112.166.131.114

Basic Info

City: unknown

Region: unknown

Country: Korea, Republic of

Internet Service Provider: KT Corporation

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Honeypot attack, port: 5555, PTR: PTR record not found	2020-01-06 08:44:40
attackbots	Unauthorized connection attempt detected from IP address 112.166.131.114 to port 5555 [J]	2020-01-06 04:43:16
attackbotsspam	Nov 4 09:43:06 mc1 kernel: \[4143292.752115\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=112.166.131.114 DST=159.69.205.51 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=18136 DF PROTO=TCP SPT=32815 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 4 09:43:07 mc1 kernel: \[4143293.748502\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=112.166.131.114 DST=159.69.205.51 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=18137 DF PROTO=TCP SPT=32815 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 Nov 4 09:43:09 mc1 kernel: \[4143295.745792\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=112.166.131.114 DST=159.69.205.51 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=18138 DF PROTO=TCP SPT=32815 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 ...	2019-11-04 16:55:18

Type

Details

Datetime

attackspam

Honeypot attack, port: 5555, PTR: PTR record not found

2020-01-06 08:44:40

attackbots

Unauthorized connection attempt detected from IP address 112.166.131.114 to port 5555 [J]

2020-01-06 04:43:16

attackbotsspam

Nov  4 09:43:06 mc1 kernel: \[4143292.752115\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=112.166.131.114 DST=159.69.205.51 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=18136 DF PROTO=TCP SPT=32815 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 
Nov  4 09:43:07 mc1 kernel: \[4143293.748502\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=112.166.131.114 DST=159.69.205.51 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=18137 DF PROTO=TCP SPT=32815 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 
Nov  4 09:43:09 mc1 kernel: \[4143295.745792\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=112.166.131.114 DST=159.69.205.51 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=18138 DF PROTO=TCP SPT=32815 DPT=5555 WINDOW=65535 RES=0x00 SYN URGP=0 
...

2019-11-04 16:55:18

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 112.166.131.114
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43788
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;112.166.131.114.		IN	A

;; AUTHORITY SECTION:
.			174	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019110400 1800 900 604800 86400

;; Query time: 103 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Nov 04 16:55:15 CST 2019
;; MSG SIZE  rcvd: 119

Host info

Host 114.131.166.112.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 114.131.166.112.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
103.99.1.35	attackbots	SSH login attempts.	2020-05-28 17:17:46
106.12.12.242	attack	Invalid user stef from 106.12.12.242 port 34176	2020-05-28 17:59:31
118.201.65.165	attack	(sshd) Failed SSH login from 118.201.65.165 (SG/Singapore/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: May 28 06:22:59 s1 sshd[21995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.201.65.165 user=root May 28 06:23:02 s1 sshd[21995]: Failed password for root from 118.201.65.165 port 53431 ssh2 May 28 07:03:20 s1 sshd[22776]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.201.65.165 user=root May 28 07:03:22 s1 sshd[22776]: Failed password for root from 118.201.65.165 port 53227 ssh2 May 28 07:11:41 s1 sshd[22911]: Invalid user gudbrand from 118.201.65.165 port 45735	2020-05-28 17:49:58
61.72.255.26	attack	21 attempts against mh-ssh on cloud	2020-05-28 17:31:30
200.255.122.170	attackbotsspam	2,63-02/33 [bc01/m170] PostRequest-Spammer scoring: zurich	2020-05-28 17:33:27
195.68.173.29	attackspam	May 28 06:45:11 prox sshd[4930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.68.173.29 May 28 06:45:13 prox sshd[4930]: Failed password for invalid user filip from 195.68.173.29 port 42750 ssh2	2020-05-28 17:34:13
164.138.23.149	attackbotsspam	May 28 07:17:10 vmd17057 sshd[28648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.138.23.149 May 28 07:17:13 vmd17057 sshd[28648]: Failed password for invalid user svn from 164.138.23.149 port 43569 ssh2 ...	2020-05-28 17:29:20
45.227.255.224	attack	73 packets to ports 21 22 102 106 110 123 125 143 220 443 465 502 587 626 631 993 995 1434 1521 1911 2525 3306 3307 3308 5432 5672 6379 7547 8007 8080 8090 8095 8443 8888 8983 9000 9200 10025 20000 27017 47808	2020-05-28 17:41:53
106.13.176.163	attackbotsspam	May 28 09:15:40 minden010 sshd[439]: Failed password for root from 106.13.176.163 port 56576 ssh2 May 28 09:17:10 minden010 sshd[971]: Failed password for root from 106.13.176.163 port 45370 ssh2 May 28 09:18:42 minden010 sshd[1230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.176.163 ...	2020-05-28 17:55:02
189.126.168.43	attack	[portscan] tcp/1433 [MsSQL] *(RWIN=1024)(05280955)	2020-05-28 17:38:09
95.163.74.40	attackspam	May 28 11:00:06 ovpn sshd\[26765\]: Invalid user doctor from 95.163.74.40 May 28 11:00:06 ovpn sshd\[26765\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.163.74.40 May 28 11:00:09 ovpn sshd\[26765\]: Failed password for invalid user doctor from 95.163.74.40 port 59898 ssh2 May 28 11:03:37 ovpn sshd\[27640\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.163.74.40 user=root May 28 11:03:38 ovpn sshd\[27640\]: Failed password for root from 95.163.74.40 port 37110 ssh2	2020-05-28 17:48:45
92.86.10.102	attack	SSH login attempts.	2020-05-28 17:57:05
177.241.103.68	attack	May 28 09:42:45 eventyay sshd[32247]: Failed password for root from 177.241.103.68 port 57316 ssh2 May 28 09:46:32 eventyay sshd[32382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.241.103.68 May 28 09:46:34 eventyay sshd[32382]: Failed password for invalid user IntraStack from 177.241.103.68 port 34876 ssh2 ...	2020-05-28 17:42:38
49.232.27.254	attackspam	2020-05-28T05:48:24.487327v22018076590370373 sshd[27059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.232.27.254 2020-05-28T05:48:24.480485v22018076590370373 sshd[27059]: Invalid user Administrator from 49.232.27.254 port 48240 2020-05-28T05:48:26.301917v22018076590370373 sshd[27059]: Failed password for invalid user Administrator from 49.232.27.254 port 48240 ssh2 2020-05-28T05:53:18.307993v22018076590370373 sshd[9341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.232.27.254 user=root 2020-05-28T05:53:20.147856v22018076590370373 sshd[9341]: Failed password for root from 49.232.27.254 port 44158 ssh2 ...	2020-05-28 17:51:23
43.245.185.66	attackspambots	Auto Fail2Ban report, multiple SSH login attempts.	2020-05-28 17:40:52

Recently Reported IPs

181.93.184.148	123.21.117.201	115.79.74.44	121.123.21.164
1.9.46.202	185.254.0.200	160.83.36.133	95.15.21.232
116.255.159.177	119.196.213.20	45.82.34.57	49.235.33.73
178.207.108.110	50.232.156.154	5.233.227.235	71.138.18.59
54.36.168.119	171.22.25.50	89.247.123.56	24.39.148.246