218.147.99.252

Basic Info

City: Icheon-si

Region: Gyeonggi-do

Country: South Korea

Internet Service Provider: KT Corporation

Hostname: unknown

Organization: Korea Telecom

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	SSH Brute-Force reported by Fail2Ban	2019-10-22 07:50:32
attackspam	Tried sshing with brute force.	2019-10-16 04:17:54
attackbots	Jun 28 07:14:45 v22018076622670303 sshd\[19550\]: Invalid user informix from 218.147.99.252 port 37226 Jun 28 07:14:45 v22018076622670303 sshd\[19550\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.147.99.252 Jun 28 07:14:47 v22018076622670303 sshd\[19550\]: Failed password for invalid user informix from 218.147.99.252 port 37226 ssh2 ...	2019-06-28 15:23:47

Type

Details

Datetime

attackspam

SSH Brute-Force reported by Fail2Ban

2019-10-22 07:50:32

attackspam

Tried sshing with brute force.

2019-10-16 04:17:54

attackbots

Jun 28 07:14:45 v22018076622670303 sshd\[19550\]: Invalid user informix from 218.147.99.252 port 37226
Jun 28 07:14:45 v22018076622670303 sshd\[19550\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.147.99.252
Jun 28 07:14:47 v22018076622670303 sshd\[19550\]: Failed password for invalid user informix from 218.147.99.252 port 37226 ssh2
...

2019-06-28 15:23:47

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 218.147.99.252
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16026
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;218.147.99.252.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019062800 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Jun 28 15:23:40 CST 2019
;; MSG SIZE  rcvd: 118

Host info

252.99.147.218.in-addr.arpa domain name pointer www.cnghitech.com.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
252.99.147.218.in-addr.arpa	name = www.cnghitech.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
182.254.163.137	attackbotsspam	Jul 23 10:40:18 sso sshd[16587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.254.163.137 Jul 23 10:40:20 sso sshd[16587]: Failed password for invalid user wcc from 182.254.163.137 port 57378 ssh2 ...	2020-07-23 19:59:05
61.95.233.61	attack	Jul 23 13:59:23 abendstille sshd\[11038\]: Invalid user terraria from 61.95.233.61 Jul 23 13:59:23 abendstille sshd\[11038\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.95.233.61 Jul 23 13:59:26 abendstille sshd\[11038\]: Failed password for invalid user terraria from 61.95.233.61 port 47638 ssh2 Jul 23 14:04:10 abendstille sshd\[15717\]: Invalid user cristiano from 61.95.233.61 Jul 23 14:04:10 abendstille sshd\[15717\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.95.233.61 ...	2020-07-23 20:16:04
51.38.51.200	attackspam	Invalid user ftp1 from 51.38.51.200 port 32806	2020-07-23 20:04:48
193.238.200.65	attack	Honeypot hit.	2020-07-23 19:42:37
59.124.90.231	attackspambots	Jul 23 14:00:55 electroncash sshd[53147]: Invalid user libuuid from 59.124.90.231 port 50830 Jul 23 14:00:55 electroncash sshd[53147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.124.90.231 Jul 23 14:00:55 electroncash sshd[53147]: Invalid user libuuid from 59.124.90.231 port 50830 Jul 23 14:00:57 electroncash sshd[53147]: Failed password for invalid user libuuid from 59.124.90.231 port 50830 ssh2 Jul 23 14:04:11 electroncash sshd[55017]: Invalid user ayush from 59.124.90.231 port 54820 ...	2020-07-23 20:13:38
222.186.175.183	attack	[MK-VM2] SSH login failed	2020-07-23 20:09:05
115.224.94.101	attackbots	Brute forcing RDP port 3389	2020-07-23 20:01:21
212.129.152.27	attack	Jul 23 13:25:47 vps sshd[765125]: Failed password for invalid user fuk from 212.129.152.27 port 50794 ssh2 Jul 23 13:32:13 vps sshd[791785]: Invalid user quantum from 212.129.152.27 port 35184 Jul 23 13:32:13 vps sshd[791785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.129.152.27 Jul 23 13:32:15 vps sshd[791785]: Failed password for invalid user quantum from 212.129.152.27 port 35184 ssh2 Jul 23 13:35:19 vps sshd[807019]: Invalid user codeunbug from 212.129.152.27 port 41494 ...	2020-07-23 19:44:55
106.12.59.23	attack	Invalid user ella from 106.12.59.23 port 43576	2020-07-23 19:44:06
113.175.101.193	attackspam	SMB Server BruteForce Attack	2020-07-23 20:07:53
51.91.125.136	attackbots	Jul 23 13:56:05 meumeu sshd[1379196]: Invalid user catholic from 51.91.125.136 port 35286 Jul 23 13:56:05 meumeu sshd[1379196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.91.125.136 Jul 23 13:56:05 meumeu sshd[1379196]: Invalid user catholic from 51.91.125.136 port 35286 Jul 23 13:56:07 meumeu sshd[1379196]: Failed password for invalid user catholic from 51.91.125.136 port 35286 ssh2 Jul 23 14:00:10 meumeu sshd[1379634]: Invalid user ly from 51.91.125.136 port 48160 Jul 23 14:00:10 meumeu sshd[1379634]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.91.125.136 Jul 23 14:00:10 meumeu sshd[1379634]: Invalid user ly from 51.91.125.136 port 48160 Jul 23 14:00:12 meumeu sshd[1379634]: Failed password for invalid user ly from 51.91.125.136 port 48160 ssh2 Jul 23 14:04:09 meumeu sshd[1379892]: Invalid user 18 from 51.91.125.136 port 32818 ...	2020-07-23 20:17:01
111.206.250.235	attackspambots	webserver:80 [23/Jul/2020] "\x16\x03\x01\x02" 400 0	2020-07-23 19:40:08
103.55.36.153	attackspambots	2020-07-23T03:38:35.118653ionos.janbro.de sshd[33056]: Invalid user rb from 103.55.36.153 port 35214 2020-07-23T03:38:37.852586ionos.janbro.de sshd[33056]: Failed password for invalid user rb from 103.55.36.153 port 35214 ssh2 2020-07-23T03:44:06.905861ionos.janbro.de sshd[33083]: Invalid user sinusbot from 103.55.36.153 port 51276 2020-07-23T03:44:07.044765ionos.janbro.de sshd[33083]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.36.153 2020-07-23T03:44:06.905861ionos.janbro.de sshd[33083]: Invalid user sinusbot from 103.55.36.153 port 51276 2020-07-23T03:44:09.822880ionos.janbro.de sshd[33083]: Failed password for invalid user sinusbot from 103.55.36.153 port 51276 ssh2 2020-07-23T03:49:46.374872ionos.janbro.de sshd[33096]: Invalid user zha from 103.55.36.153 port 39098 2020-07-23T03:49:46.642851ionos.janbro.de sshd[33096]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.36.153 2020-07-23T ...	2020-07-23 19:51:34
189.253.192.165	attackbotsspam	20/7/23@08:04:10: FAIL: Alarm-Intrusion address from=189.253.192.165 ...	2020-07-23 20:15:13
123.252.194.158	attackbotsspam	Invalid user brenda from 123.252.194.158 port 57072	2020-07-23 20:02:28

Recently Reported IPs

99.143.49.253	216.58.197.99	58.40.224.149	216.58.220.205
2001:44c8:4710:8c4f:2442:1698:d146:af3e	37.252.166.38	59.60.5.104	66.249.79.126
181.33.224.173	107.194.228.133	175.35.39.228	128.65.125.165
196.179.114.80	120.34.89.189	47.117.230.52	154.177.60.105
178.209.207.7	75.64.28.185	44.68.52.74	73.93.67.79