148.70.208.12 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Tencent Cloud Computing (Beijing) Co. Ltd

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Mar 16 20:12:44 vps339862 kernel: \[3604879.571721\] \[iptables\] PORT DENIED: IN=eth0 OUT= MAC=fa:16:3e:65:a1:f6:06:39:8f:aa:3b:a2:08:00 SRC=148.70.208.12 DST=51.254.206.43 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=27770 DF PROTO=TCP SPT=40862 DPT=12850 SEQ=3034203155 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT \(020405900402080AB6C028690000000001030307\) Mar 16 20:12:45 vps339862 kernel: \[3604880.574204\] \[iptables\] PORT DENIED: IN=eth0 OUT= MAC=fa:16:3e:65:a1:f6:06:39:8f:aa:3b:a2:08:00 SRC=148.70.208.12 DST=51.254.206.43 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=27771 DF PROTO=TCP SPT=40862 DPT=12850 SEQ=3034203155 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT \(020405900402080AB6C02C540000000001030307\) Mar 16 20:12:47 vps339862 kernel: \[3604882.578035\] \[iptables\] PORT DENIED: IN=eth0 OUT= MAC=fa:16:3e:65:a1:f6:06:39:8f:aa:3b:a2:08:00 SRC=148.70.208.12 DST=51.254.206.43 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=27772 DF PROTO=TCP SPT=40862 DPT=12850 SEQ=3034203155 ACK=0 WINDOW=29200 RES=0x00 SY ...	2020-03-17 03:48:17

Type

Details

Datetime

attackspam

Mar 16 20:12:44 vps339862 kernel: \[3604879.571721\] \[iptables\] PORT DENIED: IN=eth0 OUT= MAC=fa:16:3e:65:a1:f6:06:39:8f:aa:3b:a2:08:00 SRC=148.70.208.12 DST=51.254.206.43 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=27770 DF PROTO=TCP SPT=40862 DPT=12850 SEQ=3034203155 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT \(020405900402080AB6C028690000000001030307\) 
Mar 16 20:12:45 vps339862 kernel: \[3604880.574204\] \[iptables\] PORT DENIED: IN=eth0 OUT= MAC=fa:16:3e:65:a1:f6:06:39:8f:aa:3b:a2:08:00 SRC=148.70.208.12 DST=51.254.206.43 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=27771 DF PROTO=TCP SPT=40862 DPT=12850 SEQ=3034203155 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 OPT \(020405900402080AB6C02C540000000001030307\) 
Mar 16 20:12:47 vps339862 kernel: \[3604882.578035\] \[iptables\] PORT DENIED: IN=eth0 OUT= MAC=fa:16:3e:65:a1:f6:06:39:8f:aa:3b:a2:08:00 SRC=148.70.208.12 DST=51.254.206.43 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=27772 DF PROTO=TCP SPT=40862 DPT=12850 SEQ=3034203155 ACK=0 WINDOW=29200 RES=0x00 SY
...

2020-03-17 03:48:17

Comments on same subnet:

IP	Type	Details	Datetime
148.70.208.187	attackbots	2020-09-04T23:33:41.2685991495-001 sshd[23801]: Failed password for invalid user ajay from 148.70.208.187 port 41086 ssh2 2020-09-04T23:39:14.9644751495-001 sshd[23990]: Invalid user emily from 148.70.208.187 port 45134 2020-09-04T23:39:14.9686331495-001 sshd[23990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.208.187 2020-09-04T23:39:14.9644751495-001 sshd[23990]: Invalid user emily from 148.70.208.187 port 45134 2020-09-04T23:39:16.7934321495-001 sshd[23990]: Failed password for invalid user emily from 148.70.208.187 port 45134 ssh2 2020-09-04T23:50:33.8073391495-001 sshd[24416]: Invalid user vector from 148.70.208.187 port 53216 ...	2020-09-06 03:01:30
148.70.208.187	attackspam	2020-09-04T23:33:41.2685991495-001 sshd[23801]: Failed password for invalid user ajay from 148.70.208.187 port 41086 ssh2 2020-09-04T23:39:14.9644751495-001 sshd[23990]: Invalid user emily from 148.70.208.187 port 45134 2020-09-04T23:39:14.9686331495-001 sshd[23990]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.208.187 2020-09-04T23:39:14.9644751495-001 sshd[23990]: Invalid user emily from 148.70.208.187 port 45134 2020-09-04T23:39:16.7934321495-001 sshd[23990]: Failed password for invalid user emily from 148.70.208.187 port 45134 ssh2 2020-09-04T23:50:33.8073391495-001 sshd[24416]: Invalid user vector from 148.70.208.187 port 53216 ...	2020-09-05 18:38:09
148.70.208.187	attack	Invalid user tech from 148.70.208.187 port 48068	2020-08-28 16:09:10
148.70.208.187	attackspam	Aug 25 11:15:49 XXX sshd[54423]: Invalid user flf from 148.70.208.187 port 54336	2020-08-25 20:55:22
148.70.208.187	attack	Aug 23 23:27:13 fhem-rasp sshd[5602]: Invalid user t from 148.70.208.187 port 47346 ...	2020-08-24 05:29:06
148.70.208.187	attack	Invalid user kmj from 148.70.208.187 port 51632	2020-08-23 14:43:30
148.70.208.187	attackspam	2020-08-21T04:11:37.167510shield sshd\[8234\]: Invalid user user from 148.70.208.187 port 34268 2020-08-21T04:11:37.176177shield sshd\[8234\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.208.187 2020-08-21T04:11:38.848283shield sshd\[8234\]: Failed password for invalid user user from 148.70.208.187 port 34268 ssh2 2020-08-21T04:17:47.103271shield sshd\[9153\]: Invalid user ansibleuser from 148.70.208.187 port 42040 2020-08-21T04:17:47.112400shield sshd\[9153\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.208.187	2020-08-21 12:32:11
148.70.208.187	attack	Aug 17 00:31:18 online-web-1 sshd[1620017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.208.187 user=r.r Aug 17 00:31:21 online-web-1 sshd[1620017]: Failed password for r.r from 148.70.208.187 port 47186 ssh2 Aug 17 00:31:21 online-web-1 sshd[1620017]: Received disconnect from 148.70.208.187 port 47186:11: Bye Bye [preauth] Aug 17 00:31:21 online-web-1 sshd[1620017]: Disconnected from 148.70.208.187 port 47186 [preauth] Aug 17 00:37:20 online-web-1 sshd[1620390]: Invalid user yum from 148.70.208.187 port 57254 Aug 17 00:37:20 online-web-1 sshd[1620390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.208.187 Aug 17 00:37:22 online-web-1 sshd[1620390]: Failed password for invalid user yum from 148.70.208.187 port 57254 ssh2 Aug 17 00:37:22 online-web-1 sshd[1620390]: Received disconnect from 148.70.208.187 port 57254:11: Bye Bye [preauth] Aug 17 00:37:22 online-web-1 sshd[1........ -------------------------------	2020-08-18 00:20:34
148.70.208.187	attackbots	SSH Brute-Forcing (server2)	2020-08-13 19:28:42
148.70.208.187	attackspam	Failed password for root from 148.70.208.187 port 53830 ssh2	2020-08-09 06:51:15
148.70.208.187	attackspambots	Jul 30 06:51:52 server1 sshd\[30943\]: Invalid user jxw from 148.70.208.187 Jul 30 06:51:52 server1 sshd\[30943\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.208.187 Jul 30 06:51:53 server1 sshd\[30943\]: Failed password for invalid user jxw from 148.70.208.187 port 60446 ssh2 Jul 30 06:57:12 server1 sshd\[4659\]: Invalid user jonathan from 148.70.208.187 Jul 30 06:57:12 server1 sshd\[4659\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.208.187 ...	2020-07-30 21:12:24
148.70.208.187	attackbotsspam	Jul 24 06:33:47 rocket sshd[28745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.208.187 Jul 24 06:33:49 rocket sshd[28745]: Failed password for invalid user deploy from 148.70.208.187 port 54926 ssh2 ...	2020-07-24 13:46:35
148.70.208.187	attackbots	Jul 20 15:04:29 haigwepa sshd[4873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.208.187 Jul 20 15:04:31 haigwepa sshd[4873]: Failed password for invalid user catchall from 148.70.208.187 port 48342 ssh2 ...	2020-07-21 01:50:44
148.70.208.187	attackbotsspam	Unauthorized SSH login attempts	2020-07-17 20:28:56
148.70.208.187	attackspambots	Jul 10 05:49:47 rotator sshd\[11056\]: Invalid user griselda from 148.70.208.187Jul 10 05:49:49 rotator sshd\[11056\]: Failed password for invalid user griselda from 148.70.208.187 port 34382 ssh2Jul 10 05:52:19 rotator sshd\[11814\]: Invalid user kadie from 148.70.208.187Jul 10 05:52:21 rotator sshd\[11814\]: Failed password for invalid user kadie from 148.70.208.187 port 58790 ssh2Jul 10 05:54:30 rotator sshd\[11833\]: Invalid user catuser from 148.70.208.187Jul 10 05:54:32 rotator sshd\[11833\]: Failed password for invalid user catuser from 148.70.208.187 port 52740 ssh2 ...	2020-07-10 14:45:37

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 148.70.208.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11820
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;148.70.208.12.			IN	A

;; AUTHORITY SECTION:
.			564	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020031601 1800 900 604800 86400

;; Query time: 133 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Mar 17 03:48:13 CST 2020
;; MSG SIZE  rcvd: 117

Host info

Host 12.208.70.148.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 12.208.70.148.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
112.85.42.185	attackbotsspam	Jul 9 05:52:44 MK-Soft-VM6 sshd\[12208\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.185 user=root Jul 9 05:52:46 MK-Soft-VM6 sshd\[12208\]: Failed password for root from 112.85.42.185 port 15981 ssh2 Jul 9 05:52:49 MK-Soft-VM6 sshd\[12208\]: Failed password for root from 112.85.42.185 port 15981 ssh2 ...	2019-07-09 13:54:47
197.36.193.235	attackbotsspam	2019-07-09T03:31:06.434851abusebot-6.cloudsearch.cf sshd\[13784\]: Invalid user admin from 197.36.193.235 port 47682	2019-07-09 13:59:36
195.206.36.34	attackspam	Unauthorized connection attempt from IP address 195.206.36.34 on Port 445(SMB)	2019-07-09 14:26:18
142.93.39.29	attackspam	Jul 9 08:19:35 srv-4 sshd\[9247\]: Invalid user otis from 142.93.39.29 Jul 9 08:19:35 srv-4 sshd\[9247\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.39.29 Jul 9 08:19:36 srv-4 sshd\[9247\]: Failed password for invalid user otis from 142.93.39.29 port 41512 ssh2 ...	2019-07-09 13:21:35
54.37.95.249	attack	SIP Server BruteForce Attack	2019-07-09 14:22:35
36.85.57.38	attackspambots	Unauthorized connection attempt from IP address 36.85.57.38 on Port 445(SMB)	2019-07-09 13:42:21
181.65.155.73	attack	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-08 12:44:06,787 INFO [shellcode_manager] (181.65.155.73) no match, writing hexdump (578929c9beda78a059ca536083f1fa16 :1857510) - MS17010 (EternalBlue)	2019-07-09 13:54:16
203.162.134.6	attackspambots	Unauthorized connection attempt from IP address 203.162.134.6 on Port 445(SMB)	2019-07-09 14:16:37
58.187.202.204	attackspam	Unauthorized connection attempt from IP address 58.187.202.204 on Port 445(SMB)	2019-07-09 13:18:46
212.142.154.175	attack	Unauthorised access (Jul 9) SRC=212.142.154.175 LEN=40 PREC=0x20 TTL=51 ID=14853 TCP DPT=8080 WINDOW=5848 SYN	2019-07-09 13:28:14
200.127.33.2	attackspam	2019-07-09T06:12:07.9632171240 sshd\[26697\]: Invalid user anjor from 200.127.33.2 port 58534 2019-07-09T06:12:07.9703061240 sshd\[26697\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.127.33.2 2019-07-09T06:12:10.0789431240 sshd\[26697\]: Failed password for invalid user anjor from 200.127.33.2 port 58534 ssh2 ...	2019-07-09 14:18:09
83.239.29.234	attack	Unauthorized connection attempt from IP address 83.239.29.234 on Port 445(SMB)	2019-07-09 14:08:25
125.161.137.114	attackspam	Unauthorized connection attempt from IP address 125.161.137.114 on Port 445(SMB)	2019-07-09 14:05:11
91.149.142.139	attack	Unauthorized connection attempt from IP address 91.149.142.139 on Port 445(SMB)	2019-07-09 13:36:16
194.126.40.118	attackspambots	Unauthorized connection attempt from IP address 194.126.40.118 on Port 445(SMB)	2019-07-09 14:07:36

Recently Reported IPs

179.76.121.153	224.108.154.252	213.16.207.5	12.177.38.96
17.58.172.46	255.177.111.141	221.104.58.206	167.41.76.209
119.175.182.211	130.13.225.150	195.209.92.207	5.163.27.113
36.227.4.111	83.4.96.175	40.41.152.97	137.198.194.15
91.77.237.162	199.180.255.52	114.231.12.255	189.61.244.183