129.82.138.12 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Colorado State University

Hostname: unknown

Organization: unknown

Usage Type: University/College/School

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Nearly every day: ------------------------ Date: 3/19/2020 13:47:21 The packet below Src: 129.82.138.12 Dst: 0.0.0.0 (ICMP) IP-Packet (32 Bytes): 45 00 00 20 00 00 40 00 33 01 4e 57 81 52 8a 0c \| E.. ..@. 3.NW.R.. 00 00 00 00 08 00 7c 54 86 19 7b ed a0 90 d9 13 \| ......\|T ..{..... matched this filter rule: intruder detection	2020-03-19 21:03:54

Type

Details

Datetime

attackspam

Nearly every day:
------------------------
Date: 3/19/2020 13:47:21

The packet below

Src: 129.82.138.12  Dst: 0.0.0.0 (ICMP)

IP-Packet (32 Bytes):

   45 00 00 20 00 00 40 00  33 01 4e 57 81 52 8a 0c | E.. ..@. 3.NW.R..
   00 00 00 00 08 00 7c 54  86 19 7b ed a0 90 d9 13 | ......|T ..{.....

matched this filter rule: intruder detection

2020-03-19 21:03:54

Comments on same subnet:

IP	Type	Details	Datetime
129.82.138.44	attack	srv02 Mass scanning activity detected Target: - ..	2020-08-19 20:49:55
129.82.138.44	attack	srv02 Mass scanning activity detected Target: - ..	2020-08-13 18:46:19
129.82.138.31	attackbotsspam	1 Attack(s) Detected [DoS Attack: Ping Sweep] from source: 129.82.138.31, Tuesday, August 11, 2020 01:21:01	2020-08-13 15:06:19
129.82.138.44	attackspam	Viewed in Firewall log	2020-07-08 06:29:53
129.82.138.44	attack	countinuos ping	2020-02-11 00:28:24
129.82.138.44	attackbots	ICMP MP Probe, Scan -	2019-07-24 04:04:29

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 129.82.138.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20359
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;129.82.138.12.			IN	A

;; AUTHORITY SECTION:
.			119	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020031900 1800 900 604800 86400

;; Query time: 92 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Mar 19 21:03:47 CST 2020
;; MSG SIZE  rcvd: 117

Host info

12.138.82.129.in-addr.arpa domain name pointer pinger1a.netsec.colostate.edu.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
12.138.82.129.in-addr.arpa	name = pinger1a.netsec.colostate.edu.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
119.123.30.11	attackspam	Jan 6 21:52:13 grey postfix/smtpd\[30301\]: NOQUEUE: reject: RCPT from unknown\[119.123.30.11\]: 554 5.7.1 Service unavailable\; Client host \[119.123.30.11\] blocked using truncate.gbudb.net\; http://www.gbudb.com/truncate/ \[119.123.30.11\]\; from=\ to=\ proto=ESMTP helo=\ ...	2020-01-07 06:18:28
51.158.25.170	attackbotsspam	Portscan or hack attempt detected by psad/fwsnort	2020-01-07 06:42:51
193.29.15.169	attackspambots	193.29.15.169 was recorded 7 times by 4 hosts attempting to connect to the following ports: 53,1900. Incident counter (4h, 24h, all-time): 7, 9, 1865	2020-01-07 06:27:06
118.89.215.65	attack	118.89.215.65 - - [06/Jan/2020:20:51:31 +0000] "POST /wp-login.php HTTP/1.1" 200 6409 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 118.89.215.65 - - [06/Jan/2020:20:51:33 +0000] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-01-07 06:41:41
188.213.49.242	attack	ft-1848-fussball.de 188.213.49.242 [06/Jan/2020:21:52:01 +0100] "POST /wp-login.php HTTP/1.1" 200 7294 "http://ft-1848-fussball.de/wp-login.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)" ft-1848-fussball.de 188.213.49.242 [06/Jan/2020:21:52:04 +0100] "POST /wp-login.php HTTP/1.1" 200 7294 "http://ft-1848-fussball.de/wp-login.php" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 125LA; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)"	2020-01-07 06:23:34
178.128.236.202	attack	178.128.236.202 - - [06/Jan/2020:21:51:41 +0100] "POST /wp-login.php HTTP/1.1" 200 3121 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 178.128.236.202 - - [06/Jan/2020:21:51:42 +0100] "POST /wp-login.php HTTP/1.1" 200 3100 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-01-07 06:36:29
149.56.101.239	attackbotsspam	149.56.101.239 - - \[06/Jan/2020:21:51:08 +0100\] "POST /wp-login.php HTTP/1.0" 200 6699 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 149.56.101.239 - - \[06/Jan/2020:21:51:10 +0100\] "POST /wp-login.php HTTP/1.0" 200 6499 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 149.56.101.239 - - \[06/Jan/2020:21:51:11 +0100\] "POST /wp-login.php HTTP/1.0" 200 6515 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-01-07 06:50:38
114.97.186.174	attack	Brute force attempt	2020-01-07 06:50:00
51.77.195.1	attackspam	Unauthorized connection attempt detected from IP address 51.77.195.1 to port 2220 [J]	2020-01-07 06:22:27
122.176.94.49	attackspam	port scan and connect, tcp 1433 (ms-sql-s)	2020-01-07 06:24:17
45.117.83.36	attack	Jan 6 15:49:55 ny01 sshd[23160]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.117.83.36 Jan 6 15:49:58 ny01 sshd[23160]: Failed password for invalid user user from 45.117.83.36 port 50432 ssh2 Jan 6 15:52:01 ny01 sshd[23332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.117.83.36	2020-01-07 06:26:50
42.236.10.120	attack	Automated report (2020-01-06T20:51:59+00:00). Scraper detected at this address.	2020-01-07 06:28:54
120.131.11.224	attackbots	Unauthorized connection attempt detected from IP address 120.131.11.224 to port 2220 [J]	2020-01-07 06:47:10
222.186.173.215	attackbots	2020-01-04 22:28:17 -> 2020-01-06 13:05:10 : 21 login attempts (222.186.173.215)	2020-01-07 06:26:09
47.104.183.126	attack	2020-01-06T22:27:13Z - RDP login failed multiple times. (47.104.183.126)	2020-01-07 06:46:43

Recently Reported IPs

83.234.176.36	49.70.59.58	43.251.117.161	66.161.227.18
18.218.131.215	189.211.0.245	70.110.19.191	156.204.236.51
180.251.4.111	111.229.216.237	5.231.165.176	103.246.241.243
141.204.118.229	62.210.201.108	137.220.175.34	197.45.105.133
191.241.244.6	188.113.176.12	178.242.196.78	222.252.32.219