185.66.130.55 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Albania

Internet Service Provider: Nisatel LTD

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Unauthorized connection attempt from IP address 185.66.130.55 on Port 445(SMB)	2019-09-03 13:20:21

Comments on same subnet:

IP	Type	Details	Datetime
185.66.130.127	attackbotsspam	Automatic report - Port Scan Attack	2020-06-20 01:05:08
185.66.130.79	attackbots	Honeypot attack, port: 23, PTR: PTR record not found	2019-08-21 20:52:07
185.66.130.79	attack	Unauthorised access (Aug 8) SRC=185.66.130.79 LEN=44 TTL=54 ID=51482 TCP DPT=23 WINDOW=52424 SYN Unauthorised access (Aug 8) SRC=185.66.130.79 LEN=44 TTL=54 ID=414 TCP DPT=23 WINDOW=52424 SYN Unauthorised access (Aug 5) SRC=185.66.130.79 LEN=44 TTL=53 ID=9207 TCP DPT=8080 WINDOW=11091 SYN	2019-08-08 14:04:38

Type

Details

Datetime

185.66.130.127

attackbotsspam

Automatic report - Port Scan Attack

2020-06-20 01:05:08

185.66.130.79

attackbots

Honeypot attack, port: 23, PTR: PTR record not found

2019-08-21 20:52:07

185.66.130.79

attack

Unauthorised access (Aug  8) SRC=185.66.130.79 LEN=44 TTL=54 ID=51482 TCP DPT=23 WINDOW=52424 SYN 
Unauthorised access (Aug  8) SRC=185.66.130.79 LEN=44 TTL=54 ID=414 TCP DPT=23 WINDOW=52424 SYN 
Unauthorised access (Aug  5) SRC=185.66.130.79 LEN=44 TTL=53 ID=9207 TCP DPT=8080 WINDOW=11091 SYN

2019-08-08 14:04:38

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 185.66.130.55
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11304
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;185.66.130.55.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019090300 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Tue Sep 03 13:20:14 CST 2019
;; MSG SIZE  rcvd: 117

Host info

Host 55.130.66.185.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 55.130.66.185.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
178.128.145.23	attack	Attempted connection to port 8088.	2020-09-03 15:47:38
91.121.137.24	attack	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-09-03 15:27:23
45.82.136.246	attackbots	Cowrie Honeypot: 10 unauthorised SSH/Telnet login attempts between 2020-09-03T06:20:07Z and 2020-09-03T06:21:55Z	2020-09-03 15:15:10
41.239.9.136	attackspam	Attempted connection to port 23.	2020-09-03 15:39:18
198.98.49.181	attack	Sep 3 09:01:28 prod4 sshd\[19127\]: Invalid user ec2-user from 198.98.49.181 Sep 3 09:01:28 prod4 sshd\[19128\]: Invalid user centos from 198.98.49.181 Sep 3 09:01:28 prod4 sshd\[19133\]: Invalid user oracle from 198.98.49.181 ...	2020-09-03 15:18:45
177.220.133.158	attackbots	Invalid user globalflash from 177.220.133.158 port 33895	2020-09-03 15:16:26
49.88.112.76	attackbots	Sep 3 07:31:29 localhost sshd[1963985]: Failed password for root from 49.88.112.76 port 48944 ssh2 Sep 3 07:32:19 localhost sshd[1965745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.76 user=root Sep 3 07:32:20 localhost sshd[1965745]: Failed password for root from 49.88.112.76 port 22594 ssh2 Sep 3 07:33:07 localhost sshd[1967504]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.76 user=root Sep 3 07:33:09 localhost sshd[1967504]: Failed password for root from 49.88.112.76 port 46631 ssh2 ...	2020-09-03 15:33:35
51.38.57.78	attack	Invalid user elastic from 51.38.57.78 port 60496	2020-09-03 15:39:53
5.206.4.170	attackspambots	1599065142 - 09/02/2020 18:45:42 Host: 5.206.4.170/5.206.4.170 Port: 445 TCP Blocked	2020-09-03 15:31:14
189.80.32.131	attackspambots	Unauthorized connection attempt from IP address 189.80.32.131 on Port 445(SMB)	2020-09-03 15:09:24
88.147.152.146	attack	srvr1: (mod_security) mod_security (id:920350) triggered by 88.147.152.146 (RU/-/88-147-152-146.dynamic.152.147.88.in-addr.arpa): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/09/03 06:32:36 [error] 194005#0: 337763 [client 88.147.152.146] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "159911475637.598198"] [ref "o0,16v21,16"], client: 88.147.152.146, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-09-03 15:11:05
61.177.172.128	attackspam	Sep 3 09:16:43 sso sshd[26202]: Failed password for root from 61.177.172.128 port 22371 ssh2 Sep 3 09:16:53 sso sshd[26202]: Failed password for root from 61.177.172.128 port 22371 ssh2 ...	2020-09-03 15:28:12
200.186.50.242	attackspambots	Unauthorized connection attempt from IP address 200.186.50.242 on Port 445(SMB)	2020-09-03 15:15:57
177.10.241.126	attackspam	Autoban 177.10.241.126 AUTH/CONNECT	2020-09-03 15:11:20
196.179.232.130	attack	Unauthorized connection attempt from IP address 196.179.232.130 on Port 445(SMB)	2020-09-03 15:13:01

Recently Reported IPs

159.203.56.162	139.178.84.189	202.168.154.98	77.45.6.24
129.151.233.63	66.181.171.26	181.114.88.162	89.215.142.251
103.229.191.77	91.61.103.126	49.88.112.118	222.247.2.148
134.203.57.143	144.247.121.164	104.174.41.87	185.245.87.141
152.169.47.169	126.25.202.89	150.26.231.140	143.48.131.31