66.85.133.144 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Namecheap Inc.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	SIPVicious Scanner Detection, PTR: nc-ph-0421-14.web-hosting.com.	2019-11-06 21:40:37
attackspam	ET SCAN Sipvicious Scan - port: 5060 proto: UDP cat: Attempted Information Leak	2019-11-01 03:19:29

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 66.85.133.144
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23495
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;66.85.133.144.			IN	A

;; AUTHORITY SECTION:
.			299	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019102801 1800 900 604800 86400

;; Query time: 59 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Oct 29 13:30:48 CST 2019
;; MSG SIZE  rcvd: 117

Host info

144.133.85.66.in-addr.arpa is an alias for 144.128-25.133.85.66.in-addr.arpa.
144.128-25.133.85.66.in-addr.arpa domain name pointer nc-ph-0421-14.web-hosting.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
144.133.85.66.in-addr.arpa	canonical name = 144.128-25.133.85.66.in-addr.arpa.
144.128-25.133.85.66.in-addr.arpa	name = nc-ph-0421-14.web-hosting.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
51.15.110.205	attack	20/4/9@04:03:04: FAIL: Alarm-SSH address from=51.15.110.205 ...	2020-04-09 17:00:13
218.92.0.179	attackbots	Apr 9 10:09:08 srv01 sshd[12446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179 user=root Apr 9 10:09:10 srv01 sshd[12446]: Failed password for root from 218.92.0.179 port 32138 ssh2 Apr 9 10:09:13 srv01 sshd[12446]: Failed password for root from 218.92.0.179 port 32138 ssh2 Apr 9 10:09:08 srv01 sshd[12446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179 user=root Apr 9 10:09:10 srv01 sshd[12446]: Failed password for root from 218.92.0.179 port 32138 ssh2 Apr 9 10:09:13 srv01 sshd[12446]: Failed password for root from 218.92.0.179 port 32138 ssh2 Apr 9 10:09:08 srv01 sshd[12446]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.179 user=root Apr 9 10:09:10 srv01 sshd[12446]: Failed password for root from 218.92.0.179 port 32138 ssh2 Apr 9 10:09:13 srv01 sshd[12446]: Failed password for root from 218.92.0.179 port 32138 ...	2020-04-09 16:15:41
92.63.194.59	attackspambots	2020-04-09T08:18:57.956497shield sshd\[21341\]: Invalid user admin from 92.63.194.59 port 35695 2020-04-09T08:18:57.960351shield sshd\[21341\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.63.194.59 2020-04-09T08:18:59.734942shield sshd\[21341\]: Failed password for invalid user admin from 92.63.194.59 port 35695 ssh2 2020-04-09T08:20:02.230618shield sshd\[21639\]: Invalid user admin from 92.63.194.59 port 46365 2020-04-09T08:20:02.234569shield sshd\[21639\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.63.194.59	2020-04-09 16:39:20
88.157.229.58	attack	$lgm	2020-04-09 16:35:48
212.237.28.69	attackbots	Apr 9 07:33:48 ovpn sshd\[11552\]: Invalid user as-hadoop from 212.237.28.69 Apr 9 07:33:48 ovpn sshd\[11552\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.237.28.69 Apr 9 07:33:50 ovpn sshd\[11552\]: Failed password for invalid user as-hadoop from 212.237.28.69 port 40002 ssh2 Apr 9 07:40:51 ovpn sshd\[13339\]: Invalid user nexus from 212.237.28.69 Apr 9 07:40:51 ovpn sshd\[13339\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.237.28.69	2020-04-09 16:52:50
173.245.239.21	attackspam	Dovecot Invalid User Login Attempt.	2020-04-09 16:20:36
49.247.131.96	attackspambots	Apr 9 04:26:46 ws12vmsma01 sshd[45165]: Failed password for invalid user ubuntu from 49.247.131.96 port 47298 ssh2 Apr 9 04:35:39 ws12vmsma01 sshd[46544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.131.96 user=postgres Apr 9 04:35:41 ws12vmsma01 sshd[46544]: Failed password for postgres from 49.247.131.96 port 49820 ssh2 ...	2020-04-09 16:43:58
94.176.189.139	attack	SpamScore above: 10.0	2020-04-09 17:01:10
80.92.100.202	attack	port scan and connect, tcp 23 (telnet)	2020-04-09 16:53:16
114.67.205.149	attackspam	Found by fail2ban	2020-04-09 16:28:46
190.153.27.98	attackbots	Apr 9 07:26:56 [HOSTNAME] sshd[13655]: Invalid user austin from 190.153.27.98 port 52262 Apr 9 07:26:56 [HOSTNAME] sshd[13655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.153.27.98 Apr 9 07:26:58 [HOSTNAME] sshd[13655]: Failed password for invalid user austin from 190.153.27.98 port 52262 ssh2 ...	2020-04-09 16:37:24
178.154.200.152	attackbots	[Thu Apr 09 10:52:24.276498 2020] [:error] [pid 27481:tid 140306514646784] [client 178.154.200.152:47696] [client 178.154.200.152] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "Xo6b@BXKEb8KTontI2veggAAAkk"] ...	2020-04-09 16:29:23
190.196.64.93	attackbotsspam	2020-04-09T06:59:25.182905abusebot-2.cloudsearch.cf sshd[31223]: Invalid user deploy from 190.196.64.93 port 43548 2020-04-09T06:59:25.189211abusebot-2.cloudsearch.cf sshd[31223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.196.64.93 2020-04-09T06:59:25.182905abusebot-2.cloudsearch.cf sshd[31223]: Invalid user deploy from 190.196.64.93 port 43548 2020-04-09T06:59:26.853418abusebot-2.cloudsearch.cf sshd[31223]: Failed password for invalid user deploy from 190.196.64.93 port 43548 ssh2 2020-04-09T07:04:59.778783abusebot-2.cloudsearch.cf sshd[31563]: Invalid user ubuntu from 190.196.64.93 port 52348 2020-04-09T07:04:59.785485abusebot-2.cloudsearch.cf sshd[31563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.196.64.93 2020-04-09T07:04:59.778783abusebot-2.cloudsearch.cf sshd[31563]: Invalid user ubuntu from 190.196.64.93 port 52348 2020-04-09T07:05:01.635433abusebot-2.cloudsearch.cf sshd[31563]: F ...	2020-04-09 16:47:13
200.252.68.34	attackbotsspam	Apr 9 15:19:44 f sshd\[30196\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.252.68.34 Apr 9 15:19:46 f sshd\[30196\]: Failed password for invalid user postgres from 200.252.68.34 port 59502 ssh2 Apr 9 15:30:27 f sshd\[30524\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.252.68.34 ...	2020-04-09 16:51:08
64.225.34.35	attack	k+ssh-bruteforce	2020-04-09 16:43:30

Recently Reported IPs

137.114.223.67	81.158.106.229	13.210.189.6	33.193.97.239
87.121.98.39	78.118.7.221	236.85.218.74	77.40.96.8
172.67.115.63	217.15.85.18	78.38.233.124	220.90.110.164
59.39.65.38	218.75.26.156	177.184.66.13	62.213.11.234
148.3.228.44	218.75.219.76	110.88.25.120	54.186.180.241