148.70.166.52 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Tencent Cloud Computing (Beijing) Co. Ltd

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Jul 14 12:27:30 v22018076622670303 sshd\[21390\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.166.52 user=root Jul 14 12:27:32 v22018076622670303 sshd\[21390\]: Failed password for root from 148.70.166.52 port 49234 ssh2 Jul 14 12:33:33 v22018076622670303 sshd\[21412\]: Invalid user teste from 148.70.166.52 port 46858 Jul 14 12:33:33 v22018076622670303 sshd\[21412\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.166.52 ...	2019-07-14 19:57:58
attackspam	May 19 19:24:54 server sshd\[229221\]: Invalid user admin1 from 148.70.166.52 May 19 19:24:54 server sshd\[229221\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.166.52 May 19 19:24:57 server sshd\[229221\]: Failed password for invalid user admin1 from 148.70.166.52 port 50252 ssh2 ...	2019-07-12 03:35:06
attack	[portscan] tcp/1433 [MsSQL] *(RWIN=29200)(06261032)	2019-06-26 17:19:58

Type

Details

Datetime

attack

Jul 14 12:27:30 v22018076622670303 sshd\[21390\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.166.52  user=root
Jul 14 12:27:32 v22018076622670303 sshd\[21390\]: Failed password for root from 148.70.166.52 port 49234 ssh2
Jul 14 12:33:33 v22018076622670303 sshd\[21412\]: Invalid user teste from 148.70.166.52 port 46858
Jul 14 12:33:33 v22018076622670303 sshd\[21412\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.166.52
...

2019-07-14 19:57:58

attackspam

May 19 19:24:54 server sshd\[229221\]: Invalid user admin1 from 148.70.166.52
May 19 19:24:54 server sshd\[229221\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.166.52
May 19 19:24:57 server sshd\[229221\]: Failed password for invalid user admin1 from 148.70.166.52 port 50252 ssh2
...

2019-07-12 03:35:06

attack

[portscan] tcp/1433 [MsSQL]
*(RWIN=29200)(06261032)

2019-06-26 17:19:58

Comments on same subnet:

IP	Type	Details	Datetime
148.70.166.93	attackbots	Apr 9 14:59:45 sxvn sshd[49093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.166.93	2020-04-10 02:48:47

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 148.70.166.52
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61787
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;148.70.166.52.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019042702 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Sun Apr 28 06:01:23 +08 2019
;; MSG SIZE  rcvd: 117

Host info

Host 52.166.70.148.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 52.166.70.148.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
112.168.153.23	attack	Unauthorized connection attempt detected from IP address 112.168.153.23 to port 4567 [J]	2020-01-06 05:11:06
221.163.210.239	attack	Unauthorized connection attempt detected from IP address 221.163.210.239 to port 23	2020-01-06 05:25:55
41.34.17.3	attackbots	Unauthorized connection attempt detected from IP address 41.34.17.3 to port 2323	2020-01-06 05:23:41
212.171.220.200	attackbotsspam	Unauthorized connection attempt detected from IP address 212.171.220.200 to port 5555	2020-01-06 05:27:18
170.178.169.42	attack	Unauthorized connection attempt detected from IP address 170.178.169.42 to port 7001	2020-01-06 05:35:52
79.107.239.144	attackbotsspam	Unauthorized connection attempt detected from IP address 79.107.239.144 to port 23	2020-01-06 05:17:24
112.186.145.105	attackbots	Unauthorized connection attempt detected from IP address 112.186.145.105 to port 4567 [J]	2020-01-06 05:38:01
167.63.22.237	attack	Unauthorized connection attempt detected from IP address 167.63.22.237 to port 8000	2020-01-06 05:07:32
190.210.237.212	attackbots	Unauthorized connection attempt detected from IP address 190.210.237.212 to port 445	2020-01-06 05:04:19
64.92.52.60	attackbots	Unauthorized connection attempt detected from IP address 64.92.52.60 to port 5555	2020-01-06 05:20:43
191.249.236.80	attackbotsspam	Unauthorized connection attempt detected from IP address 191.249.236.80 to port 23	2020-01-06 05:03:22
201.92.105.168	attack	Unauthorized connection attempt detected from IP address 201.92.105.168 to port 8080	2020-01-06 05:29:00
41.38.224.151	attackbots	Unauthorized connection attempt detected from IP address 41.38.224.151 to port 81	2020-01-06 05:22:43
189.46.26.254	attackbots	Unauthorized connection attempt detected from IP address 189.46.26.254 to port 4567 [J]	2020-01-06 05:32:02
177.102.5.83	attackspambots	Unauthorized connection attempt detected from IP address 177.102.5.83 to port 80	2020-01-06 05:06:30

Recently Reported IPs

110.53.182.126	104.47.1.33	89.91.163.15	118.174.65.251
112.219.201.124	185.208.208.186	210.221.136.144	200.35.53.121
114.108.185.93	58.137.5.50	203.99.184.247	43.139.83.95
113.92.107.41	169.47.196.197	203.134.210.36	199.249.230.114
202.75.207.106	96.78.45.206	144.135.236.152	198.96.155.3