159.138.2.164 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Singapore

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
159.138.201.61	attack	May 7 17:17:03 vserver sshd\[10164\]: Invalid user cynthia from 159.138.201.61May 7 17:17:05 vserver sshd\[10164\]: Failed password for invalid user cynthia from 159.138.201.61 port 51946 ssh2May 7 17:20:43 vserver sshd\[10199\]: Invalid user connor from 159.138.201.61May 7 17:20:46 vserver sshd\[10199\]: Failed password for invalid user connor from 159.138.201.61 port 60620 ssh2 ...	2020-05-08 00:38:53
159.138.201.61	attack	May 4 00:14:33 zn008 sshd[12682]: Address 159.138.201.61 maps to ecs-159-138-201-61.compute.hwclouds-dns.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! May 4 00:14:33 zn008 sshd[12682]: Invalid user zhangyong from 159.138.201.61 May 4 00:14:33 zn008 sshd[12682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.138.201.61 May 4 00:14:34 zn008 sshd[12682]: Failed password for invalid user zhangyong from 159.138.201.61 port 49662 ssh2 May 4 00:14:34 zn008 sshd[12682]: Received disconnect from 159.138.201.61: 11: Bye Bye [preauth] May 4 00:21:08 zn008 sshd[13521]: Address 159.138.201.61 maps to ecs-159-138-201-61.compute.hwclouds-dns.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! May 4 00:21:08 zn008 sshd[13521]: Invalid user thomas from 159.138.201.61 May 4 00:21:08 zn008 sshd[13521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser=........ -------------------------------	2020-05-04 08:49:58
159.138.230.22	attack	trying to access non-authorized port	2020-04-02 20:10:35
159.138.22.170	attackbots	(From salvatore.earp@gmail.com) Beloved, This specific will be Plants by Particular Care Advertisings. Face masks around top quality which will certificated by FDA may keep anyone and also the household security. Here many of us wish to tell an individual that we have a new lot associated with KN95 experience cover up and also clinical several layers ply count mask having wonderful cost. If a person own any kind of interest, please do not hesitate to let us all recognize, we will send typically the rate for your kind referral. Intended for details, remember to visit the main internet site: www.face-mask.ltd and www.n95us.com For wholesale speak to: candace@face-mask.ltd Thanks plus Ideal concerns, Flora	2020-03-14 01:57:52
159.138.233.54	attack	Host Scan	2019-12-18 18:28:39
159.138.21.170	attackspambots	Automatic report - XMLRPC Attack	2019-10-29 20:03:37
159.138.26.228	attack	Oct 20 05:52:07 MK-Soft-Root2 sshd[7613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.138.26.228 Oct 20 05:52:10 MK-Soft-Root2 sshd[7613]: Failed password for invalid user ubnt from 159.138.26.228 port 55750 ssh2 ...	2019-10-20 15:58:18
159.138.20.247	attackbotsspam	Automatic report - Banned IP Access	2019-10-11 01:30:07
159.138.26.228	attackbotsspam	Aug 17 19:45:18 nextcloud sshd\[14065\]: Invalid user P@ssw0rd! from 159.138.26.228 Aug 17 19:45:18 nextcloud sshd\[14065\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.138.26.228 Aug 17 19:45:20 nextcloud sshd\[14065\]: Failed password for invalid user P@ssw0rd! from 159.138.26.228 port 36600 ssh2 ...	2019-08-18 02:35:49
159.138.26.228	attackbotsspam	2019-08-16T16:17:42.933111abusebot-8.cloudsearch.cf sshd\[22522\]: Invalid user named from 159.138.26.228 port 42912	2019-08-17 00:38:27
159.138.27.133	attack	xmlrpc attack	2019-06-24 17:34:14

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 159.138.2.164
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24837
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;159.138.2.164.			IN	A

;; AUTHORITY SECTION:
.			383	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022022701 1800 900 604800 86400

;; Query time: 58 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Feb 28 05:09:04 CST 2022
;; MSG SIZE  rcvd: 106

Host info

164.2.138.159.in-addr.arpa domain name pointer ecs-159-138-2-164.compute.hwclouds-dns.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
164.2.138.159.in-addr.arpa	name = ecs-159-138-2-164.compute.hwclouds-dns.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
185.156.173.251	attack	GET /magento_version	2019-07-07 23:56:46
132.232.116.82	attackbotsspam	Jul 7 09:05:50 aat-srv002 sshd[8963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.116.82 Jul 7 09:05:52 aat-srv002 sshd[8963]: Failed password for invalid user hang from 132.232.116.82 port 52372 ssh2 Jul 7 09:08:58 aat-srv002 sshd[9000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.116.82 Jul 7 09:09:00 aat-srv002 sshd[9000]: Failed password for invalid user waldemar from 132.232.116.82 port 48756 ssh2 ...	2019-07-07 23:42:01
198.211.122.197	attackspam	Jul 7 16:03:22 host sshd\[60759\]: Invalid user ubuntu from 198.211.122.197 port 59648 Jul 7 16:03:22 host sshd\[60759\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.211.122.197 ...	2019-07-08 00:17:00
59.41.8.249	attackbots	Port 1433 Scan	2019-07-08 00:33:16
179.199.204.79	attackspambots	Jul 7 15:42:41 [host] sshd[6105]: Invalid user jdavila from 179.199.204.79 Jul 7 15:42:41 [host] sshd[6105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.199.204.79 Jul 7 15:42:44 [host] sshd[6105]: Failed password for invalid user jdavila from 179.199.204.79 port 27649 ssh2	2019-07-08 00:03:53
219.145.144.65	attackspam	Automatic report - Web App Attack	2019-07-08 00:38:02
107.185.176.147	attack	DATE:2019-07-07_15:42:45, IP:107.185.176.147, PORT:telnet Telnet brute force auth on honeypot server (honey-neo-dc)	2019-07-08 00:04:54
81.30.208.114	attackspam	Jul 7 17:15:38 localhost sshd\[20105\]: Invalid user admin from 81.30.208.114 port 34330 Jul 7 17:15:38 localhost sshd\[20105\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.30.208.114 Jul 7 17:15:40 localhost sshd\[20105\]: Failed password for invalid user admin from 81.30.208.114 port 34330 ssh2	2019-07-07 23:47:50
45.122.222.253	attack	Jul 7 17:43:18 server sshd[17875]: Failed password for root from 45.122.222.253 port 52308 ssh2 ...	2019-07-08 00:08:40
206.189.88.135	attackspambots	Your website, ***********, is undergoing a brute force attack. There have been at least 50 failed attempts to log in during the past 120 minutes that used one or more of the following components: Component Count Value from Current Attempt ------------------------ ----- -------------------------------- Network IP 4 206.189.88. Username 47 ****** Password MD5 1 6e09e3b1567c1a************* The most recent attempt came from the following IP address: 206.189.88.135 The Login Security Solution plugin (0.56.0) for WordPress is repelling the attack by making their login failures take a very long time. This attacker will also be denied access in the event they stumble upon valid credentials. Further notifications about this attacker will only be sent if the attack stops for at least 120 minutes and then resumes.	2019-07-08 00:30:14
3.87.179.109	attack	Jul 7 13:43:16 TCP Attack: SRC=3.87.179.109 DST=[Masked] LEN=250 TOS=0x00 PREC=0x00 TTL=234 DF PROTO=TCP SPT=60916 DPT=80 WINDOW=913 RES=0x00 ACK PSH URGP=0	2019-07-07 23:50:55
71.6.146.130	attackspam	Automatic report - Web App Attack	2019-07-08 00:07:25
81.136.163.212	attackbots	TCP port 445 (SMB) attempt blocked by firewall. [2019-07-07 15:42:03]	2019-07-07 23:57:48
185.36.102.203	attackbots	185.36.102.203 - - [07/Jul/2019:17:47:14 +0200] "POST [munged]wp-login.php HTTP/1.1" 444 0 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 0.000	2019-07-08 00:17:46
102.165.51.76	attack	\[2019-07-07 12:06:10\] SECURITY\[13451\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-07-07T12:06:10.946-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="0261048566101006",SessionID="0x7f02f876b078",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/102.165.51.76/55026",ACLName="no_extension_match" \[2019-07-07 12:06:13\] SECURITY\[13451\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-07-07T12:06:13.108-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="0104448585359013",SessionID="0x7f02f88cef08",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/102.165.51.76/60274",ACLName="no_extension_match" \[2019-07-07 12:07:30\] SECURITY\[13451\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-07-07T12:07:30.389-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="0422148914258007",SessionID="0x7f02f81c5a28",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/102.165.51.76/49387",ACLName="	2019-07-08 00:29:36

Recently Reported IPs

159.138.230.143	159.138.24.250	159.138.241.205	159.138.247.248
159.138.40.205	159.138.25.220	159.138.87.188	159.140.207.107
159.138.59.197	159.138.92.248	159.142.4.86	159.149.119.6
159.18.103.145	159.182.111.100	159.18.129.37	159.192.132.162
159.18.145.27	159.192.220.245	159.192.226.185	159.192.226.190