30 17:00:11
92.246.16.39	attack	Failed password for invalid user postgres from 92.246.16.39 port 48860 ssh2	2020-08-30 17:20:05

Recently Reported IPs

89.208.87.250	115.178.223.71	192.64.6.196	27.254.140.71
203.203.84.247	211.17.59.208	199.149.40.163	201.102.136.113
46.86.115.55	176.159.245.147	109.51.226.239	145.93.175.67
193.170.142.82	45.42.45.38	11.245.171.250	171.117.63.157
58.30.9.26	174.22.77.68	167.130.32.93	58.216.104.172