85.2.113.122 - IPInfo

Basic Info

City: Minusio

Region: Ticino

Country: Switzerland

Internet Service Provider: Swisscom AG

Hostname: unknown

Organization: Bluewin

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Jul1612:22:17server4dovecot:imap-login:Disconnected:Inactivity\(authfailed\,1attemptsin180secs\):user=\\,method=PLAIN\,rip=85.2.113.122\,lip=148.251.104.70\,TLS\,session=\Jul1612:22:20server4dovecot:imap-login:Disconnected:Inactivity\(authfailed\,1attemptsin179secs\):user=\\,method=PLAIN\,rip=85.2.113.122\,lip=148.251.104.70\,TLS\,session=\Jul1612:53:18server4dovecot:imap-login:Disconnected\(authfailed\,1attemptsin7secs\):user=\\,method=PLAIN\,rip=194.230.148.129\,lip=148.251.104.70\,TLS:Connectionclosed\,session=\Jul1612:53:18server4dovecot:imap-login:Disconnected\(authfailed\,1attemptsin11secs\):user=\\,method=PLAIN\,rip=194.230.148.129\,lip=148.251.104.70\,TLS:Connectionclosed\,session=\Jul1612:53:25server4dovecot:imap-login:Disconnected\(authfailed\,1attemptsin6secs\):user=\\,method=PLAIN\,rip=194.230.148.129\,lip=148	2019-07-17 03:32:42

Type

Details

Datetime

attackspam

Jul1612:22:17server4dovecot:imap-login:Disconnected:Inactivity\(authfailed\,1attemptsin180secs\):user=\\,method=PLAIN\,rip=85.2.113.122\,lip=148.251.104.70\,TLS\,session=\Jul1612:22:20server4dovecot:imap-login:Disconnected:Inactivity\(authfailed\,1attemptsin179secs\):user=\\,method=PLAIN\,rip=85.2.113.122\,lip=148.251.104.70\,TLS\,session=\Jul1612:53:18server4dovecot:imap-login:Disconnected\(authfailed\,1attemptsin7secs\):user=\\,method=PLAIN\,rip=194.230.148.129\,lip=148.251.104.70\,TLS:Connectionclosed\,session=\Jul1612:53:18server4dovecot:imap-login:Disconnected\(authfailed\,1attemptsin11secs\):user=\\,method=PLAIN\,rip=194.230.148.129\,lip=148.251.104.70\,TLS:Connectionclosed\,session=\Jul1612:53:25server4dovecot:imap-login:Disconnected\(authfailed\,1attemptsin6secs\):user=\\,method=PLAIN\,rip=194.230.148.129\,lip=148

2019-07-17 03:32:42

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 85.2.113.122
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41817
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;85.2.113.122.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019071601 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Jul 17 03:32:37 CST 2019
;; MSG SIZE  rcvd: 116

Host info

122.113.2.85.in-addr.arpa domain name pointer 122.113.2.85.dynamic.wline.res.cust.swisscom.ch.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
122.113.2.85.in-addr.arpa	name = 122.113.2.85.dynamic.wline.res.cust.swisscom.ch.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
79.140.18.67	attack	Unauthorized connection attempt from IP address 79.140.18.67 on Port 445(SMB)	2020-05-25 19:55:11
116.98.162.202	attackbotsspam	Unauthorized connection attempt from IP address 116.98.162.202 on Port 445(SMB)	2020-05-25 19:46:05
178.32.221.142	attackbotsspam	(sshd) Failed SSH login from 178.32.221.142 (FR/France/ns3011648.ip-178-32-221.eu): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: May 25 14:03:57 ubnt-55d23 sshd[23105]: Invalid user stettner from 178.32.221.142 port 36939 May 25 14:04:00 ubnt-55d23 sshd[23105]: Failed password for invalid user stettner from 178.32.221.142 port 36939 ssh2	2020-05-25 20:26:16
85.233.150.13	attackbotsspam	2020-05-25T11:27:51.238916server.espacesoutien.com sshd[9845]: Invalid user windowsme from 85.233.150.13 port 48466 2020-05-25T11:27:51.251495server.espacesoutien.com sshd[9845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.233.150.13 2020-05-25T11:27:51.238916server.espacesoutien.com sshd[9845]: Invalid user windowsme from 85.233.150.13 port 48466 2020-05-25T11:27:52.888476server.espacesoutien.com sshd[9845]: Failed password for invalid user windowsme from 85.233.150.13 port 48466 ssh2 ...	2020-05-25 20:03:43
186.10.21.236	attackbotsspam	SSH Bruteforce Attempt (failed auth)	2020-05-25 20:19:03
106.13.181.196	attack	May 25 10:01:47 vserver sshd\[18406\]: Invalid user who from 106.13.181.196May 25 10:01:48 vserver sshd\[18406\]: Failed password for invalid user who from 106.13.181.196 port 34652 ssh2May 25 10:05:50 vserver sshd\[18452\]: Failed password for root from 106.13.181.196 port 60642 ssh2May 25 10:10:14 vserver sshd\[18533\]: Failed password for root from 106.13.181.196 port 58580 ssh2 ...	2020-05-25 19:50:58
190.112.7.149	attack	SMB Server BruteForce Attack	2020-05-25 20:13:22
159.203.12.18	attack	::ffff:159.203.12.18 - - [25/May/2020:08:04:34 +0200] "www.ruhnke.cloud" "POST /xmlrpc.php HTTP/1.1" 200 291 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" ::ffff:159.203.12.18 - - [25/May/2020:10:34:44 +0200] "www.ruhnke.cloud" "POST /wp-login.php HTTP/1.1" 200 4985 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" ::ffff:159.203.12.18 - - [25/May/2020:10:34:44 +0200] "www.ruhnke.cloud" "POST /wp-login.php HTTP/1.1" 200 4985 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" ::ffff:159.203.12.18 - - [25/May/2020:10:34:47 +0200] "www.ruhnke.cloud" "POST /xmlrpc.php HTTP/1.1" 200 291 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" ...	2020-05-25 19:48:50
51.255.168.254	attack	2020-05-25T12:04:18.190601homeassistant sshd[14357]: Invalid user webtest from 51.255.168.254 port 39422 2020-05-25T12:04:18.197525homeassistant sshd[14357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.255.168.254 ...	2020-05-25 20:07:21
1.53.69.31	attack	Unauthorized connection attempt from IP address 1.53.69.31 on Port 445(SMB)	2020-05-25 19:49:53
120.92.80.15	attackbotsspam	May 25 11:57:04 localhost sshd[91363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.80.15 user=root May 25 11:57:07 localhost sshd[91363]: Failed password for root from 120.92.80.15 port 38150 ssh2 May 25 12:00:35 localhost sshd[91763]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.80.15 user=root May 25 12:00:37 localhost sshd[91763]: Failed password for root from 120.92.80.15 port 59601 ssh2 May 25 12:04:12 localhost sshd[92185]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.80.15 user=root May 25 12:04:14 localhost sshd[92185]: Failed password for root from 120.92.80.15 port 16540 ssh2 ...	2020-05-25 20:11:22
36.80.250.154	attack	Unauthorized connection attempt from IP address 36.80.250.154 on Port 445(SMB)	2020-05-25 20:02:29
80.82.65.253	attackspambots	05/25/2020-07:30:27.542956 80.82.65.253 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-05-25 19:47:44
83.234.42.56	attackspam	TCP (SYN) 83.234.42.56:5012 -> port 80, len 40	2020-05-25 19:59:21
200.46.28.251	attack	odoo8 ...	2020-05-25 20:22:00

Recently Reported IPs

244.20.33.42	125.252.243.68	106.240.218.8	245.155.190.193
195.27.120.68	88.57.211.94	51.218.196.119	96.137.171.139
158.115.197.163	209.117.42.244	49.46.109.244	243.32.137.22
33.105.125.202	10.52.97.89	49.69.110.9	198.246.198.164
188.212.6.5	54.36.150.186	189.68.104.203	212.164.79.201