1.53.252.99 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Viet Nam

Internet Service Provider: FPT Broadband Service

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Jun 21 22:27:56 debian-2gb-nbg1-2 kernel: \[15029955.253588\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=1.53.252.99 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=5266 PROTO=TCP SPT=54093 DPT=3384 WINDOW=1024 RES=0x00 SYN URGP=0	2020-06-22 04:28:46
attackspambots	Jun 21 14:36:02 debian-2gb-nbg1-2 kernel: \[15001641.869419\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=1.53.252.99 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=45128 PROTO=TCP SPT=54096 DPT=3397 WINDOW=1024 RES=0x00 SYN URGP=0	2020-06-22 01:22:40
attack	Tried our host z.	2020-06-14 15:44:42

Type

Details

Datetime

attack

Jun 21 22:27:56 debian-2gb-nbg1-2 kernel: \[15029955.253588\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=1.53.252.99 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=5266 PROTO=TCP SPT=54093 DPT=3384 WINDOW=1024 RES=0x00 SYN URGP=0

2020-06-22 04:28:46

attackspambots

Jun 21 14:36:02 debian-2gb-nbg1-2 kernel: \[15001641.869419\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=1.53.252.99 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=45128 PROTO=TCP SPT=54096 DPT=3397 WINDOW=1024 RES=0x00 SYN URGP=0

2020-06-22 01:22:40

attack

Tried our host z.

2020-06-14 15:44:42

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 1.53.252.99
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37691
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;1.53.252.99.			IN	A

;; AUTHORITY SECTION:
.			436	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020032500 1800 900 604800 86400

;; Query time: 217 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Mar 25 19:14:14 CST 2020
;; MSG SIZE  rcvd: 115

Host info

99.252.53.1.in-addr.arpa domain name pointer hostvnfpt25298.maxserver.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
99.252.53.1.in-addr.arpa	name = hostvnfpt25298.maxserver.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
207.154.229.50	attackbots	Nov 10 22:40:15 sachi sshd\[13153\]: Invalid user admin from 207.154.229.50 Nov 10 22:40:15 sachi sshd\[13153\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.229.50 Nov 10 22:40:17 sachi sshd\[13153\]: Failed password for invalid user admin from 207.154.229.50 port 53622 ssh2 Nov 10 22:44:02 sachi sshd\[13473\]: Invalid user larocco from 207.154.229.50 Nov 10 22:44:02 sachi sshd\[13473\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.229.50	2019-11-11 16:50:26
37.113.128.52	attackbotsspam	Nov 10 20:20:41 sachi sshd\[17903\]: Invalid user aurelius from 37.113.128.52 Nov 10 20:20:41 sachi sshd\[17903\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.113.128.52 Nov 10 20:20:44 sachi sshd\[17903\]: Failed password for invalid user aurelius from 37.113.128.52 port 34996 ssh2 Nov 10 20:27:47 sachi sshd\[18485\]: Invalid user wwwadmin from 37.113.128.52 Nov 10 20:27:47 sachi sshd\[18485\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.113.128.52	2019-11-11 16:47:46
5.196.72.11	attackspambots	Nov 11 09:36:01 server sshd\[14784\]: Invalid user tangerin from 5.196.72.11 Nov 11 09:36:01 server sshd\[14784\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns381259.ip-5-196-72.eu Nov 11 09:36:03 server sshd\[14784\]: Failed password for invalid user tangerin from 5.196.72.11 port 57210 ssh2 Nov 11 09:50:52 server sshd\[18647\]: Invalid user fosmark from 5.196.72.11 Nov 11 09:50:52 server sshd\[18647\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns381259.ip-5-196-72.eu ...	2019-11-11 16:36:29
118.24.111.71	attackbotsspam	Nov 11 08:09:03 vps647732 sshd[26221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.111.71 Nov 11 08:09:05 vps647732 sshd[26221]: Failed password for invalid user farlan from 118.24.111.71 port 44436 ssh2 ...	2019-11-11 16:57:39
144.217.161.22	attack	144.217.161.22 - - [11/Nov/2019:10:03:35 +0100] "GET /wp-login.php HTTP/1.1" 200 1238 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 144.217.161.22 - - [11/Nov/2019:10:03:39 +0100] "POST /wp-login.php HTTP/1.1" 200 1632 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 144.217.161.22 - - [11/Nov/2019:10:03:41 +0100] "GET /wp-login.php HTTP/1.1" 200 1238 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 144.217.161.22 - - [11/Nov/2019:10:03:43 +0100] "POST /wp-login.php HTTP/1.1" 200 1608 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 144.217.161.22 - - [11/Nov/2019:10:03:45 +0100] "GET /wp-login.php HTTP/1.1" 200 1238 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 144.217.161.22 - - [11/Nov/2019:10:03:48 +0100] "POST /wp-login.php HTTP/1.1" 200 1608 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-11-11 17:05:38
81.22.45.115	attackspambots	11/11/2019-03:48:16.569395 81.22.45.115 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-11-11 16:49:16
220.249.112.150	attackbotsspam	Nov 11 01:26:24 PiServer sshd[4797]: Failed password for www-data from 220.249.112.150 port 23746 ssh2 Nov 11 01:30:52 PiServer sshd[5138]: Invalid user heikes from 220.249.112.150 Nov 11 01:30:54 PiServer sshd[5138]: Failed password for invalid user heikes from 220.249.112.150 port 60848 ssh2 Nov 11 01:35:34 PiServer sshd[5861]: Failed password for r.r from 220.249.112.150 port 41839 ssh2 Nov 11 01:40:09 PiServer sshd[6868]: Invalid user serversliman from 220.249.112.150 Nov 11 01:40:11 PiServer sshd[6868]: Failed password for invalid user serversliman from 220.249.112.150 port 22824 ssh2 Nov 11 01:44:40 PiServer sshd[1655]: Invalid user df from 220.249.112.150 Nov 11 01:44:42 PiServer sshd[1655]: Failed password for invalid user df from 220.249.112.150 port 59920 ssh2 Nov 11 01:49:11 PiServer sshd[3325]: Invalid user ogdon from 220.249.112.150 Nov 11 01:49:13 PiServer sshd[3325]: Failed password for invalid user ogdon from 220.249.112.150 port 40617 ssh2 Nov 11 01:53:4........ ------------------------------	2019-11-11 16:37:59
202.138.229.228	attackbotsspam	Rude login attack (8 tries in 1d)	2019-11-11 16:54:49
178.213.201.147	attackbotsspam	Chat Spam	2019-11-11 16:50:49
217.182.172.204	attackspambots	Nov 5 01:37:52 PiServer sshd[16275]: Invalid user hast from 217.182.172.204 Nov 5 01:37:53 PiServer sshd[16275]: Failed password for invalid user hast from 217.182.172.204 port 53676 ssh2 Nov 5 01:58:41 PiServer sshd[18435]: Failed password for r.r from 217.182.172.204 port 42062 ssh2 Nov 5 02:02:02 PiServer sshd[18825]: Invalid user 1234567890 from 217.182.172.204 Nov 5 02:02:04 PiServer sshd[18825]: Failed password for invalid user 1234567890 from 217.182.172.204 port 51780 ssh2 Nov 5 02:05:18 PiServer sshd[19057]: Invalid user 1qazzaq! from 217.182.172.204 Nov 5 02:05:20 PiServer sshd[19057]: Failed password for invalid user 1qazzaq! from 217.182.172.204 port 33254 ssh2 Nov 5 02:36:40 PiServer sshd[22440]: Invalid user 123456 from 217.182.172.204 Nov 5 02:36:42 PiServer sshd[22440]: Failed password for invalid user 123456 from 217.182.172.204 port 35956 ssh2 Nov 5 02:40:14 PiServer sshd[22875]: Invalid user dexxxxxxx23 from 217.182.172.204 Nov 5 02:40:17 Pi........ ------------------------------	2019-11-11 17:06:21
82.100.96.93	attack	SSH-bruteforce attempts	2019-11-11 16:44:34
144.202.34.43	attack	[Aegis] @ 2019-11-11 07:27:14 0000 -> Attempted Administrator Privilege Gain: ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack	2019-11-11 16:56:01
203.125.145.58	attackspambots	Nov 11 09:27:47 hosting sshd[21486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.125.145.58 user=root Nov 11 09:27:49 hosting sshd[21486]: Failed password for root from 203.125.145.58 port 42530 ssh2 ...	2019-11-11 16:45:09
209.141.43.166	attackbots	209.141.43.166 was recorded 15 times by 15 hosts attempting to connect to the following ports: 5000. Incident counter (4h, 24h, all-time): 15, 48, 92	2019-11-11 16:55:08
81.22.45.65	attackbots	11/11/2019-09:32:59.076114 81.22.45.65 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-11-11 16:43:31

Recently Reported IPs

223.95.101.217	188.68.255.205	49.149.21.14	120.75.207.146
181.199.103.63	218.1.120.144	67.68.53.183	197.156.238.119
151.127.41.4	203.87.190.220	239.193.58.149	174.35.55.22
179.148.135.55	33.170.180.151	217.108.44.80	207.136.128.17
186.107.207.111	88.208.107.54	204.166.119.144	44.64.106.225