221.148.193.205

Basic Info

City: Seoul

Region: Seoul

Country: South Korea

Internet Service Provider: KT Corporation

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	ET SCAN Suspicious inbound to MSSQL port 1433 - port: 1433 proto: TCP cat: Potentially Bad Traffic	2019-11-11 01:54:27

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 221.148.193.205
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32759
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;221.148.193.205.		IN	A

;; AUTHORITY SECTION:
.			592	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019111000 1800 900 604800 86400

;; Query time: 103 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Nov 11 01:54:24 CST 2019
;; MSG SIZE  rcvd: 119

Host info

Host 205.193.148.221.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 205.193.148.221.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
120.52.121.86	attackbots	Oct 17 04:14:25 unicornsoft sshd\[5974\]: User root from 120.52.121.86 not allowed because not listed in AllowUsers Oct 17 04:14:25 unicornsoft sshd\[5974\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.121.86 user=root Oct 17 04:14:28 unicornsoft sshd\[5974\]: Failed password for invalid user root from 120.52.121.86 port 49219 ssh2	2019-10-17 12:17:47
106.12.207.88	attackbots	Oct 17 05:53:17 dedicated sshd[25515]: Failed password for invalid user aag from 106.12.207.88 port 31378 ssh2 Oct 17 05:53:15 dedicated sshd[25515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.207.88 Oct 17 05:53:15 dedicated sshd[25515]: Invalid user aag from 106.12.207.88 port 31378 Oct 17 05:53:17 dedicated sshd[25515]: Failed password for invalid user aag from 106.12.207.88 port 31378 ssh2 Oct 17 05:57:38 dedicated sshd[26016]: Invalid user tlwebpack from 106.12.207.88 port 12349	2019-10-17 12:12:36
185.176.27.242	attackspam	Oct 17 06:20:21 mc1 kernel: \[2572389.478607\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=185.176.27.242 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=22976 PROTO=TCP SPT=47834 DPT=49782 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 17 06:21:46 mc1 kernel: \[2572475.091522\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=185.176.27.242 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=47703 PROTO=TCP SPT=47834 DPT=52420 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 17 06:24:16 mc1 kernel: \[2572625.366257\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=185.176.27.242 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=2498 PROTO=TCP SPT=47834 DPT=31921 WINDOW=1024 RES=0x00 SYN URGP=0 ...	2019-10-17 12:25:50
212.129.9.187	attackspam	[17/Oct/2019:11:26:31 +0800] 212.129.9.187 TLSv1 ECDHE-RSA-AES256-SHA "GET /cfg/000000000000.cfg HTTP/1.1" 218	2019-10-17 12:19:31
112.25.132.110	attackbotsspam	2019-10-17T03:57:22.526726abusebot-8.cloudsearch.cf sshd\[303\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.25.132.110 user=root	2019-10-17 12:23:54
71.42.172.44	attackspam	Unauthorised access (Oct 17) SRC=71.42.172.44 LEN=40 TOS=0x10 PREC=0x40 TTL=241 ID=19995 TCP DPT=445 WINDOW=1024 SYN	2019-10-17 12:21:59
103.76.252.6	attackbots	Oct 16 18:09:18 wbs sshd\[402\]: Invalid user ubnt from 103.76.252.6 Oct 16 18:09:18 wbs sshd\[402\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.76.252.6 Oct 16 18:09:20 wbs sshd\[402\]: Failed password for invalid user ubnt from 103.76.252.6 port 4481 ssh2 Oct 16 18:13:22 wbs sshd\[808\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.76.252.6 user=root Oct 16 18:13:23 wbs sshd\[808\]: Failed password for root from 103.76.252.6 port 18241 ssh2	2019-10-17 12:24:15
119.42.175.200	attack	Oct 17 06:07:11 [host] sshd[26536]: Invalid user test from 119.42.175.200 Oct 17 06:07:11 [host] sshd[26536]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.42.175.200 Oct 17 06:07:13 [host] sshd[26536]: Failed password for invalid user test from 119.42.175.200 port 58276 ssh2	2019-10-17 12:33:50
106.13.217.93	attack	2019-10-17T03:57:32.977574abusebot.cloudsearch.cf sshd\[10716\]: Invalid user muhammad from 106.13.217.93 port 44214	2019-10-17 12:17:05
223.150.8.208	attackspambots	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/223.150.8.208/ CN - 1H : (558) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : CN NAME ASN : ASN4134 IP : 223.150.8.208 CIDR : 223.144.0.0/12 PREFIX COUNT : 5430 UNIQUE IP COUNT : 106919680 WYKRYTE ATAKI Z ASN4134 : 1H - 13 3H - 40 6H - 70 12H - 115 24H - 216 DateTime : 2019-10-17 05:57:21 INFO : Server 403 - Looking for resource vulnerabilities Detected and Blocked by ADMIN - data recovery	2019-10-17 12:23:41
5.141.97.21	attackbots	Oct 17 03:57:52 www_kotimaassa_fi sshd[11954]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.141.97.21 Oct 17 03:57:54 www_kotimaassa_fi sshd[11954]: Failed password for invalid user soidc@com from 5.141.97.21 port 41646 ssh2 ...	2019-10-17 12:06:12
106.13.38.59	attackbots	$f2bV_matches	2019-10-17 12:39:04
43.231.61.146	attack	Oct 16 17:53:00 php1 sshd\[17727\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.231.61.146 user=root Oct 16 17:53:02 php1 sshd\[17727\]: Failed password for root from 43.231.61.146 port 54108 ssh2 Oct 16 17:57:33 php1 sshd\[18101\]: Invalid user oracle from 43.231.61.146 Oct 16 17:57:33 php1 sshd\[18101\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.231.61.146 Oct 16 17:57:35 php1 sshd\[18101\]: Failed password for invalid user oracle from 43.231.61.146 port 38688 ssh2	2019-10-17 12:16:15
145.236.66.81	attackbots	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/145.236.66.81/ HU - 1H : (24) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : HU NAME ASN : ASN5483 IP : 145.236.66.81 CIDR : 145.236.64.0/20 PREFIX COUNT : 275 UNIQUE IP COUNT : 1368320 WYKRYTE ATAKI Z ASN5483 : 1H - 1 3H - 2 6H - 3 12H - 7 24H - 11 DateTime : 2019-10-17 05:57:41 INFO : Server 301 - Looking for resource vulnerabilities Detected and Blocked by ADMIN - data recovery	2019-10-17 12:10:50
142.93.240.79	attackbotsspam	Oct 17 05:56:46 ncomp sshd[20838]: Invalid user tn from 142.93.240.79 Oct 17 05:56:46 ncomp sshd[20838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.240.79 Oct 17 05:56:46 ncomp sshd[20838]: Invalid user tn from 142.93.240.79 Oct 17 05:56:48 ncomp sshd[20838]: Failed password for invalid user tn from 142.93.240.79 port 42364 ssh2	2019-10-17 12:43:45

Recently Reported IPs

221.204.177.48	201.238.198.114	121.10.140.231	119.40.55.14
117.80.237.18	52.49.124.223	46.152.146.162	36.237.131.199
221.179.173.90	211.144.1.166	172.69.134.142	164.132.5.186
159.203.201.185	124.207.183.98	116.90.80.68	115.236.61.163
114.246.204.22	111.160.205.58	104.151.231.210	103.51.103.39