218.147.99.252

Basic Info

City: Icheon-si

Region: Gyeonggi-do

Country: South Korea

Internet Service Provider: KT Corporation

Hostname: unknown

Organization: Korea Telecom

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	SSH Brute-Force reported by Fail2Ban	2019-10-22 07:50:32
attackspam	Tried sshing with brute force.	2019-10-16 04:17:54
attackbots	Jun 28 07:14:45 v22018076622670303 sshd\[19550\]: Invalid user informix from 218.147.99.252 port 37226 Jun 28 07:14:45 v22018076622670303 sshd\[19550\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.147.99.252 Jun 28 07:14:47 v22018076622670303 sshd\[19550\]: Failed password for invalid user informix from 218.147.99.252 port 37226 ssh2 ...	2019-06-28 15:23:47

Type

Details

Datetime

attackspam

SSH Brute-Force reported by Fail2Ban

2019-10-22 07:50:32

attackspam

Tried sshing with brute force.

2019-10-16 04:17:54

attackbots

Jun 28 07:14:45 v22018076622670303 sshd\[19550\]: Invalid user informix from 218.147.99.252 port 37226
Jun 28 07:14:45 v22018076622670303 sshd\[19550\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.147.99.252
Jun 28 07:14:47 v22018076622670303 sshd\[19550\]: Failed password for invalid user informix from 218.147.99.252 port 37226 ssh2
...

2019-06-28 15:23:47

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 218.147.99.252
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16026
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;218.147.99.252.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019062800 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Jun 28 15:23:40 CST 2019
;; MSG SIZE  rcvd: 118

Host info

252.99.147.218.in-addr.arpa domain name pointer www.cnghitech.com.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
252.99.147.218.in-addr.arpa	name = www.cnghitech.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
116.239.2.158	attackbotsspam	Sep 28 13:36:54 localhost sshd\[1707\]: Invalid user mdomin from 116.239.2.158 port 10544 Sep 28 13:36:54 localhost sshd\[1707\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.239.2.158 Sep 28 13:36:57 localhost sshd\[1707\]: Failed password for invalid user mdomin from 116.239.2.158 port 10544 ssh2	2019-09-28 19:37:14
125.56.20.80	attack	Unauthorised access (Sep 28) SRC=125.56.20.80 LEN=40 TTL=48 ID=10520 TCP DPT=8080 WINDOW=36034 SYN Unauthorised access (Sep 27) SRC=125.56.20.80 LEN=40 TTL=48 ID=14974 TCP DPT=8080 WINDOW=36034 SYN Unauthorised access (Sep 26) SRC=125.56.20.80 LEN=40 TTL=48 ID=12848 TCP DPT=8080 WINDOW=36034 SYN	2019-09-28 19:50:28
176.32.34.113	attackspam	11211/udp 11211/udp 11211/udp [2019-09-28]3pkt	2019-09-28 19:43:15
183.129.150.2	attackbots	$f2bV_matches	2019-09-28 19:31:32
201.41.148.228	attackspam	Invalid user foster from 201.41.148.228 port 33547	2019-09-28 19:48:34
23.228.96.18	attackspambots	Automatic report generated by Wazuh	2019-09-28 19:36:54
138.197.98.251	attack	Sep 28 12:01:09 lnxded63 sshd[2253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.98.251	2019-09-28 19:57:37
206.189.175.177	attack	Sep 28 09:06:58 markkoudstaal sshd[19086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.175.177 Sep 28 09:07:00 markkoudstaal sshd[19086]: Failed password for invalid user hx from 206.189.175.177 port 57856 ssh2 Sep 28 09:11:17 markkoudstaal sshd[19599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.175.177	2019-09-28 19:45:01
222.252.45.251	attackspambots	445/tcp [2019-09-28]1pkt	2019-09-28 19:38:53
107.170.130.204	attack	Unauthorized SSH connection attempt	2019-09-28 19:26:12
106.12.24.234	attackbotsspam	Sep 28 13:38:14 jane sshd[31625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.24.234 Sep 28 13:38:16 jane sshd[31625]: Failed password for invalid user www from 106.12.24.234 port 56910 ssh2 ...	2019-09-28 19:56:01
58.56.140.62	attackspambots	Invalid user betania from 58.56.140.62 port 32418	2019-09-28 20:05:07
191.163.205.17	attackbots	60001/tcp [2019-09-28]1pkt	2019-09-28 19:27:05
67.69.134.66	attackbots	fail2ban	2019-09-28 19:56:28
193.32.160.137	attack	Sep 28 11:39:10 webserver postfix/smtpd\[26714\]: NOQUEUE: reject: RCPT from unknown\[193.32.160.137\]: 454 4.7.1 \: Relay access denied\; from=\ to=\ proto=ESMTP helo=\<\[193.32.160.142\]\> Sep 28 11:39:10 webserver postfix/smtpd\[26714\]: NOQUEUE: reject: RCPT from unknown\[193.32.160.137\]: 454 4.7.1 \: Relay access denied\; from=\ to=\ proto=ESMTP helo=\<\[193.32.160.142\]\> Sep 28 11:39:10 webserver postfix/smtpd\[26714\]: NOQUEUE: reject: RCPT from unknown\[193.32.160.137\]: 454 4.7.1 \: Relay access denied\; from=\ to=\ proto=ESMTP helo=\<\[193.32.160.142\]\> Sep 28 11:39:10 webserver postfix/smtpd\[26714\]: NOQUEUE: reject: RCPT from unknown\[193.32.160.137\]: 454 4.7.1 \: Relay access denied\; from=\	2019-09-28 20:00:24

Recently Reported IPs

99.143.49.253	216.58.197.99	58.40.224.149	216.58.220.205
2001:44c8:4710:8c4f:2442:1698:d146:af3e	37.252.166.38	59.60.5.104	66.249.79.126
181.33.224.173	107.194.228.133	175.35.39.228	128.65.125.165
196.179.114.80	120.34.89.189	47.117.230.52	154.177.60.105
178.209.207.7	75.64.28.185	44.68.52.74	73.93.67.79