148.70.149.92 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Tencent Cloud Computing (Beijing) Co. Ltd

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	IP 148.70.149.92 attacked honeypot on port: 6379 at 8/6/2020 6:24:56 AM	2020-08-06 22:59:35

Comments on same subnet:

IP	Type	Details	Datetime
148.70.149.39	attackspam	Automatic report - Banned IP Access	2020-10-12 21:23:15
148.70.149.39	attack	Oct 12 04:47:44 *** sshd[4974]: User root from 148.70.149.39 not allowed because not listed in AllowUsers	2020-10-12 12:53:33
148.70.149.39	attackbots	SSH Bruteforce Attempt on Honeypot	2020-10-05 07:52:36
148.70.149.39	attackbotsspam	vps:sshd-InvalidUser	2020-10-05 00:12:23
148.70.149.39	attackbotsspam	Cowrie Honeypot: 3 unauthorised SSH/Telnet login attempts between 2020-09-28T21:05:13Z and 2020-09-28T21:22:52Z	2020-09-29 06:55:27
148.70.149.39	attackbots	(sshd) Failed SSH login from 148.70.149.39 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 28 14:01:30 server2 sshd[13641]: Invalid user trade from 148.70.149.39 port 34092 Sep 28 14:01:33 server2 sshd[13641]: Failed password for invalid user trade from 148.70.149.39 port 34092 ssh2 Sep 28 14:14:11 server2 sshd[16006]: Invalid user lj from 148.70.149.39 port 54884 Sep 28 14:14:13 server2 sshd[16006]: Failed password for invalid user lj from 148.70.149.39 port 54884 ssh2 Sep 28 14:22:37 server2 sshd[17482]: Invalid user sistema from 148.70.149.39 port 33408	2020-09-28 23:23:37
148.70.149.39	attack	Sep 21 12:42:43 ourumov-web sshd\[15034\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.149.39 user=root Sep 21 12:42:45 ourumov-web sshd\[15034\]: Failed password for root from 148.70.149.39 port 51236 ssh2 Sep 21 12:48:22 ourumov-web sshd\[15390\]: Invalid user jenkins from 148.70.149.39 port 45552 ...	2020-09-21 21:08:48
148.70.149.39	attack	fail2ban detected brute force on sshd	2020-09-21 12:55:48
148.70.149.39	attackspam	Bruteforce detected by fail2ban	2020-09-21 04:47:23
148.70.149.39	attack	148.70.149.39 (CN/China/-), 9 distributed sshd attacks on account [admin] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Sep 20 13:03:10 server4 sshd[16368]: Invalid user admin from 71.11.134.32 Sep 20 12:53:10 server4 sshd[10082]: Invalid user admin from 24.237.89.47 Sep 20 12:53:17 server4 sshd[10390]: Invalid user admin from 148.70.149.39 Sep 20 12:53:19 server4 sshd[10390]: Failed password for invalid user admin from 148.70.149.39 port 59694 ssh2 Sep 20 12:57:11 server4 sshd[12743]: Failed password for invalid user admin from 96.42.78.206 port 35605 ssh2 Sep 20 12:57:12 server4 sshd[12773]: Invalid user admin from 96.42.78.206 Sep 20 12:57:07 server4 sshd[12739]: Invalid user admin from 96.42.78.206 Sep 20 12:57:08 server4 sshd[12739]: Failed password for invalid user admin from 96.42.78.206 port 35526 ssh2 Sep 20 12:57:09 server4 sshd[12743]: Invalid user admin from 96.42.78.206 IP Addresses Blocked: 71.11.134.32 (US/United States/-) 24.237.89.47 (US/United States/-)	2020-09-21 01:26:05
148.70.149.39	attackspambots	2020-09-20T10:10:30.071493ollin.zadara.org sshd[788155]: Invalid user postgresql from 148.70.149.39 port 46284 2020-09-20T10:10:31.682239ollin.zadara.org sshd[788155]: Failed password for invalid user postgresql from 148.70.149.39 port 46284 ssh2 ...	2020-09-20 17:25:03
148.70.149.39	attackbots	Time: Mon Sep 7 18:38:15 2020 +0200 IP: 148.70.149.39 (CN/China/-) Failures: 5 (sshd) Interval: 3600 seconds Blocked: Permanent Block [LF_SSHD] Log entries: Sep 7 18:33:10 mail-03 sshd[30399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.149.39 user=root Sep 7 18:33:12 mail-03 sshd[30399]: Failed password for root from 148.70.149.39 port 34256 ssh2 Sep 7 18:36:18 mail-03 sshd[30568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.149.39 user=root Sep 7 18:36:20 mail-03 sshd[30568]: Failed password for root from 148.70.149.39 port 58714 ssh2 Sep 7 18:38:11 mail-03 sshd[30677]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.149.39 user=root	2020-09-08 02:30:22
148.70.149.39	attackbots	Sep 7 16:28:31 webhost01 sshd[663]: Failed password for root from 148.70.149.39 port 41884 ssh2 ...	2020-09-07 17:56:12
148.70.149.39	attackspambots	Invalid user drake from 148.70.149.39 port 33452	2020-08-30 18:01:25
148.70.149.39	attack	Invalid user media from 148.70.149.39 port 38948	2020-08-29 06:01:40

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 148.70.149.92
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54968
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;148.70.149.92.			IN	A

;; AUTHORITY SECTION:
.			160	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020080602 1800 900 604800 86400

;; Query time: 23 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Aug 06 22:59:30 CST 2020
;; MSG SIZE  rcvd: 117

Host info

Host 92.149.70.148.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 92.149.70.148.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
159.65.136.141	attackspambots	(sshd) Failed SSH login from 159.65.136.141 (SG/Singapore/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 18 02:53:45 server sshd[5846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.136.141 user=root Sep 18 02:53:47 server sshd[5846]: Failed password for root from 159.65.136.141 port 39760 ssh2 Sep 18 02:59:06 server sshd[9357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.136.141 user=root Sep 18 02:59:08 server sshd[9357]: Failed password for root from 159.65.136.141 port 38620 ssh2 Sep 18 03:01:20 server sshd[11158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.136.141 user=root	2020-09-18 18:19:36
179.49.134.211	attackspam	Sep 17 18:22:57 mail.srvfarm.net postfix/smtpd[157369]: warning: unknown[179.49.134.211]: SASL PLAIN authentication failed: Sep 17 18:22:57 mail.srvfarm.net postfix/smtpd[157369]: lost connection after AUTH from unknown[179.49.134.211] Sep 17 18:24:30 mail.srvfarm.net postfix/smtps/smtpd[157154]: warning: unknown[179.49.134.211]: SASL PLAIN authentication failed: Sep 17 18:24:31 mail.srvfarm.net postfix/smtps/smtpd[157154]: lost connection after AUTH from unknown[179.49.134.211] Sep 17 18:32:53 mail.srvfarm.net postfix/smtpd[157365]: warning: unknown[179.49.134.211]: SASL PLAIN authentication failed:	2020-09-18 17:58:41
82.64.46.144	attackspambots	Sep 18 11:22:03 v22018053744266470 sshd[9163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82-64-46-144.subs.proxad.net Sep 18 11:22:03 v22018053744266470 sshd[9165]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82-64-46-144.subs.proxad.net Sep 18 11:22:04 v22018053744266470 sshd[9163]: Failed password for invalid user pi from 82.64.46.144 port 42622 ssh2 ...	2020-09-18 18:23:54
191.53.105.99	attack	Attempted Brute Force (dovecot)	2020-09-18 17:55:45
136.61.209.73	attack	2020-09-17T17:49:02.510687shield sshd\[5206\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.61.209.73 user=root 2020-09-17T17:49:05.023889shield sshd\[5206\]: Failed password for root from 136.61.209.73 port 32806 ssh2 2020-09-17T17:51:15.130814shield sshd\[5502\]: Invalid user postgres from 136.61.209.73 port 39346 2020-09-17T17:51:15.146072shield sshd\[5502\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.61.209.73 2020-09-17T17:51:16.912753shield sshd\[5502\]: Failed password for invalid user postgres from 136.61.209.73 port 39346 ssh2	2020-09-18 18:29:11
95.38.213.130	attack	Sep 17 18:35:59 mail.srvfarm.net postfix/smtps/smtpd[159171]: warning: unknown[95.38.213.130]: SASL PLAIN authentication failed: Sep 17 18:35:59 mail.srvfarm.net postfix/smtps/smtpd[159171]: lost connection after AUTH from unknown[95.38.213.130] Sep 17 18:36:13 mail.srvfarm.net postfix/smtpd[157367]: warning: unknown[95.38.213.130]: SASL PLAIN authentication failed: Sep 17 18:36:13 mail.srvfarm.net postfix/smtpd[157367]: lost connection after AUTH from unknown[95.38.213.130] Sep 17 18:40:25 mail.srvfarm.net postfix/smtpd[156675]: warning: unknown[95.38.213.130]: SASL PLAIN authentication failed:	2020-09-18 18:03:19
172.82.239.22	attack	Sep 17 18:10:24 mail.srvfarm.net postfix/smtpd[143203]: lost connection after STARTTLS from r22.news.eu.rvca.com[172.82.239.22] Sep 17 18:11:33 mail.srvfarm.net postfix/smtpd[143209]: lost connection after STARTTLS from r22.news.eu.rvca.com[172.82.239.22] Sep 17 18:15:15 mail.srvfarm.net postfix/smtpd[143204]: lost connection after STARTTLS from r22.news.eu.rvca.com[172.82.239.22] Sep 17 18:17:55 mail.srvfarm.net postfix/smtpd[143201]: lost connection after STARTTLS from r22.news.eu.rvca.com[172.82.239.22] Sep 17 18:18:16 mail.srvfarm.net postfix/smtpd[157366]: lost connection after STARTTLS from r22.news.eu.rvca.com[172.82.239.22]	2020-09-18 18:10:14
146.56.193.203	attackbots	Sep 18 12:24:38 rancher-0 sshd[116855]: Invalid user user1 from 146.56.193.203 port 34196 Sep 18 12:24:40 rancher-0 sshd[116855]: Failed password for invalid user user1 from 146.56.193.203 port 34196 ssh2 ...	2020-09-18 18:28:58
62.210.194.7	attack	Sep 17 18:10:23 mail.srvfarm.net postfix/smtpd[156675]: lost connection after STARTTLS from r7.news.eu.rvca.com[62.210.194.7] Sep 17 18:11:34 mail.srvfarm.net postfix/smtpd[156676]: lost connection after STARTTLS from r7.news.eu.rvca.com[62.210.194.7] Sep 17 18:15:14 mail.srvfarm.net postfix/smtpd[143218]: lost connection after STARTTLS from r7.news.eu.rvca.com[62.210.194.7] Sep 17 18:17:54 mail.srvfarm.net postfix/smtpd[143218]: lost connection after STARTTLS from r7.news.eu.rvca.com[62.210.194.7] Sep 17 18:18:17 mail.srvfarm.net postfix/smtpd[143208]: lost connection after STARTTLS from r7.news.eu.rvca.com[62.210.194.7]	2020-09-18 18:14:51
62.210.194.9	attackspam	Sep 17 18:10:24 mail.srvfarm.net postfix/smtpd[156676]: lost connection after STARTTLS from r9.news.eu.rvca.com[62.210.194.9] Sep 17 18:11:35 mail.srvfarm.net postfix/smtpd[143218]: lost connection after STARTTLS from r9.news.eu.rvca.com[62.210.194.9] Sep 17 18:15:15 mail.srvfarm.net postfix/smtpd[156675]: lost connection after STARTTLS from r9.news.eu.rvca.com[62.210.194.9] Sep 17 18:17:55 mail.srvfarm.net postfix/smtpd[156675]: lost connection after STARTTLS from r9.news.eu.rvca.com[62.210.194.9] Sep 17 18:18:18 mail.srvfarm.net postfix/smtpd[143201]: lost connection after STARTTLS from r9.news.eu.rvca.com[62.210.194.9]	2020-09-18 18:14:07
177.200.64.122	attack	Attempted Brute Force (dovecot)	2020-09-18 18:28:23
177.39.142.108	attack	SASL PLAIN auth failed: ruser=...	2020-09-18 18:09:23
172.82.239.21	attack	Sep 17 18:10:24 mail.srvfarm.net postfix/smtpd[143218]: lost connection after STARTTLS from r21.news.eu.rvca.com[172.82.239.21] Sep 17 18:11:32 mail.srvfarm.net postfix/smtpd[156676]: lost connection after STARTTLS from r21.news.eu.rvca.com[172.82.239.21] Sep 17 18:15:15 mail.srvfarm.net postfix/smtpd[143218]: lost connection after STARTTLS from r21.news.eu.rvca.com[172.82.239.21] Sep 17 18:17:55 mail.srvfarm.net postfix/smtpd[143206]: lost connection after STARTTLS from r21.news.eu.rvca.com[172.82.239.21] Sep 17 18:18:15 mail.srvfarm.net postfix/smtpd[157367]: lost connection after STARTTLS from r21.news.eu.rvca.com[172.82.239.21]	2020-09-18 18:10:46
106.12.171.188	attackspam	Sep 18 03:46:02 raspberrypi sshd\[11400\]: Invalid user admin from 106.12.171.188 ...	2020-09-18 18:23:36
106.12.210.166	attack	sshd: Failed password for .... from 106.12.210.166 port 60092 ssh2 (8 attempts)	2020-09-18 18:26:15

Recently Reported IPs

183.190.87.21	188.24.20.8	230.254.203.62	148.207.86.108
82.5.3.46	187.162.28.159	32.107.58.93	186.194.88.210
173.245.54.72	114.227.24.233	103.236.134.132	217.137.43.111
47.148.101.205	5.81.225.180	179.177.220.255	162.254.227.147
94.25.181.232	114.231.42.126	183.89.165.253	103.44.249.61