102.249.167.114

Basic Info

City: unknown

Region: unknown

Country: South Africa

Internet Service Provider: Telkom SA Ltd.

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Jul 1 04:17:17 server sshd[21771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.249.167.114 ...	2019-07-01 11:28:43
attack	Jun 28 15:29:27 penfold sshd[26383]: Invalid user ts3 from 102.249.167.114 port 3864 Jun 28 15:29:27 penfold sshd[26383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.249.167.114 Jun 28 15:29:30 penfold sshd[26383]: Failed password for invalid user ts3 from 102.249.167.114 port 3864 ssh2 Jun 28 15:29:30 penfold sshd[26383]: Received disconnect from 102.249.167.114 port 3864:11: Bye Bye [preauth] Jun 28 15:29:30 penfold sshd[26383]: Disconnected from 102.249.167.114 port 3864 [preauth] Jun 28 15:38:39 penfold sshd[26929]: Connection closed by 102.249.167.114 port 6508 [preauth] Jun 28 15:41:41 penfold sshd[27219]: Connection closed by 102.249.167.114 port 6027 [preauth] Jun 28 15:44:42 penfold sshd[27314]: Connection closed by 102.249.167.114 port 5585 [preauth] Jun 28 15:47:57 penfold sshd[27471]: Connection closed by 102.249.167.114 port 5143 [preauth] Jun 28 15:51:28 penfold sshd[27596]: Connection closed by 102.249.167......... -------------------------------	2019-06-29 09:04:49

Type

Details

Datetime

attack

Jul  1 04:17:17 server sshd[21771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.249.167.114
...

2019-07-01 11:28:43

attack

Jun 28 15:29:27 penfold sshd[26383]: Invalid user ts3 from 102.249.167.114 port 3864
Jun 28 15:29:27 penfold sshd[26383]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.249.167.114 
Jun 28 15:29:30 penfold sshd[26383]: Failed password for invalid user ts3 from 102.249.167.114 port 3864 ssh2
Jun 28 15:29:30 penfold sshd[26383]: Received disconnect from 102.249.167.114 port 3864:11: Bye Bye [preauth]
Jun 28 15:29:30 penfold sshd[26383]: Disconnected from 102.249.167.114 port 3864 [preauth]
Jun 28 15:38:39 penfold sshd[26929]: Connection closed by 102.249.167.114 port 6508 [preauth]
Jun 28 15:41:41 penfold sshd[27219]: Connection closed by 102.249.167.114 port 6027 [preauth]
Jun 28 15:44:42 penfold sshd[27314]: Connection closed by 102.249.167.114 port 5585 [preauth]
Jun 28 15:47:57 penfold sshd[27471]: Connection closed by 102.249.167.114 port 5143 [preauth]
Jun 28 15:51:28 penfold sshd[27596]: Connection closed by 102.249.167.........
-------------------------------

2019-06-29 09:04:49

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 102.249.167.114
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55254
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;102.249.167.114.		IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019062801 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Jun 29 09:04:43 CST 2019
;; MSG SIZE  rcvd: 119

Host info

114.167.249.102.in-addr.arpa domain name pointer 8ta-249-167-114.telkomadsl.co.za.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
114.167.249.102.in-addr.arpa	name = 8ta-249-167-114.telkomadsl.co.za.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
37.49.227.202	attack	ET CINS Active Threat Intelligence Poor Reputation IP group 22 - port: 10001 proto: UDP cat: Misc Attack	2019-10-24 16:46:51
80.65.164.218	attackspambots	firewall-block, port(s): 1433/tcp	2019-10-24 16:19:03
43.226.144.107	attack	firewall-block, port(s): 8000/tcp	2019-10-24 16:25:52
129.146.100.134	attackbots	Oct 24 08:01:28 andromeda postfix/smtpd\[32881\]: warning: unknown\[129.146.100.134\]: SASL LOGIN authentication failed: authentication failure Oct 24 08:01:29 andromeda postfix/smtpd\[33288\]: warning: unknown\[129.146.100.134\]: SASL LOGIN authentication failed: authentication failure Oct 24 08:01:29 andromeda postfix/smtpd\[33148\]: warning: unknown\[129.146.100.134\]: SASL LOGIN authentication failed: authentication failure Oct 24 08:01:30 andromeda postfix/smtpd\[32881\]: warning: unknown\[129.146.100.134\]: SASL LOGIN authentication failed: authentication failure Oct 24 08:01:31 andromeda postfix/smtpd\[33148\]: warning: unknown\[129.146.100.134\]: SASL LOGIN authentication failed: authentication failure	2019-10-24 16:20:36
14.225.16.21	attackbotsspam	14.225.16.21 - - [24/Oct/2019:07:43:07 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 14.225.16.21 - - [24/Oct/2019:07:43:08 +0200] "POST /wp-login.php HTTP/1.1" 200 1503 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 14.225.16.21 - - [24/Oct/2019:07:43:09 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 14.225.16.21 - - [24/Oct/2019:07:43:10 +0200] "POST /wp-login.php HTTP/1.1" 200 1486 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 14.225.16.21 - - [24/Oct/2019:07:43:11 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 14.225.16.21 - - [24/Oct/2019:07:43:12 +0200] "POST /wp-login.php HTTP/1.1" 200 1486 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-10-24 16:39:36
80.211.30.166	attack	Oct 22 11:15:45 odroid64 sshd\[8990\]: Invalid user tscr from 80.211.30.166 Oct 22 11:15:45 odroid64 sshd\[8990\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.30.166 Oct 22 11:15:47 odroid64 sshd\[8990\]: Failed password for invalid user tscr from 80.211.30.166 port 41238 ssh2 Oct 22 11:15:45 odroid64 sshd\[8990\]: Invalid user tscr from 80.211.30.166 Oct 22 11:15:45 odroid64 sshd\[8990\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.30.166 Oct 22 11:15:47 odroid64 sshd\[8990\]: Failed password for invalid user tscr from 80.211.30.166 port 41238 ssh2 Oct 22 11:15:45 odroid64 sshd\[8990\]: Invalid user tscr from 80.211.30.166 Oct 22 11:15:45 odroid64 sshd\[8990\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.30.166 Oct 22 11:15:47 odroid64 sshd\[8990\]: Failed password for invalid user tscr from 80.211.30.166 port 41238 ssh2 Oct ...	2019-10-24 16:18:34
103.74.123.6	attackbotsspam	WordPress wp-login brute force :: 103.74.123.6 0.116 BYPASS [24/Oct/2019:14:49:19 1100] [censored_1] "POST /wp-login.php HTTP/1.1" 200 3972 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-10-24 16:52:10
218.219.246.124	attackbots	Fail2Ban - SSH Bruteforce Attempt	2019-10-24 16:22:35
31.132.248.139	attackbots	Automatic report - Port Scan Attack	2019-10-24 16:55:22
34.92.12.73	attackbots	Oct 23 03:42:16 odroid64 sshd\[18613\]: Invalid user oracle from 34.92.12.73 Oct 23 03:42:16 odroid64 sshd\[18613\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.92.12.73 Oct 23 03:42:16 odroid64 sshd\[18613\]: Invalid user oracle from 34.92.12.73 Oct 23 03:42:16 odroid64 sshd\[18613\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.92.12.73 Oct 23 03:42:18 odroid64 sshd\[18613\]: Failed password for invalid user oracle from 34.92.12.73 port 53398 ssh2 Oct 23 03:42:16 odroid64 sshd\[18613\]: Invalid user oracle from 34.92.12.73 Oct 23 03:42:16 odroid64 sshd\[18613\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.92.12.73 Oct 23 03:42:18 odroid64 sshd\[18613\]: Failed password for invalid user oracle from 34.92.12.73 port 53398 ssh2 Oct 23 03:42:16 odroid64 sshd\[18613\]: Invalid user oracle from 34.92.12.73 Oct 23 03:42:16 odroid64 sshd\[18613\ ...	2019-10-24 16:34:28
195.58.123.109	attack	Oct 24 09:16:25 vps58358 sshd\[7935\]: Invalid user tiles from 195.58.123.109Oct 24 09:16:28 vps58358 sshd\[7935\]: Failed password for invalid user tiles from 195.58.123.109 port 59776 ssh2Oct 24 09:20:21 vps58358 sshd\[7989\]: Invalid user movies from 195.58.123.109Oct 24 09:20:22 vps58358 sshd\[7989\]: Failed password for invalid user movies from 195.58.123.109 port 43470 ssh2Oct 24 09:24:15 vps58358 sshd\[8016\]: Invalid user webapps from 195.58.123.109Oct 24 09:24:17 vps58358 sshd\[8016\]: Failed password for invalid user webapps from 195.58.123.109 port 55094 ssh2 ...	2019-10-24 16:40:52
80.82.70.239	attackbots	10/24/2019-04:04:11.580805 80.82.70.239 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-10-24 16:16:37
37.113.128.95	attackbotsspam	firewall-block, port(s): 5555/tcp	2019-10-24 16:28:35
46.38.144.57	attackspam	Oct 24 10:20:38 webserver postfix/smtpd\[21775\]: warning: unknown\[46.38.144.57\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 24 10:21:44 webserver postfix/smtpd\[21775\]: warning: unknown\[46.38.144.57\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 24 10:23:01 webserver postfix/smtpd\[21775\]: warning: unknown\[46.38.144.57\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 24 10:24:12 webserver postfix/smtpd\[21775\]: warning: unknown\[46.38.144.57\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 24 10:25:24 webserver postfix/smtpd\[21775\]: warning: unknown\[46.38.144.57\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2019-10-24 16:32:42
106.12.193.160	attackbots	Oct 24 08:22:36 cp sshd[20425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.193.160	2019-10-24 16:45:28

Recently Reported IPs

118.27.17.121	250.249.219.152	253.1.24.164	46.250.254.152
218.87.100.86	48.162.202.239	94.191.64.101	242.228.3.66
151.197.61.205	140.151.68.238	126.28.173.82	146.55.191.32
73.107.210.128	234.60.150.72	123.139.115.200	185.27.23.100
192.120.113.21	190.80.137.22	141.42.24.151	19.173.147.126