93.118.104.149

Basic Info

City: Tehran

Region: Ostan-e Tehran

Country: Iran

Internet Service Provider: Telecommunication Company of Tehran

Hostname: unknown

Organization: Information Technology Company (ITC)

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	SpamReport	2019-11-05 15:07:52
attackspam	postfix (unknown user, SPF fail or relay access denied)	2019-09-17 04:51:05
attackspambots	Jun 19 12:07:07 our-server-hostname postfix/smtpd[5618]: connect from unknown[93.118.104.149] Jun x@x Jun 19 12:07:10 our-server-hostname postfix/smtpd[5618]: lost connection after RCPT from unknown[93.118.104.149] Jun 19 12:07:10 our-server-hostname postfix/smtpd[5618]: disconnect from unknown[93.118.104.149] Jun 19 12:39:24 our-server-hostname postfix/smtpd[16176]: connect from unknown[93.118.104.149] Jun x@x Jun x@x Jun x@x Jun 19 12:39:29 our-server-hostname postfix/smtpd[16176]: lost connection after RCPT from unknown[93.118.104.149] Jun 19 12:39:29 our-server-hostname postfix/smtpd[16176]: disconnect from unknown[93.118.104.149] Jun 19 12:52:13 our-server-hostname postfix/smtpd[24174]: connect from unknown[93.118.104.149] Jun 19 12:52:17 our-server-hostname postfix/smtpd[24044]: connect from unknown[93.118.104.149] Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun 19 12:52:30 our-server-hostname postfix/smtpd[24174]: lost connecti........ -------------------------------	2019-06-23 07:54:16
attack	Jun 19 12:07:07 our-server-hostname postfix/smtpd[5618]: connect from unknown[93.118.104.149] Jun x@x Jun 19 12:07:10 our-server-hostname postfix/smtpd[5618]: lost connection after RCPT from unknown[93.118.104.149] Jun 19 12:07:10 our-server-hostname postfix/smtpd[5618]: disconnect from unknown[93.118.104.149] Jun 19 12:39:24 our-server-hostname postfix/smtpd[16176]: connect from unknown[93.118.104.149] Jun x@x Jun x@x Jun x@x Jun 19 12:39:29 our-server-hostname postfix/smtpd[16176]: lost connection after RCPT from unknown[93.118.104.149] Jun 19 12:39:29 our-server-hostname postfix/smtpd[16176]: disconnect from unknown[93.118.104.149] Jun 19 12:52:13 our-server-hostname postfix/smtpd[24174]: connect from unknown[93.118.104.149] Jun 19 12:52:17 our-server-hostname postfix/smtpd[24044]: connect from unknown[93.118.104.149] Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun 19 12:52:30 our-server-hostname postfix/smtpd[24174]: lost connecti........ -------------------------------	2019-06-22 17:56:24

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 93.118.104.149
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64362
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;93.118.104.149.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019061901 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu Jun 20 15:41:26 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 149.104.118.93.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 149.104.118.93.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
51.38.238.87	attackbots	Dec 22 19:10:11 plusreed sshd[25505]: Invalid user admin from 51.38.238.87 ...	2019-12-23 08:21:32
23.95.97.100	attackbotsspam	(From eric@talkwithcustomer.com) Hey, You have a website roscoechiro.com, right? Of course you do. I am looking at your website now. It gets traffic every day – that you’re probably spending $2 / $4 / $10 or more a click to get. Not including all of the work you put into creating social media, videos, blog posts, emails, and so on. So you’re investing seriously in getting people to that site. But how’s it working? Great? Okay? Not so much? If that answer could be better, then it’s likely you’re putting a lot of time, effort, and money into an approach that’s not paying off like it should. Now… imagine doubling your lead conversion in just minutes… In fact, I’ll go even better. You could actually get up to 100X more conversions! I’m not making this up. As Chris Smith, best-selling author of The Conversion Code says: Speed is essential - there is a 100x decrease in Leads when a Lead is contacted within 14 minutes vs being contacted within 5 minutes. He’s backed up by a stud	2019-12-23 08:25:27
154.70.208.66	attackbotsspam	Dec 23 01:11:36 OPSO sshd\[5093\]: Invalid user bonatti from 154.70.208.66 port 54274 Dec 23 01:11:36 OPSO sshd\[5093\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.70.208.66 Dec 23 01:11:37 OPSO sshd\[5093\]: Failed password for invalid user bonatti from 154.70.208.66 port 54274 ssh2 Dec 23 01:18:58 OPSO sshd\[6440\]: Invalid user elsener from 154.70.208.66 port 59154 Dec 23 01:18:58 OPSO sshd\[6440\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.70.208.66	2019-12-23 08:26:20
120.131.13.186	attackspam	Dec 22 19:19:51 linuxvps sshd\[6636\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.131.13.186 user=root Dec 22 19:19:53 linuxvps sshd\[6636\]: Failed password for root from 120.131.13.186 port 3536 ssh2 Dec 22 19:24:53 linuxvps sshd\[10074\]: Invalid user 8ikm from 120.131.13.186 Dec 22 19:24:53 linuxvps sshd\[10074\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.131.13.186 Dec 22 19:24:55 linuxvps sshd\[10074\]: Failed password for invalid user 8ikm from 120.131.13.186 port 54672 ssh2	2019-12-23 08:31:19
182.61.182.50	attackspam	Dec 23 01:37:25 dev0-dcde-rnet sshd[28405]: Failed password for root from 182.61.182.50 port 38948 ssh2 Dec 23 01:43:20 dev0-dcde-rnet sshd[28474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.61.182.50 Dec 23 01:43:21 dev0-dcde-rnet sshd[28474]: Failed password for invalid user villepinte from 182.61.182.50 port 43368 ssh2	2019-12-23 08:49:26
85.166.155.28	attackbots	Dec 23 01:38:16 meumeu sshd[10049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.166.155.28 Dec 23 01:38:18 meumeu sshd[10049]: Failed password for invalid user server from 85.166.155.28 port 39972 ssh2 Dec 23 01:43:45 meumeu sshd[10870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.166.155.28 ...	2019-12-23 08:48:27
167.114.103.140	attack	2019-12-23T00:03:12.605617centos sshd\[26049\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=motionary.3vgeomatics.com user=root 2019-12-23T00:03:16.130324centos sshd\[26049\]: Failed password for root from 167.114.103.140 port 38218 ssh2 2019-12-23T00:10:17.405395centos sshd\[26280\]: Invalid user ancuta from 167.114.103.140 port 53318	2019-12-23 08:43:33
5.83.7.23	attack	Dec 23 00:01:45 srv01 sshd[9722]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.83.7.23 user=backup Dec 23 00:01:46 srv01 sshd[9722]: Failed password for backup from 5.83.7.23 port 39148 ssh2 Dec 23 00:07:04 srv01 sshd[10711]: Invalid user giulietta from 5.83.7.23 port 41438 Dec 23 00:07:04 srv01 sshd[10711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.83.7.23 Dec 23 00:07:04 srv01 sshd[10711]: Invalid user giulietta from 5.83.7.23 port 41438 Dec 23 00:07:06 srv01 sshd[10711]: Failed password for invalid user giulietta from 5.83.7.23 port 41438 ssh2 ...	2019-12-23 08:24:21
222.186.180.8	attackbots	sshd jail - ssh hack attempt	2019-12-23 08:20:56
81.22.45.85	attackbots	2019-12-23T01:17:14.131661+01:00 lumpi kernel: [2350159.553934] INPUT:DROP:SPAMHAUS_EDROP:IN=eth0 OUT= MAC=52:54:a2:01:a5:04:d2:74:7f:6e:37:e3:08:00 SRC=81.22.45.85 DST=78.46.199.189 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=26757 PROTO=TCP SPT=55301 DPT=3309 WINDOW=1024 RES=0x00 SYN URGP=0 ...	2019-12-23 08:23:57
94.102.56.181	attack	Port scan detected on ports: 5523[TCP], 5520[TCP], 5522[TCP]	2019-12-23 08:48:08
120.76.114.201	attackspambots	php WP PHPmyadamin ABUSE blocked for 12h	2019-12-23 08:49:57
61.190.171.144	attackbotsspam	Dec 22 15:09:21 mockhub sshd[21333]: Failed password for root from 61.190.171.144 port 2450 ssh2 Dec 22 15:15:20 mockhub sshd[21518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.190.171.144 ...	2019-12-23 08:17:15
51.75.18.212	attackspambots	Dec 23 01:29:34 SilenceServices sshd[22397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.18.212 Dec 23 01:29:35 SilenceServices sshd[22397]: Failed password for invalid user http from 51.75.18.212 port 57586 ssh2 Dec 23 01:34:13 SilenceServices sshd[23633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.18.212	2019-12-23 08:36:57
14.215.129.156	attackbotsspam	12/22/2019-17:51:31.173193 14.215.129.156 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-12-23 08:21:11

Recently Reported IPs

156.155.160.134	60.187.162.37	159.100.190.79	23.57.191.192
36.199.101.60	163.15.245.204	94.244.162.112	123.130.132.60
113.120.96.180	219.214.20.114	154.16.144.89	94.23.35.54
45.67.14.194	114.5.70.243	187.177.77.80	138.167.139.147
93.30.181.108	85.34.254.166	62.98.43.128	161.119.247.8