149.129.243.158

Basic Info

City: unknown

Region: unknown

Country: Indonesia

Internet Service Provider: Alibaba.com Singapore E-Commerce Private Limited

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Automatic report - XMLRPC Attack	2019-10-30 18:44:14
attackbotsspam	C1,WP GET /suche/wp-login.php	2019-10-29 17:36:08
attackbots	WordPress wp-login brute force :: 149.129.243.158 0.112 BYPASS [27/Oct/2019:08:22:40 1100] [censored_1] "POST /wp-login.php HTTP/1.1" 200 3770 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-10-27 06:35:24

Type

Details

Datetime

attackspam

Automatic report - XMLRPC Attack

2019-10-30 18:44:14

attackbotsspam

C1,WP GET /suche/wp-login.php

2019-10-29 17:36:08

attackbots

WordPress wp-login brute force :: 149.129.243.158 0.112 BYPASS [27/Oct/2019:08:22:40  1100] [censored_1] "POST /wp-login.php HTTP/1.1" 200 3770 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

2019-10-27 06:35:24

Comments on same subnet:

IP	Type	Details	Datetime
149.129.243.159	attack	Unauthorized connection attempt detected from IP address 149.129.243.159 to port 80	2019-12-29 22:05:53
149.129.243.159	attackspam	fail2ban honeypot	2019-12-29 13:06:40
149.129.243.159	attack	149.129.243.159 - - - [03/Dec/2019:04:55:36 +0000] "GET / HTTP/1.0" 404 162 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" "-" "-"	2019-12-03 14:15:31

Type

Details

Datetime

149.129.243.159

attack

Unauthorized connection attempt detected from IP address 149.129.243.159 to port 80

2019-12-29 22:05:53

149.129.243.159

attackspam

fail2ban honeypot

2019-12-29 13:06:40

149.129.243.159

attack

149.129.243.159 - - - [03/Dec/2019:04:55:36 +0000] "GET / HTTP/1.0" 404 162 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" "-" "-"

2019-12-03 14:15:31

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 149.129.243.158
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48780
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;149.129.243.158.		IN	A

;; AUTHORITY SECTION:
.			331	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019102601 1800 900 604800 86400

;; Query time: 64 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Oct 27 06:35:21 CST 2019
;; MSG SIZE  rcvd: 119

Host info

Host 158.243.129.149.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 158.243.129.149.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
2.235.187.66	attackbotsspam	xmlrpc attack	2020-08-04 05:52:06
211.43.13.243	attackbotsspam	web-1 [ssh] SSH Attack	2020-08-04 06:23:42
151.26.109.59	attackspambots	Automatic report - Port Scan Attack	2020-08-04 05:58:17
118.96.22.41	attackbots	Lines containing failures of 118.96.22.41 Aug 3 07:18:14 mailserver sshd[24524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.96.22.41 user=r.r Aug 3 07:18:16 mailserver sshd[24524]: Failed password for r.r from 118.96.22.41 port 39812 ssh2 Aug 3 07:18:16 mailserver sshd[24524]: Received disconnect from 118.96.22.41 port 39812:11: Bye Bye [preauth] Aug 3 07:18:16 mailserver sshd[24524]: Disconnected from authenticating user r.r 118.96.22.41 port 39812 [preauth] Aug 3 07:38:09 mailserver sshd[26840]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.96.22.41 user=r.r Aug 3 07:38:11 mailserver sshd[26840]: Failed password for r.r from 118.96.22.41 port 54096 ssh2 Aug 3 07:38:11 mailserver sshd[26840]: Received disconnect from 118.96.22.41 port 54096:11: Bye Bye [preauth] Aug 3 07:38:11 mailserver sshd[26840]: Disconnected from authenticating user r.r 118.96.22.41 port 54096 [........ ------------------------------	2020-08-04 06:02:04
117.89.172.66	attackbots	SSH brute-force attempt	2020-08-04 06:13:44
27.155.83.174	attackbots	Aug 3 20:35:36 *** sshd[9910]: User root from 27.155.83.174 not allowed because not listed in AllowUsers	2020-08-04 06:19:39
223.31.196.3	attackbots	Aug 3 23:40:23 piServer sshd[12190]: Failed password for root from 223.31.196.3 port 58170 ssh2 Aug 3 23:43:14 piServer sshd[12503]: Failed password for root from 223.31.196.3 port 38072 ssh2 ...	2020-08-04 05:52:34
113.170.150.119	attackspambots	Automatic report - Port Scan Attack	2020-08-04 06:05:30
165.227.25.239	attackbots	SSH brute force attempt	2020-08-04 06:16:18
128.199.112.240	attackspambots	Aug 4 00:00:28 buvik sshd[13257]: Failed password for root from 128.199.112.240 port 35678 ssh2 Aug 4 00:04:06 buvik sshd[32732]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.112.240 user=root Aug 4 00:04:07 buvik sshd[32732]: Failed password for root from 128.199.112.240 port 36332 ssh2 ...	2020-08-04 06:20:20
5.188.206.197	attack	2020-08-04 00:02:16 dovecot_login authenticator failed for \(\[5.188.206.197\]\) \[5.188.206.197\]: 535 Incorrect authentication data \(set_id=support@nopcommerce.it\) 2020-08-04 00:02:26 dovecot_login authenticator failed for \(\[5.188.206.197\]\) \[5.188.206.197\]: 535 Incorrect authentication data 2020-08-04 00:02:37 dovecot_login authenticator failed for \(\[5.188.206.197\]\) \[5.188.206.197\]: 535 Incorrect authentication data 2020-08-04 00:02:43 dovecot_login authenticator failed for \(\[5.188.206.197\]\) \[5.188.206.197\]: 535 Incorrect authentication data 2020-08-04 00:02:57 dovecot_login authenticator failed for \(\[5.188.206.197\]\) \[5.188.206.197\]: 535 Incorrect authentication data	2020-08-04 06:03:10
211.193.58.225	attackbots	Aug 3 22:09:56 game-panel sshd[23086]: Failed password for root from 211.193.58.225 port 9442 ssh2 Aug 3 22:12:38 game-panel sshd[23204]: Failed password for root from 211.193.58.225 port 47193 ssh2	2020-08-04 06:18:47
117.33.128.218	attackspam	Aug 3 17:45:59 host sshd\[2529\]: Failed password for root from 117.33.128.218 port 57558 ssh2 Aug 3 17:50:30 host sshd\[3594\]: Failed password for root from 117.33.128.218 port 58612 ssh2 Aug 3 17:54:46 host sshd\[3776\]: Failed password for root from 117.33.128.218 port 59672 ssh2 ...	2020-08-04 06:08:53
122.51.163.237	attack	Aug 3 23:56:38 home sshd[2194945]: Failed password for root from 122.51.163.237 port 45162 ssh2 Aug 3 23:58:56 home sshd[2196373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.163.237 user=root Aug 3 23:58:58 home sshd[2196373]: Failed password for root from 122.51.163.237 port 52600 ssh2 Aug 4 00:01:13 home sshd[2197921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.163.237 user=root Aug 4 00:01:15 home sshd[2197921]: Failed password for root from 122.51.163.237 port 60032 ssh2 ...	2020-08-04 06:08:05
152.32.229.63	attackbotsspam	2020-08-03T22:35:54.679035+02:00 sshd[17481]: Failed password for root from 152.32.229.63 port 38072 ssh2	2020-08-04 06:01:41

Recently Reported IPs

101.97.48.235	134.53.203.232	38.238.235.226	97.130.56.212
187.131.211.5	108.61.90.124	195.54.14.116	171.241.160.92
156.96.155.230	123.7.118.22	121.32.133.178	113.110.225.74
103.75.181.16	95.86.239.210	62.173.149.54	45.79.162.220
45.67.15.137	36.92.118.95	222.180.45.88	194.29.215.20