149.129.243.159

Basic Info

City: unknown

Region: unknown

Country: Singapore

Internet Service Provider: Alibaba.com Singapore E-Commerce Private Limited

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Unauthorized connection attempt detected from IP address 149.129.243.159 to port 80	2019-12-29 22:05:53
attackspam	fail2ban honeypot	2019-12-29 13:06:40
attack	149.129.243.159 - - - [03/Dec/2019:04:55:36 +0000] "GET / HTTP/1.0" 404 162 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" "-" "-"	2019-12-03 14:15:31

Type

Details

Datetime

attack

Unauthorized connection attempt detected from IP address 149.129.243.159 to port 80

2019-12-29 22:05:53

attackspam

fail2ban honeypot

2019-12-29 13:06:40

attack

149.129.243.159 - - - [03/Dec/2019:04:55:36 +0000] "GET / HTTP/1.0" 404 162 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" "-" "-"

2019-12-03 14:15:31

Comments on same subnet:

IP	Type	Details	Datetime
149.129.243.158	attackspam	Automatic report - XMLRPC Attack	2019-10-30 18:44:14
149.129.243.158	attackbotsspam	C1,WP GET /suche/wp-login.php	2019-10-29 17:36:08
149.129.243.158	attackbots	WordPress wp-login brute force :: 149.129.243.158 0.112 BYPASS [27/Oct/2019:08:22:40 1100] [censored_1] "POST /wp-login.php HTTP/1.1" 200 3770 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-10-27 06:35:24

Type

Details

Datetime

149.129.243.158

attackspam

Automatic report - XMLRPC Attack

2019-10-30 18:44:14

149.129.243.158

attackbotsspam

C1,WP GET /suche/wp-login.php

2019-10-29 17:36:08

149.129.243.158

attackbots

WordPress wp-login brute force :: 149.129.243.158 0.112 BYPASS [27/Oct/2019:08:22:40  1100] [censored_1] "POST /wp-login.php HTTP/1.1" 200 3770 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

2019-10-27 06:35:24

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 149.129.243.159
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45299
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;149.129.243.159.		IN	A

;; AUTHORITY SECTION:
.			211	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019120300 1800 900 604800 86400

;; Query time: 67 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Dec 03 14:15:27 CST 2019
;; MSG SIZE  rcvd: 119

Host info

Host 159.243.129.149.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 159.243.129.149.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
5.187.1.107	attackspambots	Automatic report generated by Wazuh	2020-08-07 18:43:00
111.252.81.228	attack	20/8/6@23:49:52: FAIL: Alarm-Network address from=111.252.81.228 20/8/6@23:49:52: FAIL: Alarm-Network address from=111.252.81.228 ...	2020-08-07 18:42:15
153.127.52.17	attackbots	Aug 7 11:47:11 kh-dev-server sshd[27789]: Failed password for root from 153.127.52.17 port 41748 ssh2 ...	2020-08-07 18:16:21
79.120.54.174	attackbots	Aug 7 06:33:12 ny01 sshd[1016]: Failed password for root from 79.120.54.174 port 57774 ssh2 Aug 7 06:35:35 ny01 sshd[1294]: Failed password for root from 79.120.54.174 port 37328 ssh2	2020-08-07 18:49:28
13.67.110.14	attack	Vulnerability scan - GET /.env	2020-08-07 18:56:22
182.100.60.31	attackspam	Port probing on unauthorized port 5555	2020-08-07 18:48:14
61.177.172.142	attack	Aug 7 12:38:24 minden010 sshd[523]: Failed password for root from 61.177.172.142 port 24144 ssh2 Aug 7 12:38:35 minden010 sshd[523]: Failed password for root from 61.177.172.142 port 24144 ssh2 Aug 7 12:38:38 minden010 sshd[523]: Failed password for root from 61.177.172.142 port 24144 ssh2 Aug 7 12:38:38 minden010 sshd[523]: error: maximum authentication attempts exceeded for root from 61.177.172.142 port 24144 ssh2 [preauth] ...	2020-08-07 18:39:02
14.248.67.61	attackbotsspam	Automatic report - Port Scan Attack	2020-08-07 18:50:35
177.22.126.34	attack	Aug 7 12:26:51 cosmoit sshd[25528]: Failed password for root from 177.22.126.34 port 55664 ssh2	2020-08-07 18:30:35
129.28.157.199	attackspam	Aug 7 09:36:40 gw1 sshd[16111]: Failed password for root from 129.28.157.199 port 58996 ssh2 ...	2020-08-07 18:48:27
213.32.67.160	attackspambots	Fail2Ban	2020-08-07 18:39:30
58.210.64.98	attackbotsspam	firewall-block, port(s): 1433/tcp	2020-08-07 18:31:38
93.174.93.195	attackbotsspam	UDP ports : 61137 / 61404 / 61422 / 61440 / 62348 / 62633 / 63000 / 63211 / 63333 / 63488 / 63559 / 64000 / 64255 / 64422	2020-08-07 18:29:17
117.67.225.29	attack	Telnet/23 MH Probe, Scan, BF, Hack -	2020-08-07 18:28:26
193.27.228.221	attackbots	Aug 7 12:15:46 debian-2gb-nbg1-2 kernel: \[19053798.534144\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=193.27.228.221 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=36282 PROTO=TCP SPT=46892 DPT=2019 WINDOW=1024 RES=0x00 SYN URGP=0	2020-08-07 18:37:17

Recently Reported IPs

32.251.35.199	123.152.193.244	190.245.99.185	208.117.113.175
35.77.219.224	83.136.143.110	67.131.26.69	247.81.229.120
80.188.83.224	227.232.114.251	146.170.143.90	155.31.249.131
17.191.200.117	93.17.99.206	233.43.144.128	213.50.205.168
109.140.50.74	136.29.52.181	193.98.32.55	113.180.67.170