165.255.66.27 - IPInfo

Basic Info

City: Cape Town

Region: Western Cape

Country: South Africa

Internet Service Provider: Afrihost (Pty) Ltd

Hostname: unknown

Organization: Afrihost

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	Jul 2 13:33:22 garuda sshd[991573]: reveeclipse mapping checking getaddrinfo for 165-255-66-27.ip.adsl.co.za [165.255.66.27] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 13:33:22 garuda sshd[991573]: Invalid user fk from 165.255.66.27 Jul 2 13:33:22 garuda sshd[991573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.255.66.27 Jul 2 13:33:25 garuda sshd[991573]: Failed password for invalid user fk from 165.255.66.27 port 41828 ssh2 Jul 2 13:33:25 garuda sshd[991573]: Received disconnect from 165.255.66.27: 11: Bye Bye [preauth] Jul 2 13:37:50 garuda sshd[992901]: reveeclipse mapping checking getaddrinfo for 165-255-66-27.ip.adsl.co.za [165.255.66.27] failed - POSSIBLE BREAK-IN ATTEMPT! Jul 2 13:37:50 garuda sshd[992901]: Invalid user hadoop from 165.255.66.27 Jul 2 13:37:50 garuda sshd[992901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.255.66.27 Jul 2 13:37:53 garuda ss........ -------------------------------	2019-07-03 09:18:56
attack	ssh failed login	2019-07-03 03:42:14

Type

Details

Datetime

attackspambots

Jul  2 13:33:22 garuda sshd[991573]: reveeclipse mapping checking getaddrinfo for 165-255-66-27.ip.adsl.co.za [165.255.66.27] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 13:33:22 garuda sshd[991573]: Invalid user fk from 165.255.66.27
Jul  2 13:33:22 garuda sshd[991573]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.255.66.27 
Jul  2 13:33:25 garuda sshd[991573]: Failed password for invalid user fk from 165.255.66.27 port 41828 ssh2
Jul  2 13:33:25 garuda sshd[991573]: Received disconnect from 165.255.66.27: 11: Bye Bye [preauth]
Jul  2 13:37:50 garuda sshd[992901]: reveeclipse mapping checking getaddrinfo for 165-255-66-27.ip.adsl.co.za [165.255.66.27] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul  2 13:37:50 garuda sshd[992901]: Invalid user hadoop from 165.255.66.27
Jul  2 13:37:50 garuda sshd[992901]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.255.66.27 
Jul  2 13:37:53 garuda ss........
-------------------------------

2019-07-03 09:18:56

attack

ssh failed login

2019-07-03 03:42:14

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 165.255.66.27
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39292
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;165.255.66.27.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019070201 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Jul 03 03:42:09 CST 2019
;; MSG SIZE  rcvd: 117

Host info

27.66.255.165.in-addr.arpa domain name pointer 165-255-66-27.ip.adsl.co.za.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
27.66.255.165.in-addr.arpa	name = 165-255-66-27.ip.adsl.co.za.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
49.233.143.87	attackbotsspam	Sep 6 18:54:46 h2829583 sshd[5993]: Failed password for root from 49.233.143.87 port 50174 ssh2	2020-09-07 12:34:21
40.117.73.218	attack	LGS,WP GET //wp-includes/wlwmanifest.xml GET //wp-includes/wlwmanifest.xml	2020-09-07 12:49:23
113.116.98.192	attack	spam	2020-09-07 12:58:17
112.85.42.200	attackspam	Sep 7 06:20:36 ucs sshd\[10761\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.200 user=root Sep 7 06:20:38 ucs sshd\[10754\]: error: PAM: User not known to the underlying authentication module for root from 112.85.42.200 Sep 7 06:20:40 ucs sshd\[10764\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.200 user=root ...	2020-09-07 12:21:36
222.186.173.201	attack	Sep 7 06:21:38 router sshd[2662]: Failed password for root from 222.186.173.201 port 51692 ssh2 Sep 7 06:21:43 router sshd[2662]: Failed password for root from 222.186.173.201 port 51692 ssh2 Sep 7 06:21:47 router sshd[2662]: Failed password for root from 222.186.173.201 port 51692 ssh2 Sep 7 06:21:51 router sshd[2662]: Failed password for root from 222.186.173.201 port 51692 ssh2 ...	2020-09-07 12:22:55
185.232.30.130	attack	TCP (SYN) 185.232.30.130:41212 -> port 3392, len 44	2020-09-07 12:43:02
102.37.12.59	attackbots	2020-09-07T00:36:08.078006n23.at sshd[145555]: Invalid user faster from 102.37.12.59 port 1088 2020-09-07T00:36:09.721936n23.at sshd[145555]: Failed password for invalid user faster from 102.37.12.59 port 1088 ssh2 2020-09-07T00:54:49.332347n23.at sshd[160964]: Invalid user test from 102.37.12.59 port 1088 ...	2020-09-07 12:30:24
192.42.116.20	attackbots	192.42.116.20 (NL/Netherlands/-), 7 distributed sshd attacks on account [admin] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Sep 6 22:01:14 server2 sshd[14926]: Invalid user admin from 192.42.116.20 Sep 6 22:31:18 server2 sshd[4732]: Invalid user admin from 51.195.136.14 Sep 6 22:01:16 server2 sshd[14926]: Failed password for invalid user admin from 192.42.116.20 port 33232 ssh2 Sep 6 22:00:12 server2 sshd[14296]: Invalid user admin from 141.98.252.163 Sep 6 21:57:59 server2 sshd[12656]: Failed password for invalid user admin from 185.220.103.6 port 55148 ssh2 Sep 6 22:00:07 server2 sshd[14210]: Invalid user admin from 141.98.252.163 Sep 6 22:00:10 server2 sshd[14210]: Failed password for invalid user admin from 141.98.252.163 port 40750 ssh2 IP Addresses Blocked:	2020-09-07 12:33:11
37.187.54.45	attack	[ssh] SSH attack	2020-09-07 12:22:22
122.51.89.18	attack	SSH / Telnet Brute Force Attempts on Honeypot	2020-09-07 13:02:43
143.202.179.12	attackspam	Automatic report - Port Scan Attack	2020-09-07 12:59:10
211.159.218.251	attackbots	Sep 7 03:35:12 home sshd[1065992]: Failed password for root from 211.159.218.251 port 37876 ssh2 Sep 7 03:37:26 home sshd[1066188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.159.218.251 user=root Sep 7 03:37:28 home sshd[1066188]: Failed password for root from 211.159.218.251 port 41356 ssh2 Sep 7 03:39:42 home sshd[1066462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.159.218.251 user=mysql Sep 7 03:39:44 home sshd[1066462]: Failed password for mysql from 211.159.218.251 port 44828 ssh2 ...	2020-09-07 12:23:54
54.37.159.45	attack	SSH login attempts.	2020-09-07 12:26:33
222.186.169.192	attackbots	Sep 7 04:11:09 instance-2 sshd[4347]: Failed password for root from 222.186.169.192 port 30092 ssh2 Sep 7 04:11:12 instance-2 sshd[4347]: Failed password for root from 222.186.169.192 port 30092 ssh2 Sep 7 04:11:16 instance-2 sshd[4347]: Failed password for root from 222.186.169.192 port 30092 ssh2 Sep 7 04:11:20 instance-2 sshd[4347]: Failed password for root from 222.186.169.192 port 30092 ssh2	2020-09-07 12:30:09
194.180.224.130	attackspam	$f2bV_matches	2020-09-07 12:23:14

Recently Reported IPs

80.85.233.223	154.124.124.194	49.114.33.210	190.24.116.65
95.0.60.161	78.7.122.186	78.25.157.185	209.250.237.72
39.245.3.250	186.22.139.57	221.243.33.172	36.239.120.100
4.16.50.177	135.227.53.217	128.48.42.138	134.181.102.39
121.206.49.9	172.13.193.132	17.121.110.65	70.96.31.122