85.172.104.55 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Russian Federation

Internet Service Provider: OJSC Rostelecom

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	[munged]::443 85.172.104.55 - - [02/Sep/2019:15:16:09 +0200] "POST /[munged]: HTTP/1.1" 200 9039 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" [munged]::443 85.172.104.55 - - [02/Sep/2019:15:16:09 +0200] "POST /[munged]: HTTP/1.1" 200 4378 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" [munged]::443 85.172.104.55 - - [02/Sep/2019:15:16:10 +0200] "POST /[munged]: HTTP/1.1" 200 4378 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" [munged]::443 85.172.104.55 - - [02/Sep/2019:15:16:11 +0200] "POST /[munged]: HTTP/1.1" 200 4378 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" [munged]::443 85.172.104.55 - - [02/Sep/2019:15:16:12 +0200] "POST /[munged]: HTTP/1.1" 200 4378 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" [munged]::443 85.172.104.55 - - [02/Sep/2019:15:16:13	2019-09-02 22:10:50
attack	Brute force attempt	2019-08-02 11:09:15

Type

Details

Datetime

attack

[munged]::443 85.172.104.55 - - [02/Sep/2019:15:16:09 +0200] "POST /[munged]: HTTP/1.1" 200 9039 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0"
[munged]::443 85.172.104.55 - - [02/Sep/2019:15:16:09 +0200] "POST /[munged]: HTTP/1.1" 200 4378 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0"
[munged]::443 85.172.104.55 - - [02/Sep/2019:15:16:10 +0200] "POST /[munged]: HTTP/1.1" 200 4378 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0"
[munged]::443 85.172.104.55 - - [02/Sep/2019:15:16:11 +0200] "POST /[munged]: HTTP/1.1" 200 4378 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0"
[munged]::443 85.172.104.55 - - [02/Sep/2019:15:16:12 +0200] "POST /[munged]: HTTP/1.1" 200 4378 "http://[munged]:/[munged]:" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0"
[munged]::443 85.172.104.55 - - [02/Sep/2019:15:16:13

2019-09-02 22:10:50

attack

Brute force attempt

2019-08-02 11:09:15

Comments on same subnet:

IP	Type	Details	Datetime
85.172.104.217	attackspambots	Automatic report - Port Scan Attack	2020-04-25 15:42:54

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 85.172.104.55
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26144
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;85.172.104.55.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019080101 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Aug 02 11:09:07 CST 2019
;; MSG SIZE  rcvd: 117

Host info

Host 55.104.172.85.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 55.104.172.85.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
187.111.57.60	attack	Jun 16 05:39:24 mail.srvfarm.net postfix/smtpd[953490]: lost connection after CONNECT from unknown[187.111.57.60] Jun 16 05:39:59 mail.srvfarm.net postfix/smtps/smtpd[936251]: lost connection after CONNECT from unknown[187.111.57.60] Jun 16 05:41:15 mail.srvfarm.net postfix/smtpd[959422]: warning: unknown[187.111.57.60]: SASL PLAIN authentication failed: Jun 16 05:41:15 mail.srvfarm.net postfix/smtpd[959422]: lost connection after AUTH from unknown[187.111.57.60] Jun 16 05:45:28 mail.srvfarm.net postfix/smtpd[959391]: lost connection after CONNECT from unknown[187.111.57.60]	2020-06-16 15:30:37
24.230.34.148	attack	invalid user	2020-06-16 14:52:19
107.145.154.206	attack	2020-06-16T08:32:06.986688sd-86998 sshd[13551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107-145-154-206.res.spectrum.com user=victor 2020-06-16T08:32:08.945325sd-86998 sshd[13551]: Failed password for victor from 107.145.154.206 port 55840 ssh2 2020-06-16T08:35:46.902745sd-86998 sshd[14016]: Invalid user atom from 107.145.154.206 port 56252 2020-06-16T08:35:46.908238sd-86998 sshd[14016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107-145-154-206.res.spectrum.com 2020-06-16T08:35:46.902745sd-86998 sshd[14016]: Invalid user atom from 107.145.154.206 port 56252 2020-06-16T08:35:49.067818sd-86998 sshd[14016]: Failed password for invalid user atom from 107.145.154.206 port 56252 ssh2 ...	2020-06-16 14:55:44
222.186.180.8	attackbots	2020-06-16T02:44:12.994371xentho-1 sshd[339150]: Failed password for root from 222.186.180.8 port 36084 ssh2 2020-06-16T02:44:06.558307xentho-1 sshd[339150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.180.8 user=root 2020-06-16T02:44:08.361942xentho-1 sshd[339150]: Failed password for root from 222.186.180.8 port 36084 ssh2 2020-06-16T02:44:12.994371xentho-1 sshd[339150]: Failed password for root from 222.186.180.8 port 36084 ssh2 2020-06-16T02:44:17.432284xentho-1 sshd[339150]: Failed password for root from 222.186.180.8 port 36084 ssh2 2020-06-16T02:44:06.558307xentho-1 sshd[339150]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.180.8 user=root 2020-06-16T02:44:08.361942xentho-1 sshd[339150]: Failed password for root from 222.186.180.8 port 36084 ssh2 2020-06-16T02:44:12.994371xentho-1 sshd[339150]: Failed password for root from 222.186.180.8 port 36084 ssh2 2020-06-16T02:44:17.43 ...	2020-06-16 14:47:53
103.124.93.34	attackspam	$f2bV_matches	2020-06-16 14:53:45
212.58.102.135	attack	Automatic report - XMLRPC Attack	2020-06-16 15:14:16
171.25.193.20	attackbotsspam	Jun 15 15:43:25 Ubuntu-1404-trusty-64-minimal sshd\[23496\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.25.193.20 user=root Jun 15 15:43:26 Ubuntu-1404-trusty-64-minimal sshd\[23496\]: Failed password for root from 171.25.193.20 port 40804 ssh2 Jun 15 22:42:50 Ubuntu-1404-trusty-64-minimal sshd\[23538\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.25.193.20 user=root Jun 15 22:42:51 Ubuntu-1404-trusty-64-minimal sshd\[23538\]: Failed password for root from 171.25.193.20 port 40861 ssh2 Jun 16 05:51:54 Ubuntu-1404-trusty-64-minimal sshd\[2779\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.25.193.20 user=root	2020-06-16 14:48:37
106.53.20.226	attack	$f2bV_matches	2020-06-16 15:06:23
121.58.211.162	attackspambots	2020-06-16T06:07:32.307998shield sshd\[19986\]: Invalid user carlos from 121.58.211.162 port 44165 2020-06-16T06:07:32.311869shield sshd\[19986\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.58.211.162 2020-06-16T06:07:34.917196shield sshd\[19986\]: Failed password for invalid user carlos from 121.58.211.162 port 44165 ssh2 2020-06-16T06:11:25.341480shield sshd\[20913\]: Invalid user user1 from 121.58.211.162 port 13207 2020-06-16T06:11:25.344597shield sshd\[20913\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.58.211.162	2020-06-16 14:47:12
92.118.161.25	attackspambots	TCP (SYN) 92.118.161.25:63722 -> port 139, len 44	2020-06-16 14:48:57
91.237.239.33	attackbotsspam	Jun 16 05:42:30 mail.srvfarm.net postfix/smtps/smtpd[938142]: lost connection after CONNECT from unknown[91.237.239.33] Jun 16 05:48:00 mail.srvfarm.net postfix/smtpd[962236]: warning: unknown[91.237.239.33]: SASL PLAIN authentication failed: Jun 16 05:48:00 mail.srvfarm.net postfix/smtpd[962236]: lost connection after AUTH from unknown[91.237.239.33] Jun 16 05:48:40 mail.srvfarm.net postfix/smtps/smtpd[956589]: warning: unknown[91.237.239.33]: SASL PLAIN authentication failed: Jun 16 05:48:40 mail.srvfarm.net postfix/smtps/smtpd[956589]: lost connection after AUTH from unknown[91.237.239.33]	2020-06-16 15:26:32
201.55.179.178	attackbotsspam	Jun 16 05:43:51 mail.srvfarm.net postfix/smtpd[959422]: warning: 201-55-179-178.witelecom.com.br[201.55.179.178]: SASL PLAIN authentication failed: Jun 16 05:43:51 mail.srvfarm.net postfix/smtpd[959422]: lost connection after AUTH from 201-55-179-178.witelecom.com.br[201.55.179.178] Jun 16 05:45:28 mail.srvfarm.net postfix/smtps/smtpd[956697]: lost connection after CONNECT from 201-55-179-178.witelecom.com.br[201.55.179.178] Jun 16 05:45:50 mail.srvfarm.net postfix/smtps/smtpd[935138]: warning: 201-55-179-178.witelecom.com.br[201.55.179.178]: SASL PLAIN authentication failed: Jun 16 05:45:50 mail.srvfarm.net postfix/smtps/smtpd[935138]: lost connection after AUTH from 201-55-179-178.witelecom.com.br[201.55.179.178]	2020-06-16 15:28:17
54.38.42.63	attackspam	Jun 15 19:27:20 eddieflores sshd\[14582\]: Invalid user lillo from 54.38.42.63 Jun 15 19:27:20 eddieflores sshd\[14582\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.42.63 Jun 15 19:27:23 eddieflores sshd\[14582\]: Failed password for invalid user lillo from 54.38.42.63 port 44212 ssh2 Jun 15 19:30:42 eddieflores sshd\[14823\]: Invalid user testftp from 54.38.42.63 Jun 15 19:30:42 eddieflores sshd\[14823\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.42.63	2020-06-16 14:49:51
75.145.190.44	attack	Port scan denied	2020-06-16 15:10:44
194.247.173.123	attackbots	$lgm	2020-06-16 14:59:34

Recently Reported IPs

167.86.87.178	75.82.56.12	62.234.124.196	205.39.235.182
122.14.219.4	31.175.222.78	136.34.241.0	146.144.179.100
92.208.132.96	42.180.161.222	252.33.136.61	191.48.2.11
116.2.192.57	245.58.72.243	140.185.217.142	115.231.0.156
39.242.50.44	11.86.198.216	10.227.11.124	102.165.53.173