Must be a valid IPv4 or IPv6 ip address, e.g. 127.0.0.1 or 2001:DB8:0:0:8:800:200C:417A
Basic Info

City: Sandton

Region: Gauteng

Country: South Africa

Internet Service Provider: Dimension Data (Pty) Ltd - Optinet

Hostname: unknown

Organization: OPTINET

Usage Type: Data Center/Web Hosting/Transit

Comments:
Type Details Datetime
attack
timhelmke.de 197.85.7.159 \[03/Oct/2019:22:52:45 +0200\] "POST /wp-login.php HTTP/1.1" 200 5594 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
timhelmke.de 197.85.7.159 \[03/Oct/2019:22:52:48 +0200\] "POST /wp-login.php HTTP/1.1" 200 5545 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
2019-10-04 05:47:01
attackbotsspam
Scanning and Vuln Attempts
2019-09-25 15:11:42
attack
WordPress wp-login brute force :: 197.85.7.159 0.184 BYPASS [20/Sep/2019:05:35:10  1000] [censored_1] "POST /wp-login.php HTTP/1.1" 200 3972 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
2019-09-20 04:12:18
attack
WordPress login Brute force / Web App Attack on client site.
2019-09-05 02:12:54
Comments on same subnet:
No discussion about this subnet yet..
Whois info:
b
Dig info:
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 197.85.7.159
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37354
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;197.85.7.159.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019090401 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu Sep 05 02:12:46 CST 2019
;; MSG SIZE  rcvd: 116
Host info
159.7.85.197.in-addr.arpa domain name pointer 197-85-7-159.cpt.mweb.co.za.
Nslookup info:
Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
159.7.85.197.in-addr.arpa	name = 197-85-7-159.cpt.mweb.co.za.

Authoritative answers can be found from:
Related IP info:
Related comments:
IP Type Details Datetime
46.105.112.107 attackbots
Jul 14 22:13:52 root sshd[7621]: Failed password for root from 46.105.112.107 port 37102 ssh2
Jul 14 22:21:42 root sshd[7709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.105.112.107 
Jul 14 22:21:44 root sshd[7709]: Failed password for invalid user rstudio from 46.105.112.107 port 51432 ssh2
...
2019-07-15 04:38:34
134.209.11.82 attack
masters-of-media.de 134.209.11.82 \[14/Jul/2019:20:37:04 +0200\] "POST /wp-login.php HTTP/1.1" 200 5855 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
masters-of-media.de 134.209.11.82 \[14/Jul/2019:20:37:06 +0200\] "POST /wp-login.php HTTP/1.1" 200 5854 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
masters-of-media.de 134.209.11.82 \[14/Jul/2019:20:37:07 +0200\] "POST /xmlrpc.php HTTP/1.1" 200 4102 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"
2019-07-15 04:30:05
208.102.113.11 attackspam
2019-07-14T22:12:24.545050stark.klein-stark.info sshd\[31718\]: Invalid user snoopy from 208.102.113.11 port 45610
2019-07-14T22:12:24.550758stark.klein-stark.info sshd\[31718\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=dsl-208-102-113-11.fuse.net
2019-07-14T22:12:26.343450stark.klein-stark.info sshd\[31718\]: Failed password for invalid user snoopy from 208.102.113.11 port 45610 ssh2
...
2019-07-15 04:13:53
198.108.67.82 attackbotsspam
firewall-block, port(s): 9014/tcp
2019-07-15 04:42:05
200.170.139.169 attackspambots
Jul 14 13:21:46 bouncer sshd\[26202\]: Invalid user ubuntu from 200.170.139.169 port 33152
Jul 14 13:21:46 bouncer sshd\[26202\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.170.139.169 
Jul 14 13:21:48 bouncer sshd\[26202\]: Failed password for invalid user ubuntu from 200.170.139.169 port 33152 ssh2
...
2019-07-15 04:26:18
50.227.195.3 attackbots
Jul 14 19:20:31 itv-usvr-01 sshd[22913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.227.195.3  user=root
Jul 14 19:20:33 itv-usvr-01 sshd[22913]: Failed password for root from 50.227.195.3 port 52284 ssh2
Jul 14 19:24:58 itv-usvr-01 sshd[23088]: Invalid user pp from 50.227.195.3
Jul 14 19:24:58 itv-usvr-01 sshd[23088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.227.195.3
Jul 14 19:24:58 itv-usvr-01 sshd[23088]: Invalid user pp from 50.227.195.3
Jul 14 19:25:00 itv-usvr-01 sshd[23088]: Failed password for invalid user pp from 50.227.195.3 port 45692 ssh2
2019-07-15 04:06:38
198.71.230.64 attackbotsspam
xmlrpc attack
2019-07-15 04:19:35
198.199.104.20 attackspambots
Jul 14 19:58:04 core01 sshd\[19115\]: Invalid user sanga from 198.199.104.20 port 57646
Jul 14 19:58:04 core01 sshd\[19115\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.104.20
...
2019-07-15 04:05:53
104.168.215.181 attack
Jul 14 12:20:49 nextcloud sshd\[822\]: Invalid user students from 104.168.215.181
Jul 14 12:20:49 nextcloud sshd\[822\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.168.215.181
Jul 14 12:20:51 nextcloud sshd\[822\]: Failed password for invalid user students from 104.168.215.181 port 59058 ssh2
...
2019-07-15 04:40:37
176.176.99.26 attack
Malicious/Probing: /wp-login.php
2019-07-15 04:22:25
88.249.126.73 attack
Automatic report - Port Scan Attack
2019-07-15 04:05:34
41.32.223.149 attack
Jul 14 12:12:56 server378 sshd[1181224]: Did not receive identification string from 41.32.223.149
Jul 14 12:13:01 server378 sshd[1181225]: reveeclipse mapping checking getaddrinfo for host-41.32.223.149.tedata.net [41.32.223.149] failed - POSSIBLE BREAK-IN ATTEMPT!
Jul 14 12:13:01 server378 sshd[1181225]: Invalid user adminixxxr from 41.32.223.149
Jul 14 12:13:01 server378 sshd[1181225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.32.223.149
Jul 14 12:13:04 server378 sshd[1181225]: Failed password for invalid user adminixxxr from 41.32.223.149 port 55559 ssh2
Jul 14 12:13:04 server378 sshd[1181225]: Connection closed by 41.32.223.149 [preauth]


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=41.32.223.149
2019-07-15 04:06:57
162.105.92.98 attack
SSH Brute Force, server-1 sshd[22672]: Failed password for invalid user avis from 162.105.92.98 port 38804 ssh2
2019-07-15 04:07:45
167.250.98.23 attackspam
failed_logins
2019-07-15 04:39:10
157.230.110.62 attack
recursive dns scanner
2019-07-15 04:14:14

Recently Reported IPs

46.3.110.31 13.21.196.15 115.124.10.61 1.160.22.127
173.223.63.177 91.32.209.205 81.193.210.203 135.124.130.76
156.57.170.131 20.164.239.114 35.111.13.125 207.173.72.209
189.39.103.191 89.34.184.170 4.61.7.166 57.101.21.45
202.184.212.162 96.192.94.55 153.106.128.36 4.64.234.165