105.112.16.154

Basic Info

City: Lagos

Region: Lagos

Country: Nigeria

Internet Service Provider: Airtel Networks Limited

Hostname: unknown

Organization: Celtel Nigeria Limited t.a ZAIN

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	Sending out 419 type spam emails from IP 105.112.16.154 (airtel.com) "This is to inform you that i have successfully transferred the funds with a help of a new partner from Columbus Ohio and Presently am in Omen for oil investment projects with my partner and I kept a sealed parcel containing a Atm Master Card of Us$550,000.00 for your compensation towards your past effort"	2019-07-28 01:29:13

Type

Details

Datetime

attackspambots

Sending out 419 type spam emails from IP 
105.112.16.154 (airtel.com)

"This is to inform you that i have successfully 
transferred the funds with a help of a new partner 
from Columbus Ohio and Presently am in Omen 
for oil investment projects with my partner and I 
kept a sealed parcel containing a Atm Master 
Card of Us$550,000.00 for your compensation 
towards your past effort"

2019-07-28 01:29:13

Comments on same subnet:

IP	Type	Details	Datetime
105.112.16.231	attackbotsspam	Attempt to attack host OS, exploiting network vulnerabilities, on 21-11-2019 14:50:24.	2019-11-22 03:36:02

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 105.112.16.154
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36982
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;105.112.16.154.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019072700 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sun Jul 28 01:28:57 CST 2019
;; MSG SIZE  rcvd: 118

Host info

154.16.112.105.in-addr.arpa has no PTR record

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 154.16.112.105.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
175.139.224.89	attack	RDPBruteCAu24	2019-11-07 03:33:45
117.1.203.48	attackbotsspam	Nov 6 15:36:46 vmd17057 sshd\[21862\]: Invalid user admin from 117.1.203.48 port 51060 Nov 6 15:36:46 vmd17057 sshd\[21862\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.1.203.48 Nov 6 15:36:48 vmd17057 sshd\[21862\]: Failed password for invalid user admin from 117.1.203.48 port 51060 ssh2 ...	2019-11-07 02:55:12
89.222.217.9	attackspam	Chat Spam	2019-11-07 03:13:00
14.139.231.130	attack	SSHScan	2019-11-07 03:13:22
219.92.29.250	attackspam	RDPBruteCAu24	2019-11-07 03:35:21
114.119.4.74	attackbotsspam	Nov 6 16:45:21 srv01 sshd[6869]: Invalid user maxime from 114.119.4.74 Nov 6 16:45:21 srv01 sshd[6869]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.119.4.74 Nov 6 16:45:21 srv01 sshd[6869]: Invalid user maxime from 114.119.4.74 Nov 6 16:45:23 srv01 sshd[6869]: Failed password for invalid user maxime from 114.119.4.74 port 58108 ssh2 Nov 6 16:54:45 srv01 sshd[7279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.119.4.74 user=root Nov 6 16:54:47 srv01 sshd[7279]: Failed password for root from 114.119.4.74 port 42040 ssh2 ...	2019-11-07 03:10:39
103.81.86.217	attack	103.81.86.217 - - [06/Nov/2019:18:30:55 +0100] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 103.81.86.217 - - [06/Nov/2019:18:30:57 +0100] "POST /wp-login.php HTTP/1.1" 200 1503 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 103.81.86.217 - - [06/Nov/2019:18:30:58 +0100] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 103.81.86.217 - - [06/Nov/2019:18:31:00 +0100] "POST /wp-login.php HTTP/1.1" 200 1486 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 103.81.86.217 - - [06/Nov/2019:18:31:01 +0100] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 103.81.86.217 - - [06/Nov/2019:18:31:03 +0100] "POST /wp-login.php HTTP/1.1" 200 1486 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-11-07 03:11:48
188.213.49.210	attack	Automatic report - XMLRPC Attack	2019-11-07 03:24:14
89.248.174.0	attackbotsspam	MultiHost/MultiPort Probe, Scan, Hack -	2019-11-07 03:07:54
81.22.45.107	attack	Nov 6 20:12:43 mc1 kernel: \[4353861.955180\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=81.22.45.107 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=36713 PROTO=TCP SPT=43255 DPT=49081 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 6 20:16:29 mc1 kernel: \[4354087.473722\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=81.22.45.107 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=27971 PROTO=TCP SPT=43255 DPT=49107 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 6 20:21:38 mc1 kernel: \[4354396.583478\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=81.22.45.107 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=7252 PROTO=TCP SPT=43255 DPT=48798 WINDOW=1024 RES=0x00 SYN URGP=0 ...	2019-11-07 03:23:57
71.126.167.89	attack	Nov 6 18:25:21 localhost sshd\[30780\]: Invalid user git from 71.126.167.89 port 54106 Nov 6 18:25:21 localhost sshd\[30780\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=71.126.167.89 Nov 6 18:25:23 localhost sshd\[30780\]: Failed password for invalid user git from 71.126.167.89 port 54106 ssh2	2019-11-07 03:02:14
165.227.122.251	attackbotsspam	2019-11-06T16:12:26.554732abusebot-5.cloudsearch.cf sshd\[9219\]: Invalid user gong from 165.227.122.251 port 37658	2019-11-07 03:19:15
5.45.6.66	attack	Nov 6 05:38:03 auw2 sshd\[8538\]: Invalid user nirvana1 from 5.45.6.66 Nov 6 05:38:03 auw2 sshd\[8538\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=066-006-045-005.ip-addr.inexio.net Nov 6 05:38:05 auw2 sshd\[8538\]: Failed password for invalid user nirvana1 from 5.45.6.66 port 39288 ssh2 Nov 6 05:44:32 auw2 sshd\[9221\]: Invalid user cn from 5.45.6.66 Nov 6 05:44:32 auw2 sshd\[9221\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=066-006-045-005.ip-addr.inexio.net	2019-11-07 03:08:41
104.236.94.202	attack	Nov 6 17:17:41 srv206 sshd[2742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.236.94.202 user=root Nov 6 17:17:43 srv206 sshd[2742]: Failed password for root from 104.236.94.202 port 58364 ssh2 ...	2019-11-07 03:25:51
104.174.4.51	attackbotsspam	Nov 6 19:04:26 svapp01 sshd[13742]: User r.r from cpe-104-174-4-51.socal.res.rr.com not allowed because not listed in AllowUsers Nov 6 19:04:26 svapp01 sshd[13742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cpe-104-174-4-51.socal.res.rr.com user=r.r Nov 6 19:04:28 svapp01 sshd[13742]: Failed password for invalid user r.r from 104.174.4.51 port 42860 ssh2 Nov 6 19:04:28 svapp01 sshd[13742]: Received disconnect from 104.174.4.51: 11: Bye Bye [preauth] Nov 6 19:12:15 svapp01 sshd[17197]: User r.r from cpe-104-174-4-51.socal.res.rr.com not allowed because not listed in AllowUsers Nov 6 19:12:15 svapp01 sshd[17197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cpe-104-174-4-51.socal.res.rr.com user=r.r ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=104.174.4.51	2019-11-07 03:32:00

Recently Reported IPs

140.201.164.234	76.19.13.175	158.39.231.30	105.141.118.215
174.128.38.158	71.222.140.74	70.6.199.162	72.27.214.26
221.141.22.134	120.0.160.73	42.179.141.63	112.63.1.166
178.157.132.93	49.234.63.239	193.251.181.206	190.236.30.198
205.145.146.214	133.194.194.225	45.123.117.32	181.71.35.190