102.65.149.7 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: South Africa

Internet Service Provider: Webafrica ADSL

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Lines containing failures of 102.65.149.7 Aug 20 07:07:06 kmh-vmh-002-fsn07 sshd[22420]: Invalid user t from 102.65.149.7 port 55552 Aug 20 07:07:06 kmh-vmh-002-fsn07 sshd[22420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.65.149.7 Aug 20 07:07:09 kmh-vmh-002-fsn07 sshd[22420]: Failed password for invalid user t from 102.65.149.7 port 55552 ssh2 Aug 20 07:07:10 kmh-vmh-002-fsn07 sshd[22420]: Received disconnect from 102.65.149.7 port 55552:11: Bye Bye [preauth] Aug 20 07:07:10 kmh-vmh-002-fsn07 sshd[22420]: Disconnected from invalid user t 102.65.149.7 port 55552 [preauth] Aug 20 07:17:55 kmh-vmh-002-fsn07 sshd[7916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.65.149.7 user=r.r Aug 20 07:17:57 kmh-vmh-002-fsn07 sshd[7916]: Failed password for r.r from 102.65.149.7 port 34530 ssh2 Aug 20 07:17:58 kmh-vmh-002-fsn07 sshd[7916]: Received disconnect from 102.65.149.7 port 34530........ ------------------------------	2020-08-22 05:28:10
attackspambots	Aug 21 14:49:21 h1745522 sshd[19886]: Invalid user kk from 102.65.149.7 port 55430 Aug 21 14:49:21 h1745522 sshd[19886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.65.149.7 Aug 21 14:49:21 h1745522 sshd[19886]: Invalid user kk from 102.65.149.7 port 55430 Aug 21 14:49:24 h1745522 sshd[19886]: Failed password for invalid user kk from 102.65.149.7 port 55430 ssh2 Aug 21 14:53:08 h1745522 sshd[20052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.65.149.7 user=root Aug 21 14:53:10 h1745522 sshd[20052]: Failed password for root from 102.65.149.7 port 47590 ssh2 Aug 21 14:56:49 h1745522 sshd[20199]: Invalid user test2 from 102.65.149.7 port 39752 Aug 21 14:56:49 h1745522 sshd[20199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.65.149.7 Aug 21 14:56:49 h1745522 sshd[20199]: Invalid user test2 from 102.65.149.7 port 39752 Aug 21 14:56:51 h1745522 sshd ...	2020-08-21 21:00:40

Type

Details

Datetime

attackspam

Lines containing failures of 102.65.149.7
Aug 20 07:07:06 kmh-vmh-002-fsn07 sshd[22420]: Invalid user t from 102.65.149.7 port 55552
Aug 20 07:07:06 kmh-vmh-002-fsn07 sshd[22420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.65.149.7 
Aug 20 07:07:09 kmh-vmh-002-fsn07 sshd[22420]: Failed password for invalid user t from 102.65.149.7 port 55552 ssh2
Aug 20 07:07:10 kmh-vmh-002-fsn07 sshd[22420]: Received disconnect from 102.65.149.7 port 55552:11: Bye Bye [preauth]
Aug 20 07:07:10 kmh-vmh-002-fsn07 sshd[22420]: Disconnected from invalid user t 102.65.149.7 port 55552 [preauth]
Aug 20 07:17:55 kmh-vmh-002-fsn07 sshd[7916]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.65.149.7  user=r.r
Aug 20 07:17:57 kmh-vmh-002-fsn07 sshd[7916]: Failed password for r.r from 102.65.149.7 port 34530 ssh2
Aug 20 07:17:58 kmh-vmh-002-fsn07 sshd[7916]: Received disconnect from 102.65.149.7 port 34530........
------------------------------

2020-08-22 05:28:10

attackspambots

Aug 21 14:49:21 h1745522 sshd[19886]: Invalid user kk from 102.65.149.7 port 55430
Aug 21 14:49:21 h1745522 sshd[19886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.65.149.7
Aug 21 14:49:21 h1745522 sshd[19886]: Invalid user kk from 102.65.149.7 port 55430
Aug 21 14:49:24 h1745522 sshd[19886]: Failed password for invalid user kk from 102.65.149.7 port 55430 ssh2
Aug 21 14:53:08 h1745522 sshd[20052]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.65.149.7  user=root
Aug 21 14:53:10 h1745522 sshd[20052]: Failed password for root from 102.65.149.7 port 47590 ssh2
Aug 21 14:56:49 h1745522 sshd[20199]: Invalid user test2 from 102.65.149.7 port 39752
Aug 21 14:56:49 h1745522 sshd[20199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.65.149.7
Aug 21 14:56:49 h1745522 sshd[20199]: Invalid user test2 from 102.65.149.7 port 39752
Aug 21 14:56:51 h1745522 sshd
...

2020-08-21 21:00:40

Comments on same subnet:

IP	Type	Details	Datetime
102.65.149.232	attackspam	$f2bV_matches	2020-09-18 23:46:56
102.65.149.232	attackbots	102.65.149.232 (ZA/South Africa/-), 5 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Sep 18 02:30:51 jbs1 sshd[5240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.241.144.127 user=root Sep 18 02:30:53 jbs1 sshd[5240]: Failed password for root from 192.241.144.127 port 55956 ssh2 Sep 18 02:31:10 jbs1 sshd[5322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.1.133.165 user=root Sep 18 02:29:14 jbs1 sshd[4711]: Failed password for root from 102.65.149.232 port 33538 ssh2 Sep 18 02:29:22 jbs1 sshd[4738]: Failed password for root from 51.178.137.106 port 49686 ssh2 IP Addresses Blocked: 192.241.144.127 (US/United States/-) 128.1.133.165 (HK/Hong Kong/-)	2020-09-18 15:55:26
102.65.149.232	attackspam	Sep 18 00:03:59 vps639187 sshd\[3918\]: Invalid user romanenko from 102.65.149.232 port 57046 Sep 18 00:03:59 vps639187 sshd\[3918\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.65.149.232 Sep 18 00:04:01 vps639187 sshd\[3918\]: Failed password for invalid user romanenko from 102.65.149.232 port 57046 ssh2 ...	2020-09-18 06:11:06
102.65.149.117	attackbots	frenzy	2020-08-10 02:44:48
102.65.149.117	attackspambots	Aug 6 07:10:22 ovpn sshd[7917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.65.149.117 user=r.r Aug 6 07:10:23 ovpn sshd[7917]: Failed password for r.r from 102.65.149.117 port 49774 ssh2 Aug 6 07:10:23 ovpn sshd[7917]: Received disconnect from 102.65.149.117 port 49774:11: Bye Bye [preauth] Aug 6 07:10:23 ovpn sshd[7917]: Disconnected from 102.65.149.117 port 49774 [preauth] Aug 6 07:18:05 ovpn sshd[9778]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.65.149.117 user=r.r Aug 6 07:18:08 ovpn sshd[9778]: Failed password for r.r from 102.65.149.117 port 44810 ssh2 Aug 6 07:18:08 ovpn sshd[9778]: Received disconnect from 102.65.149.117 port 44810:11: Bye Bye [preauth] Aug 6 07:18:08 ovpn sshd[9778]: Disconnected from 102.65.149.117 port 44810 [preauth] Aug 6 07:23:32 ovpn sshd[11093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost........ ------------------------------	2020-08-07 01:19:01
102.65.149.117	attackspam	Aug 6 09:10:15 hosting sshd[17618]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102-65-149-117.dsl.web.africa user=root Aug 6 09:10:18 hosting sshd[17618]: Failed password for root from 102.65.149.117 port 39160 ssh2 ...	2020-08-06 15:12:38
102.65.149.25	attackspam	DATE:2019-09-05 16:44:49, IP:102.65.149.25, PORT:ssh SSH brute force auth (ermes)	2019-09-06 02:54:13

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 102.65.149.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33087
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;102.65.149.7.			IN	A

;; AUTHORITY SECTION:
.			362	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020082001 1800 900 604800 86400

;; Query time: 80 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Aug 21 21:00:36 CST 2020
;; MSG SIZE  rcvd: 116

Host info

7.149.65.102.in-addr.arpa domain name pointer 102-65-149-7.dsl.web.africa.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
7.149.65.102.in-addr.arpa	name = 102-65-149-7.dsl.web.africa.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
51.91.100.120	attackbots	Jun 12 15:47:07 vps639187 sshd\[6981\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.91.100.120 user=root Jun 12 15:47:09 vps639187 sshd\[6981\]: Failed password for root from 51.91.100.120 port 55010 ssh2 Jun 12 15:50:25 vps639187 sshd\[7023\]: Invalid user ec2-user from 51.91.100.120 port 55882 Jun 12 15:50:25 vps639187 sshd\[7023\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.91.100.120 ...	2020-06-12 22:06:44
51.83.33.88	attackbotsspam	Jun 12 16:05:41 vps639187 sshd\[7145\]: Invalid user user from 51.83.33.88 port 51508 Jun 12 16:05:41 vps639187 sshd\[7145\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.33.88 Jun 12 16:05:44 vps639187 sshd\[7145\]: Failed password for invalid user user from 51.83.33.88 port 51508 ssh2 ...	2020-06-12 22:14:05
112.85.42.89	attackbots	.	2020-06-12 21:47:31
81.155.126.72	attack	Jun 12 16:12:38 home sshd[32671]: Failed password for root from 81.155.126.72 port 35632 ssh2 Jun 12 16:17:30 home sshd[694]: Failed password for root from 81.155.126.72 port 57984 ssh2 ...	2020-06-12 22:24:51
193.56.28.176	attackspam	Jun 12 15:10:02 v22019058497090703 postfix/smtpd[3124]: warning: unknown[193.56.28.176]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jun 12 15:10:08 v22019058497090703 postfix/smtpd[3124]: warning: unknown[193.56.28.176]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jun 12 15:10:18 v22019058497090703 postfix/smtpd[3124]: warning: unknown[193.56.28.176]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-06-12 21:58:28
18.216.177.66	attack	mue-0 : Trying access unauthorized files=>/images/jdownloads/screenshots/update.php()	2020-06-12 21:51:22
172.217.10.225	attackspam	Received: from 76V6cL (kmsevernii.ru [193.124.16.29]) From: =?UTF-8?B?U29uZw==?= Subject: =?utf-8?B?VmHFoWUgdsO9cGxhdGEgamUgMSAzNQ==?= =?utf-8?B?OCwwMCBFVVI=?= MIME-Version: 1.0 Date: Fri, 12 Jun 2020 00:20:09 +0300 X-Priority: 3 (Normal) Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: base64 Máte právo na transakci ve výši 1 358,00 EUR detaily https://rissowv.blogspot.com	2020-06-12 21:54:44
46.101.139.105	attackbots	Jun 12 13:46:28 h2646465 sshd[10128]: Invalid user dandan from 46.101.139.105 Jun 12 13:46:28 h2646465 sshd[10128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.139.105 Jun 12 13:46:28 h2646465 sshd[10128]: Invalid user dandan from 46.101.139.105 Jun 12 13:46:30 h2646465 sshd[10128]: Failed password for invalid user dandan from 46.101.139.105 port 52650 ssh2 Jun 12 13:55:26 h2646465 sshd[10628]: Invalid user bot from 46.101.139.105 Jun 12 13:55:26 h2646465 sshd[10628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.139.105 Jun 12 13:55:26 h2646465 sshd[10628]: Invalid user bot from 46.101.139.105 Jun 12 13:55:27 h2646465 sshd[10628]: Failed password for invalid user bot from 46.101.139.105 port 59208 ssh2 Jun 12 14:07:40 h2646465 sshd[11678]: Invalid user admin from 46.101.139.105 ...	2020-06-12 21:56:14
113.210.93.247	attackspam	Automatic report - XMLRPC Attack	2020-06-12 22:05:39
45.227.254.18	attackspam	Here more information about 45.227.254.18 info: [Panama] 51852 Private Layer INC rDNS: hostby.xwinnet.biz Connected: 12 servere(s) Reason: ssh Portscan/portflood Ports: 20,22,23,81,110,135,143,993 Services: imaps,ftp-data,pop3,telnet,loc-srv,hosts2-ns,ssh,imap servere: Europe/Moscow (UTC+3) Found at blocklist: zen.spamhaus.org, spfbl.net, abuseIPDB.com myIP:89.179.244.250 [2020-06-10 02:23:10] (tcp) myIP:993 <- 45.227.254.18:48363 [2020-06-10 04:05:15] (tcp) myIP:20 <- 45.227.254.18:48363 [2020-06-10 10:56:14] (tcp) myIP:110 <- 45.227.254.18:52766 [2020-06-10 15:39:39] (tcp) myIP:993 <- 45.227.254.18:52766 [2020-06-10 15:49:31] (tcp) myIP:20 <- 45.227.254.18:52766 [2020-06-10 16:13:00] (tcp) myIP:23 <- 45.227.254.18:52766 [2020-06-10 17:48:21] (tcp) myIP:135 <- 45.227.254.18:52766 [2020-06-10 20:02:25] (tcp) myIP:81 <- 45.227.254.18:52766 [2020-06-10 20:08:07] (tcp) myIP:22 <- 45.227.254.18:52766 [2020-06-10 21:26:56] (tcp) myIP:22 <- 45.227.254.18:52766 [2........ ---------------------------------	2020-06-12 22:26:45
222.180.162.8	attack	Jun 12 15:08:14 ovpn sshd\[2991\]: Invalid user nivinform from 222.180.162.8 Jun 12 15:08:14 ovpn sshd\[2991\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.180.162.8 Jun 12 15:08:16 ovpn sshd\[2991\]: Failed password for invalid user nivinform from 222.180.162.8 port 33892 ssh2 Jun 12 15:15:04 ovpn sshd\[4635\]: Invalid user jhartley from 222.180.162.8 Jun 12 15:15:04 ovpn sshd\[4635\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.180.162.8	2020-06-12 22:09:58
49.88.112.111	attackspam	2020-06-12T15:35[Censored Hostname] sshd[222879]: Failed password for root from 49.88.112.111 port 25183 ssh2 2020-06-12T15:35[Censored Hostname] sshd[222879]: Failed password for root from 49.88.112.111 port 25183 ssh2 2020-06-12T15:35[Censored Hostname] sshd[222879]: Failed password for root from 49.88.112.111 port 25183 ssh2[...]	2020-06-12 21:49:52
61.72.255.26	attackspambots	Jun 12 15:08:03 santamaria sshd\[24593\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.72.255.26 user=root Jun 12 15:08:06 santamaria sshd\[24593\]: Failed password for root from 61.72.255.26 port 60296 ssh2 Jun 12 15:10:07 santamaria sshd\[24662\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.72.255.26 user=root ...	2020-06-12 22:13:44
140.143.167.250	attackbots	20 attempts against mh-misbehave-ban on mist	2020-06-12 21:50:35
106.13.116.203	attackbotsspam	invalid login attempt (teamspeak)	2020-06-12 21:59:40

Recently Reported IPs

83.154.105.7	191.91.64.147	93.39.184.17	49.72.181.188
152.136.96.220	1.10.230.37	221.122.56.2	111.72.195.254
49.146.13.68	211.218.2.118	134.60.30.36	113.179.130.62
171.115.162.99	186.119.97.227	113.56.119.73	195.69.139.4
118.172.201.105	103.78.81.186	89.39.71.248	200.38.232.248