159.192.102.4 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Thailand

Internet Service Provider: CAT Telecom Public Company Ltd

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Unauthorised access (Sep 28) SRC=159.192.102.4 LEN=40 TTL=241 ID=61680 TCP DPT=445 WINDOW=1024 SYN Unauthorised access (Sep 27) SRC=159.192.102.4 LEN=40 TTL=241 ID=4897 TCP DPT=445 WINDOW=1024 SYN	2019-09-29 06:23:47
attackbots	445/tcp 445/tcp 445/tcp... [2019-05-01/06-26]9pkt,1pt.(tcp)	2019-06-26 16:57:21

Type

Details

Datetime

attack

Unauthorised access (Sep 28) SRC=159.192.102.4 LEN=40 TTL=241 ID=61680 TCP DPT=445 WINDOW=1024 SYN 
Unauthorised access (Sep 27) SRC=159.192.102.4 LEN=40 TTL=241 ID=4897 TCP DPT=445 WINDOW=1024 SYN

2019-09-29 06:23:47

attackbots

445/tcp 445/tcp 445/tcp...
[2019-05-01/06-26]9pkt,1pt.(tcp)

2019-06-26 16:57:21

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 159.192.102.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43894
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;159.192.102.4.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019052202 1800 900 604800 86400

;; Query time: 10 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu May 23 19:48:42 CST 2019
;; MSG SIZE  rcvd: 117

Host info

Host 4.102.192.159.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 4.102.192.159.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
122.155.223.125	attackbotsspam	2019-09-28T17:49:58.6837751495-001 sshd\[8026\]: Invalid user ozzy from 122.155.223.125 port 60980 2019-09-28T17:49:58.6873201495-001 sshd\[8026\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.155.223.125 2019-09-28T17:50:01.0242621495-001 sshd\[8026\]: Failed password for invalid user ozzy from 122.155.223.125 port 60980 ssh2 2019-09-28T17:51:09.7877021495-001 sshd\[8132\]: Invalid user rasello from 122.155.223.125 port 39296 2019-09-28T17:51:09.7908941495-001 sshd\[8132\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.155.223.125 2019-09-28T17:51:11.8723261495-001 sshd\[8132\]: Failed password for invalid user rasello from 122.155.223.125 port 39296 ssh2 ...	2019-09-29 08:20:16
192.81.215.176	attack	Sep 28 13:39:00 php1 sshd\[14677\]: Invalid user wilhelm from 192.81.215.176 Sep 28 13:39:00 php1 sshd\[14677\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.81.215.176 Sep 28 13:39:03 php1 sshd\[14677\]: Failed password for invalid user wilhelm from 192.81.215.176 port 40800 ssh2 Sep 28 13:43:11 php1 sshd\[15693\]: Invalid user justine from 192.81.215.176 Sep 28 13:43:11 php1 sshd\[15693\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.81.215.176	2019-09-29 07:49:26
187.173.142.72	attackspam	Sep 29 00:01:58 saschabauer sshd[19667]: Failed password for root from 187.173.142.72 port 46366 ssh2 Sep 29 00:02:11 saschabauer sshd[19667]: error: maximum authentication attempts exceeded for root from 187.173.142.72 port 46366 ssh2 [preauth]	2019-09-29 08:20:43
3.24.104.245	attackbots	Message ID Created at: Sat, Sep 28, 2019 at 12:27 PM (Delivered after 4578 seconds) From: Shark Tank Health To: Subject: Barbara Corcoran wants you to lose weight! SPF: PASS with IP 3.24.104.245	2019-09-29 08:10:48
23.129.64.184	attackbotsspam	Sep 28 22:49:14 rotator sshd\[20927\]: Invalid user aaron from 23.129.64.184Sep 28 22:49:15 rotator sshd\[20927\]: Failed password for invalid user aaron from 23.129.64.184 port 60888 ssh2Sep 28 22:49:18 rotator sshd\[20927\]: Failed password for invalid user aaron from 23.129.64.184 port 60888 ssh2Sep 28 22:49:20 rotator sshd\[20927\]: Failed password for invalid user aaron from 23.129.64.184 port 60888 ssh2Sep 28 22:49:23 rotator sshd\[20927\]: Failed password for invalid user aaron from 23.129.64.184 port 60888 ssh2Sep 28 22:49:26 rotator sshd\[20927\]: Failed password for invalid user aaron from 23.129.64.184 port 60888 ssh2 ...	2019-09-29 08:01:39
51.77.109.98	attackspambots	Sep 29 00:58:53 tux-35-217 sshd\[11261\]: Invalid user sysadmin from 51.77.109.98 port 52778 Sep 29 00:58:53 tux-35-217 sshd\[11261\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.109.98 Sep 29 00:58:55 tux-35-217 sshd\[11261\]: Failed password for invalid user sysadmin from 51.77.109.98 port 52778 ssh2 Sep 29 01:03:02 tux-35-217 sshd\[11289\]: Invalid user wescott from 51.77.109.98 port 37638 Sep 29 01:03:02 tux-35-217 sshd\[11289\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.109.98 ...	2019-09-29 07:51:06
222.186.175.217	attackspambots	Sep 29 03:03:12 taivassalofi sshd[1918]: Failed password for root from 222.186.175.217 port 46990 ssh2 Sep 29 03:03:28 taivassalofi sshd[1918]: error: maximum authentication attempts exceeded for root from 222.186.175.217 port 46990 ssh2 [preauth] ...	2019-09-29 08:15:27
197.159.3.45	attack	(sshd) Failed SSH login from 197.159.3.45 (-): 5 in the last 3600 secs	2019-09-29 08:06:53
155.4.71.18	attackspam	SSH Brute-Force reported by Fail2Ban	2019-09-29 07:44:16
79.169.73.15	attack	Sep 29 01:31:48 ArkNodeAT sshd\[21867\]: Invalid user zr from 79.169.73.15 Sep 29 01:31:48 ArkNodeAT sshd\[21867\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.169.73.15 Sep 29 01:31:50 ArkNodeAT sshd\[21867\]: Failed password for invalid user zr from 79.169.73.15 port 35472 ssh2	2019-09-29 08:08:09
117.119.86.144	attack	Sep 28 23:52:21 nextcloud sshd\[20628\]: Invalid user jq from 117.119.86.144 Sep 28 23:52:21 nextcloud sshd\[20628\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.119.86.144 Sep 28 23:52:23 nextcloud sshd\[20628\]: Failed password for invalid user jq from 117.119.86.144 port 53460 ssh2 ...	2019-09-29 07:52:11
222.186.15.246	attack	Sep 29 00:04:39 ip-172-31-1-72 sshd\[11012\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.246 user=root Sep 29 00:04:40 ip-172-31-1-72 sshd\[11012\]: Failed password for root from 222.186.15.246 port 40592 ssh2 Sep 29 00:05:09 ip-172-31-1-72 sshd\[11055\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.246 user=root Sep 29 00:05:11 ip-172-31-1-72 sshd\[11055\]: Failed password for root from 222.186.15.246 port 14749 ssh2 Sep 29 00:06:37 ip-172-31-1-72 sshd\[11064\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.246 user=root	2019-09-29 08:15:39
222.186.175.202	attackbots	Sep 29 02:01:41 legacy sshd[12281]: Failed password for root from 222.186.175.202 port 23808 ssh2 Sep 29 02:01:59 legacy sshd[12281]: error: maximum authentication attempts exceeded for root from 222.186.175.202 port 23808 ssh2 [preauth] Sep 29 02:02:09 legacy sshd[12287]: Failed password for root from 222.186.175.202 port 20888 ssh2 ...	2019-09-29 08:04:59
103.56.113.201	attackspam	Invalid user dnsadrc from 103.56.113.201 port 38957	2019-09-29 07:44:03
222.186.175.140	attackbotsspam	Sep 28 23:28:28 *** sshd[14329]: User root from 222.186.175.140 not allowed because not listed in AllowUsers	2019-09-29 07:43:46

Recently Reported IPs

117.244.96.180	169.228.186.79	44.106.189.245	2.221.41.34
130.66.1.60	104.140.100.160	101.20.53.86	52.65.139.197
149.3.113.31	24.29.66.152	195.196.70.132	128.246.50.98
206.147.214.171	100.174.79.96	115.92.247.16	62.94.208.113
97.6.187.151	66.70.190.18	165.224.221.107	42.199.197.211