213.149.149.207

Basic Info

City: unknown

Region: unknown

Country: Bulgaria

Internet Service Provider: UltraNET Ltd

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	Automatic report - XMLRPC Attack	2020-07-11 17:43:12

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 213.149.149.207
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51557
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;213.149.149.207.		IN	A

;; AUTHORITY SECTION:
.			568	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020071001 1800 900 604800 86400

;; Query time: 12 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Jul 11 17:43:08 CST 2020
;; MSG SIZE  rcvd: 119

Host info

Host 207.149.149.213.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 207.149.149.213.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
222.186.190.17	attack	Aug 8 02:16:10 alpha sshd[13291]: Unable to negotiate with 222.186.190.17 port 40262: no matching host key type found. Their offer: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss [preauth] Aug 8 02:17:14 alpha sshd[13300]: Unable to negotiate with 222.186.190.17 port 41553: no matching host key type found. Their offer: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss [preauth] Aug 8 02:18:23 alpha sshd[13302]: Unable to negotiate with 222.186.190.17 port 45643: no matching host key type found. Their offer: ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-rsa,ssh-dss [preauth]	2020-08-08 08:30:12
145.239.82.192	attack	SSH Brute Force	2020-08-08 08:29:17
118.25.144.49	attackspambots	Aug 8 05:51:08 OPSO sshd\[18254\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.25.144.49 user=root Aug 8 05:51:10 OPSO sshd\[18254\]: Failed password for root from 118.25.144.49 port 55386 ssh2 Aug 8 05:55:10 OPSO sshd\[19031\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.25.144.49 user=root Aug 8 05:55:12 OPSO sshd\[19031\]: Failed password for root from 118.25.144.49 port 48354 ssh2 Aug 8 05:59:19 OPSO sshd\[19927\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.25.144.49 user=root	2020-08-08 12:08:58
187.189.208.21	attackspambots	Automated report (2020-08-08T11:59:09+08:00). Referrer spam originating from this address detected (anti-crisis-seo.com).	2020-08-08 12:22:41
106.75.79.172	attackbotsspam	srv.marc-hoffrichter.de:443 106.75.79.172 - - [08/Aug/2020:05:59:18 +0200] "GET / HTTP/1.0" 403 5565 "-" "-"	2020-08-08 12:12:47
134.122.102.200	attackspambots	134.122.102.200 - - [08/Aug/2020:04:59:16 +0100] "POST /wp-login.php HTTP/1.1" 200 2079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.122.102.200 - - [08/Aug/2020:04:59:26 +0100] "POST /wp-login.php HTTP/1.1" 200 2083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.122.102.200 - - [08/Aug/2020:04:59:27 +0100] "POST /xmlrpc.php HTTP/1.1" 200 247 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-08 12:03:09
36.75.64.239	attackbots	1596859138 - 08/08/2020 05:58:58 Host: 36.75.64.239/36.75.64.239 Port: 445 TCP Blocked	2020-08-08 12:37:49
159.89.9.140	attackbotsspam	Aug 7 22:23:28 b-vps wordpress(www.rreb.cz)[12714]: Authentication attempt for unknown user barbora from 159.89.9.140 ...	2020-08-08 08:28:47
115.84.92.66	attackspam	Unauthorized IMAP connection attempt	2020-08-08 12:19:07
181.188.173.154	attackbots	1596859146 - 08/08/2020 05:59:06 Host: 181.188.173.154/181.188.173.154 Port: 445 TCP Blocked	2020-08-08 12:26:46
222.186.173.215	attackspam	prod8 ...	2020-08-08 12:20:06
52.168.33.43	attackbots	52.168.33.43 - - \[08/Aug/2020:05:59:11 +0200\] "POST //xmlrpc.php HTTP/1.0" 200 735 "-" "Mozilla/5.0 \(Windows NT 10.0\; Win64\; x64\) AppleWebKit/537.36 \(KHTML, like Gecko\) Chrome/80.0.3987.149 Safari/537.36" 52.168.33.43 - - \[08/Aug/2020:05:59:12 +0200\] "POST //xmlrpc.php HTTP/1.0" 200 735 "-" "Mozilla/5.0 \(Windows NT 10.0\; Win64\; x64\) AppleWebKit/537.36 \(KHTML, like Gecko\) Chrome/80.0.3987.149 Safari/537.36" 52.168.33.43 - - \[08/Aug/2020:05:59:12 +0200\] "POST //xmlrpc.php HTTP/1.0" 200 733 "-" "Mozilla/5.0 \(Windows NT 10.0\; Win64\; x64\) AppleWebKit/537.36 \(KHTML, like Gecko\) Chrome/80.0.3987.149 Safari/537.36"	2020-08-08 12:17:05
106.55.37.132	attackbots	IP blocked	2020-08-08 08:31:27
141.98.9.161	attack	2020-08-08T03:58:54.882271abusebot-4.cloudsearch.cf sshd[10588]: Invalid user admin from 141.98.9.161 port 42505 2020-08-08T03:58:54.888279abusebot-4.cloudsearch.cf sshd[10588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.9.161 2020-08-08T03:58:54.882271abusebot-4.cloudsearch.cf sshd[10588]: Invalid user admin from 141.98.9.161 port 42505 2020-08-08T03:58:57.350196abusebot-4.cloudsearch.cf sshd[10588]: Failed password for invalid user admin from 141.98.9.161 port 42505 ssh2 2020-08-08T03:59:12.111980abusebot-4.cloudsearch.cf sshd[10644]: Invalid user ubnt from 141.98.9.161 port 46205 2020-08-08T03:59:12.117896abusebot-4.cloudsearch.cf sshd[10644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.9.161 2020-08-08T03:59:12.111980abusebot-4.cloudsearch.cf sshd[10644]: Invalid user ubnt from 141.98.9.161 port 46205 2020-08-08T03:59:14.048290abusebot-4.cloudsearch.cf sshd[10644]: Failed password ...	2020-08-08 12:16:40
102.36.164.141	attack	Aug 7 02:12:58 myhostname sshd[23157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.36.164.141 user=r.r Aug 7 02:13:00 myhostname sshd[23157]: Failed password for r.r from 102.36.164.141 port 36568 ssh2 Aug 7 02:13:00 myhostname sshd[23157]: Received disconnect from 102.36.164.141 port 36568:11: Bye Bye [preauth] Aug 7 02:13:00 myhostname sshd[23157]: Disconnected from 102.36.164.141 port 36568 [preauth] Aug 7 02:28:26 myhostname sshd[5131]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.36.164.141 user=r.r ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=102.36.164.141	2020-08-08 12:38:35

Recently Reported IPs

202.200.144.69	105.98.242.123	173.224.42.84	68.183.112.182
180.242.181.219	113.229.84.228	123.16.84.109	113.189.55.203
189.55.176.116	197.247.203.35	183.131.223.97	60.170.126.12
42.114.162.15	106.8.32.204	2402:800:6318:3116:38a9:6a3d:34c7:e06d	35.186.173.231
15.236.64.81	5.200.95.107	207.248.111.47	101.91.226.66