107.170.245.66

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
107.170.245.14	attack	ET SCAN Zmap User-Agent (Inbound) alert http $EXTERNAL_NET any -> any any (msg:"ET SCAN Zmap User-Agent (Inbound)"; flow:established,to_server; http.user_agent; content:"Mozilla/5.0 zgrab/0.x"; depth:21; endswith; classtype:network-scan; sid:2029054; rev:2; metadata:created_at 2019_11_26, former_category SCAN, updated_at 2020_10_23;)	2022-12-31 05:30:23
107.170.245.41	attackspam	1 attack on Zyxel CVE-2017-18368 URLs like: 107.170.245.41 - - [06/Jun/2020:00:36:59 +0100] "POST /cgi-bin/ViewLog.asp HTTP/1.1" 403 9	2020-06-06 19:07:26

Type

Details

Datetime

107.170.245.14

attack

ET SCAN Zmap User-Agent (Inbound)
alert http $EXTERNAL_NET any -> any any (msg:"ET SCAN Zmap User-Agent (Inbound)"; flow:established,to_server; http.user_agent; content:"Mozilla/5.0 zgrab/0.x"; depth:21; endswith; classtype:network-scan; sid:2029054; rev:2; metadata:created_at 2019_11_26, former_category SCAN, updated_at 2020_10_23;)

2022-12-31 05:30:23

107.170.245.41

attackspam

1 attack on Zyxel CVE-2017-18368 URLs like:
107.170.245.41 - - [06/Jun/2020:00:36:59 +0100] "POST /cgi-bin/ViewLog.asp HTTP/1.1" 403 9

2020-06-06 19:07:26

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 107.170.245.66
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35003
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;107.170.245.66.			IN	A

;; AUTHORITY SECTION:
.			490	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022030302 1800 900 604800 86400

;; Query time: 67 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Mar 04 11:57:54 CST 2022
;; MSG SIZE  rcvd: 107

Host info

Host 66.245.170.107.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 66.245.170.107.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
203.112.130.102	attackspambots	Unauthorized connection attempt from IP address 203.112.130.102 on Port 445(SMB)	2019-11-26 23:16:07
61.177.172.128	attack	Nov 26 15:47:12 MK-Soft-Root2 sshd[18195]: Failed password for root from 61.177.172.128 port 39128 ssh2 Nov 26 15:47:17 MK-Soft-Root2 sshd[18195]: Failed password for root from 61.177.172.128 port 39128 ssh2 ...	2019-11-26 22:55:52
111.75.178.96	attackspam	Nov 26 20:29:30 vibhu-HP-Z238-Microtower-Workstation sshd\[4462\]: Invalid user Cougar from 111.75.178.96 Nov 26 20:29:30 vibhu-HP-Z238-Microtower-Workstation sshd\[4462\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.75.178.96 Nov 26 20:29:32 vibhu-HP-Z238-Microtower-Workstation sshd\[4462\]: Failed password for invalid user Cougar from 111.75.178.96 port 35132 ssh2 Nov 26 20:35:52 vibhu-HP-Z238-Microtower-Workstation sshd\[4722\]: Invalid user patrizia from 111.75.178.96 Nov 26 20:35:52 vibhu-HP-Z238-Microtower-Workstation sshd\[4722\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.75.178.96 ...	2019-11-26 23:08:35
222.186.175.181	attackbotsspam	Nov 26 04:57:43 web1 sshd\[2611\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.181 user=root Nov 26 04:57:45 web1 sshd\[2611\]: Failed password for root from 222.186.175.181 port 47536 ssh2 Nov 26 04:57:49 web1 sshd\[2611\]: Failed password for root from 222.186.175.181 port 47536 ssh2 Nov 26 04:57:51 web1 sshd\[2611\]: Failed password for root from 222.186.175.181 port 47536 ssh2 Nov 26 04:57:55 web1 sshd\[2611\]: Failed password for root from 222.186.175.181 port 47536 ssh2	2019-11-26 22:59:25
159.89.160.91	attackspambots	Nov 26 16:01:23 sd-53420 sshd\[15153\]: User backup from 159.89.160.91 not allowed because none of user's groups are listed in AllowGroups Nov 26 16:01:23 sd-53420 sshd\[15153\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.160.91 user=backup Nov 26 16:01:25 sd-53420 sshd\[15153\]: Failed password for invalid user backup from 159.89.160.91 port 50212 ssh2 Nov 26 16:08:47 sd-53420 sshd\[16620\]: User mysql from 159.89.160.91 not allowed because none of user's groups are listed in AllowGroups Nov 26 16:08:47 sd-53420 sshd\[16620\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.160.91 user=mysql ...	2019-11-26 23:22:50
116.196.85.166	attackspam	Nov 26 06:06:09 host2 sshd[20069]: Invalid user palo from 116.196.85.166 Nov 26 06:06:09 host2 sshd[20069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.196.85.166 Nov 26 06:06:11 host2 sshd[20069]: Failed password for invalid user palo from 116.196.85.166 port 43490 ssh2 Nov 26 06:06:11 host2 sshd[20069]: Received disconnect from 116.196.85.166: 11: Bye Bye [preauth] Nov 26 06:31:06 host2 sshd[22463]: Invalid user guest from 116.196.85.166 Nov 26 06:31:06 host2 sshd[22463]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.196.85.166 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=116.196.85.166	2019-11-26 22:54:28
27.69.242.187	attack	Nov 26 10:21:45 plusreed sshd[19279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.69.242.187 user=root Nov 26 10:21:47 plusreed sshd[19279]: Failed password for root from 27.69.242.187 port 14920 ssh2 ...	2019-11-26 23:27:24
36.73.208.232	attackspam	Unauthorised access (Nov 26) SRC=36.73.208.232 LEN=52 TTL=116 ID=10834 DF TCP DPT=445 WINDOW=8192 SYN	2019-11-26 23:14:31
31.185.104.20	attackbots	Automatic report - Banned IP Access	2019-11-26 23:32:12
119.123.241.137	attackbots	Unauthorized connection attempt from IP address 119.123.241.137 on Port 445(SMB)	2019-11-26 23:32:47
178.128.31.218	attackbotsspam	WordPress login Brute force / Web App Attack on client site.	2019-11-26 22:58:58
185.209.0.32	attack	11/26/2019-16:02:22.597619 185.209.0.32 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-11-26 23:22:35
182.61.138.112	attack	11/26/2019-09:46:39.433304 182.61.138.112 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-11-26 23:30:47
222.186.175.150	attackbots	Nov 26 18:20:22 server sshd\[26191\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.150 user=root Nov 26 18:20:24 server sshd\[26191\]: Failed password for root from 222.186.175.150 port 25578 ssh2 Nov 26 18:20:27 server sshd\[26191\]: Failed password for root from 222.186.175.150 port 25578 ssh2 Nov 26 18:20:31 server sshd\[26191\]: Failed password for root from 222.186.175.150 port 25578 ssh2 Nov 26 18:20:34 server sshd\[26191\]: Failed password for root from 222.186.175.150 port 25578 ssh2 ...	2019-11-26 23:21:04
218.92.0.138	attackbotsspam	Nov 26 05:05:40 hanapaa sshd\[18962\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.138 user=root Nov 26 05:05:42 hanapaa sshd\[18962\]: Failed password for root from 218.92.0.138 port 64704 ssh2 Nov 26 05:05:55 hanapaa sshd\[18962\]: Failed password for root from 218.92.0.138 port 64704 ssh2 Nov 26 05:05:59 hanapaa sshd\[19003\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.138 user=root Nov 26 05:06:01 hanapaa sshd\[19003\]: Failed password for root from 218.92.0.138 port 29391 ssh2	2019-11-26 23:15:37

Recently Reported IPs

107.170.209.127	112.83.128.245	107.170.241.52	107.170.33.193
107.170.200.173	112.83.128.251	112.83.128.253	107.172.31.194
107.172.247.236	107.172.31.158	107.172.247.208	107.172.31.236
107.172.247.216	107.172.255.44	107.172.32.106	107.172.31.168
107.172.32.10	112.83.128.36	107.172.34.116	107.172.30.42