149.129.218.166

Basic Info

City: unknown

Region: unknown

Country: Singapore

Internet Service Provider: Alibaba.com Singapore E-Commerce Private Limited

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Dec 7 22:07:09 v22018076590370373 sshd[26626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.129.218.166 ...	2020-02-01 22:33:43
attackbots	2019-12-08T20:20:56.146074homeassistant sshd[16378]: Invalid user cssserver from 149.129.218.166 port 60654 2019-12-08T20:20:56.152832homeassistant sshd[16378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.129.218.166 ...	2019-12-09 06:09:47

Type

Details

Datetime

attackbotsspam

Dec  7 22:07:09 v22018076590370373 sshd[26626]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.129.218.166 
...

2020-02-01 22:33:43

attackbots

2019-12-08T20:20:56.146074homeassistant sshd[16378]: Invalid user cssserver from 149.129.218.166 port 60654
2019-12-08T20:20:56.152832homeassistant sshd[16378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.129.218.166
...

2019-12-09 06:09:47

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 149.129.218.166
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51055
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;149.129.218.166.		IN	A

;; AUTHORITY SECTION:
.			283	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019120801 1800 900 604800 86400

;; Query time: 132 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Dec 09 06:09:44 CST 2019
;; MSG SIZE  rcvd: 119

Host info

Host 166.218.129.149.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 166.218.129.149.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
210.206.92.137	attack	$f2bV_matches	2020-06-04 20:55:11
138.197.5.191	attack	Jun 4 14:05:34 buvik sshd[32416]: Failed password for root from 138.197.5.191 port 55522 ssh2 Jun 4 14:08:59 buvik sshd[32753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.5.191 user=root Jun 4 14:09:00 buvik sshd[32753]: Failed password for root from 138.197.5.191 port 58434 ssh2 ...	2020-06-04 21:12:50
46.38.145.253	attack	Jun 4 15:11:05 relay postfix/smtpd\[3525\]: warning: unknown\[46.38.145.253\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jun 4 15:12:21 relay postfix/smtpd\[30333\]: warning: unknown\[46.38.145.253\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jun 4 15:12:39 relay postfix/smtpd\[3525\]: warning: unknown\[46.38.145.253\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jun 4 15:13:55 relay postfix/smtpd\[17281\]: warning: unknown\[46.38.145.253\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jun 4 15:14:13 relay postfix/smtpd\[3525\]: warning: unknown\[46.38.145.253\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-06-04 21:14:17
122.51.82.22	attackspam	SSH bruteforce	2020-06-04 21:17:05
46.38.145.252	attackspambots	Jun 4 15:16:49 srv01 postfix/smtpd\[10064\]: warning: unknown\[46.38.145.252\]: SASL LOGIN authentication failed: VXNlcm5hbWU6 Jun 4 15:17:25 srv01 postfix/smtpd\[10064\]: warning: unknown\[46.38.145.252\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jun 4 15:18:05 srv01 postfix/smtpd\[10064\]: warning: unknown\[46.38.145.252\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jun 4 15:18:21 srv01 postfix/smtpd\[11215\]: warning: unknown\[46.38.145.252\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jun 4 15:18:25 srv01 postfix/smtpd\[10064\]: warning: unknown\[46.38.145.252\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-06-04 21:22:16
59.125.179.218	attackbotsspam	Jun 2 04:16:50 vayu sshd[567818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59-125-179-218.hinet-ip.hinet.net user=r.r Jun 2 04:16:53 vayu sshd[567818]: Failed password for r.r from 59.125.179.218 port 37226 ssh2 Jun 2 04:16:53 vayu sshd[567818]: Received disconnect from 59.125.179.218: 11: Bye Bye [preauth] Jun 2 04:30:41 vayu sshd[581868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59-125-179-218.hinet-ip.hinet.net user=r.r Jun 2 04:30:43 vayu sshd[581868]: Failed password for r.r from 59.125.179.218 port 34516 ssh2 Jun 2 04:30:43 vayu sshd[581868]: Received disconnect from 59.125.179.218: 11: Bye Bye [preauth] Jun 2 04:34:11 vayu sshd[583616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59-125-179-218.hinet-ip.hinet.net user=r.r Jun 2 04:34:14 vayu sshd[583616]: Failed password for r.r from 59.125.179.218 port 34594 ssh2 Ju........ -------------------------------	2020-06-04 21:24:16
165.84.180.36	attack	Jun 4 09:03:19 NPSTNNYC01T sshd[23916]: Failed password for root from 165.84.180.36 port 40750 ssh2 Jun 4 09:06:58 NPSTNNYC01T sshd[24251]: Failed password for root from 165.84.180.36 port 42990 ssh2 ...	2020-06-04 21:12:08
79.112.155.11	attackbots	xmlrpc.php, wp-login.php	2020-06-04 21:16:20
182.43.134.224	attack	Jun 4 14:32:00 eventyay sshd[26195]: Failed password for root from 182.43.134.224 port 39540 ssh2 Jun 4 14:33:42 eventyay sshd[26328]: Failed password for root from 182.43.134.224 port 60746 ssh2 ...	2020-06-04 20:50:23
116.247.81.99	attack	Jun 4 19:03:14 itv-usvr-01 sshd[473]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.247.81.99 user=root Jun 4 19:03:16 itv-usvr-01 sshd[473]: Failed password for root from 116.247.81.99 port 40754 ssh2 Jun 4 19:08:56 itv-usvr-01 sshd[685]: Invalid user 1\r from 116.247.81.99 Jun 4 19:08:56 itv-usvr-01 sshd[685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.247.81.99 Jun 4 19:08:56 itv-usvr-01 sshd[685]: Invalid user 1\r from 116.247.81.99 Jun 4 19:08:59 itv-usvr-01 sshd[685]: Failed password for invalid user 1\r from 116.247.81.99 port 45812 ssh2	2020-06-04 21:15:20
196.1.203.158	attackspambots	20/6/4@08:29:04: FAIL: Alarm-Network address from=196.1.203.158 ...	2020-06-04 21:10:56
137.74.100.41	attackspambots	Jun 1 23:32:56 lamijardin sshd[29330]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.74.100.41 user=r.r Jun 1 23:32:59 lamijardin sshd[29330]: Failed password for r.r from 137.74.100.41 port 50734 ssh2 Jun 1 23:32:59 lamijardin sshd[29330]: Received disconnect from 137.74.100.41 port 50734:11: Bye Bye [preauth] Jun 1 23:32:59 lamijardin sshd[29330]: Disconnected from 137.74.100.41 port 50734 [preauth] Jun 1 23:42:00 lamijardin sshd[29417]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.74.100.41 user=r.r Jun 1 23:42:02 lamijardin sshd[29417]: Failed password for r.r from 137.74.100.41 port 38800 ssh2 Jun 1 23:42:02 lamijardin sshd[29417]: Received disconnect from 137.74.100.41 port 38800:11: Bye Bye [preauth] Jun 1 23:42:02 lamijardin sshd[29417]: Disconnected from 137.74.100.41 port 38800 [preauth] Jun 1 23:45:23 lamijardin sshd[29463]: pam_unix(sshd:auth): authenticat........ -------------------------------	2020-06-04 21:06:39
104.236.51.102	attackbots	104.236.51.102 - - [04/Jun/2020:14:09:33 +0200] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.236.51.102 - - [04/Jun/2020:14:09:34 +0200] "POST /wp-login.php HTTP/1.1" 200 1704 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.236.51.102 - - [04/Jun/2020:14:09:34 +0200] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.236.51.102 - - [04/Jun/2020:14:09:35 +0200] "POST /wp-login.php HTTP/1.1" 200 1684 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.236.51.102 - - [04/Jun/2020:14:09:35 +0200] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.236.51.102 - - [04/Jun/2020:14:09:36 +0200] "POST /wp-login.php HTTP/1.1" 200 1688 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/201001 ...	2020-06-04 20:42:48
185.34.193.208	attack	Malware attachment	2020-06-04 20:43:41
222.186.30.57	attack	Unauthorized connection attempt detected from IP address 222.186.30.57 to port 22	2020-06-04 20:49:54

Recently Reported IPs

192.3.85.97	187.214.221.179	69.12.81.60	162.104.123.103
173.244.36.38	171.103.35.98	80.211.75.61	118.98.27.222
115.221.66.144	1.174.13.2	77.42.90.109	35.161.163.56
189.254.230.170	176.109.174.102	50.37.85.213	172.103.246.116
52.200.193.56	206.161.217.223	223.17.240.180	221.152.64.178