5.59.149.94 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Russian Federation

Internet Service Provider: CoProSys a.s.

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-09-10 18:07:52,818 INFO [amun_request_handler] PortScan Detected on Port: 445 (5.59.149.94)	2019-09-11 08:05:12

Comments on same subnet:

IP	Type	Details	Datetime
5.59.149.42	attackbotsspam	Unauthorized connection attempt from IP address 5.59.149.42 on Port 445(SMB)	2020-05-26 01:03:35

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 5.59.149.94
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59119
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;5.59.149.94.			IN	A

;; AUTHORITY SECTION:
.			2729	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019091003 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Sep 11 08:05:04 CST 2019
;; MSG SIZE  rcvd: 115

Host info

Host 94.149.59.5.in-addr.arpa not found: 2(SERVFAIL)

Nslookup info:

;; Got SERVFAIL reply from 67.207.67.2, trying next server
Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 94.149.59.5.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
51.75.18.215	attackspam	$f2bV_matches	2019-11-05 06:32:41
66.240.205.34	attack	" "	2019-11-05 06:56:16
222.186.175.217	attackspam	Nov 4 23:51:05 ks10 sshd[14409]: Failed password for root from 222.186.175.217 port 65090 ssh2 Nov 4 23:51:09 ks10 sshd[14409]: Failed password for root from 222.186.175.217 port 65090 ssh2 ...	2019-11-05 06:53:10
201.209.184.192	attack	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/201.209.184.192/ VE - 1H : (35) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : VE NAME ASN : ASN8048 IP : 201.209.184.192 CIDR : 201.209.160.0/19 PREFIX COUNT : 467 UNIQUE IP COUNT : 2731520 ATTACKS DETECTED ASN8048 : 1H - 3 3H - 6 6H - 9 12H - 14 24H - 32 DateTime : 2019-11-04 15:25:52 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-11-05 06:34:46
78.149.212.3	attack	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/78.149.212.3/ GB - 1H : (86) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : GB NAME ASN : ASN13285 IP : 78.149.212.3 CIDR : 78.148.0.0/14 PREFIX COUNT : 35 UNIQUE IP COUNT : 3565824 ATTACKS DETECTED ASN13285 : 1H - 1 3H - 1 6H - 1 12H - 10 24H - 16 DateTime : 2019-11-04 15:25:44 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-11-05 06:38:59
140.143.142.190	attack	Lines containing failures of 140.143.142.190 (max 1000) Nov 4 00:22:35 localhost sshd[2651]: Invalid user mythtv from 140.143.142.190 port 38292 Nov 4 00:22:35 localhost sshd[2651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.142.190 Nov 4 00:22:37 localhost sshd[2651]: Failed password for invalid user mythtv from 140.143.142.190 port 38292 ssh2 Nov 4 00:22:37 localhost sshd[2651]: Received disconnect from 140.143.142.190 port 38292:11: Bye Bye [preauth] Nov 4 00:22:37 localhost sshd[2651]: Disconnected from invalid user mythtv 140.143.142.190 port 38292 [preauth] Nov 4 00:37:24 localhost sshd[3443]: User r.r from 140.143.142.190 not allowed because listed in DenyUsers Nov 4 00:37:24 localhost sshd[3443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.142.190 user=r.r Nov 4 00:37:26 localhost sshd[3443]: Failed password for invalid user r.r from 140.143.142.190 ........ ------------------------------	2019-11-05 06:37:17
83.15.183.137	attackspambots	Nov 4 23:41:35 host sshd[23519]: Invalid user wo from 83.15.183.137 port 51174 ...	2019-11-05 07:04:49
27.193.20.16	attackspam	Unauthorised access (Nov 5) SRC=27.193.20.16 LEN=40 TTL=49 ID=64770 TCP DPT=8080 WINDOW=55568 SYN Unauthorised access (Nov 4) SRC=27.193.20.16 LEN=40 TTL=49 ID=3895 TCP DPT=8080 WINDOW=42088 SYN Unauthorised access (Nov 4) SRC=27.193.20.16 LEN=40 TTL=49 ID=44210 TCP DPT=8080 WINDOW=42088 SYN	2019-11-05 07:06:59
45.143.221.16	attackspam	11/04/2019-17:41:58.926568 45.143.221.16 Protocol: 17 ET SCAN Sipvicious Scan	2019-11-05 06:46:45
101.36.152.13	attackbots	Lines containing failures of 101.36.152.13 Nov 4 21:55:44 jarvis sshd[11261]: Invalid user zahore from 101.36.152.13 port 36434 Nov 4 21:55:44 jarvis sshd[11261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.152.13 Nov 4 21:55:46 jarvis sshd[11261]: Failed password for invalid user zahore from 101.36.152.13 port 36434 ssh2 Nov 4 21:55:48 jarvis sshd[11261]: Received disconnect from 101.36.152.13 port 36434:11: Bye Bye [preauth] Nov 4 21:55:48 jarvis sshd[11261]: Disconnected from invalid user zahore 101.36.152.13 port 36434 [preauth] Nov 4 22:08:50 jarvis sshd[14084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.36.152.13 user=r.r Nov 4 22:08:52 jarvis sshd[14084]: Failed password for r.r from 101.36.152.13 port 51558 ssh2 Nov 4 22:08:54 jarvis sshd[14084]: Received disconnect from 101.36.152.13 port 51558:11: Bye Bye [preauth] Nov 4 22:08:54 jarvis sshd[14084]: Di........ ------------------------------	2019-11-05 06:51:52
54.38.184.10	attack	Nov 4 23:41:35 v22018076622670303 sshd\[7121\]: Invalid user 123456 from 54.38.184.10 port 53234 Nov 4 23:41:35 v22018076622670303 sshd\[7121\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.184.10 Nov 4 23:41:37 v22018076622670303 sshd\[7121\]: Failed password for invalid user 123456 from 54.38.184.10 port 53234 ssh2 ...	2019-11-05 07:03:35
121.141.5.199	attackbots	Nov 5 03:41:40 gw1 sshd[8937]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.141.5.199 Nov 5 03:41:42 gw1 sshd[8937]: Failed password for invalid user usuario from 121.141.5.199 port 52756 ssh2 ...	2019-11-05 07:00:50
106.13.125.159	attack	Nov 4 17:54:39 ny01 sshd[15932]: Failed password for root from 106.13.125.159 port 55476 ssh2 Nov 4 17:59:10 ny01 sshd[16912]: Failed password for root from 106.13.125.159 port 36350 ssh2	2019-11-05 07:08:12
94.96.145.99	attackspambots	Automatic report - Port Scan Attack	2019-11-05 06:50:53
14.231.201.16	attackbotsspam	Received: from mail.bnpb.go.id (14.231.201.16) by HQEXSV01.bnpb.go.id (192.168.253.252) with Microsoft SMTP Server (TLS) id 15.0.847.32; Mon, 4 Nov 2019 08:29:07 +0700 From: rosstefano29 <rifai@bnpb.go.id> To: [...] Subject: Fw:Mi auguro che stia avendo una meravigliosa giornata Thread-Topic: Fw:Mi auguro che stia avendo una meravigliosa giornata Thread-Index: AQHVkq9JXUsuy80aNka1yH/VL93LWQ== X-MS-Exchange-MessageSentRepresentingType: 1 Date: Mon, 4 Nov 2019 02:31:22 +0100 Message-ID: <8295ebb9-101f-4b32-b6ff-44914f4b36cd@bnpb.go.id>	2019-11-05 06:44:37

Recently Reported IPs

38.104.82.140	123.20.136.135	124.236.120.58	195.9.187.114
182.61.182.193	118.169.244.139	77.245.149.11	128.199.175.6
95.210.2.65	45.187.146.96	86.241.222.217	112.21.50.98
27.39.142.168	78.189.10.71	197.133.191.177	119.123.101.254
52.186.168.121	192.99.244.145	118.169.242.149	45.180.192.157