109.164.4.2 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Czech Republic

Internet Service Provider: SITKOM spol. s r.o.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	failed_logins	2020-07-07 17:47:13
attackbots	May 13 14:17:27 mail.srvfarm.net postfix/smtps/smtpd[553478]: warning: unknown[109.164.4.2]: SASL PLAIN authentication failed: May 13 14:17:27 mail.srvfarm.net postfix/smtps/smtpd[553478]: lost connection after AUTH from unknown[109.164.4.2] May 13 14:20:50 mail.srvfarm.net postfix/smtpd[556767]: warning: unknown[109.164.4.2]: SASL PLAIN authentication failed: May 13 14:20:50 mail.srvfarm.net postfix/smtpd[556767]: lost connection after AUTH from unknown[109.164.4.2] May 13 14:24:22 mail.srvfarm.net postfix/smtps/smtpd[553527]: warning: unknown[109.164.4.2]: SASL PLAIN authentication failed:	2020-05-14 02:49:57

Type

Details

Datetime

attackbots

failed_logins

2020-07-07 17:47:13

attackbots

May 13 14:17:27 mail.srvfarm.net postfix/smtps/smtpd[553478]: warning: unknown[109.164.4.2]: SASL PLAIN authentication failed: 
May 13 14:17:27 mail.srvfarm.net postfix/smtps/smtpd[553478]: lost connection after AUTH from unknown[109.164.4.2]
May 13 14:20:50 mail.srvfarm.net postfix/smtpd[556767]: warning: unknown[109.164.4.2]: SASL PLAIN authentication failed: 
May 13 14:20:50 mail.srvfarm.net postfix/smtpd[556767]: lost connection after AUTH from unknown[109.164.4.2]
May 13 14:24:22 mail.srvfarm.net postfix/smtps/smtpd[553527]: warning: unknown[109.164.4.2]: SASL PLAIN authentication failed:

2020-05-14 02:49:57

Comments on same subnet:

IP	Type	Details	Datetime
109.164.4.225	attack	Oct 1 06:39:40 mail.srvfarm.net postfix/smtpd[3729985]: warning: unknown[109.164.4.225]: SASL PLAIN authentication failed: Oct 1 06:39:40 mail.srvfarm.net postfix/smtpd[3729985]: lost connection after AUTH from unknown[109.164.4.225] Oct 1 06:45:56 mail.srvfarm.net postfix/smtps/smtpd[3723925]: warning: unknown[109.164.4.225]: SASL PLAIN authentication failed: Oct 1 06:45:56 mail.srvfarm.net postfix/smtps/smtpd[3723925]: lost connection after AUTH from unknown[109.164.4.225] Oct 1 06:49:19 mail.srvfarm.net postfix/smtps/smtpd[3729482]: warning: unknown[109.164.4.225]: SASL PLAIN authentication failed:	2020-10-02 01:24:00
109.164.4.225	attackbotsspam	Oct 1 06:39:40 mail.srvfarm.net postfix/smtpd[3729985]: warning: unknown[109.164.4.225]: SASL PLAIN authentication failed: Oct 1 06:39:40 mail.srvfarm.net postfix/smtpd[3729985]: lost connection after AUTH from unknown[109.164.4.225] Oct 1 06:45:56 mail.srvfarm.net postfix/smtps/smtpd[3723925]: warning: unknown[109.164.4.225]: SASL PLAIN authentication failed: Oct 1 06:45:56 mail.srvfarm.net postfix/smtps/smtpd[3723925]: lost connection after AUTH from unknown[109.164.4.225] Oct 1 06:49:19 mail.srvfarm.net postfix/smtps/smtpd[3729482]: warning: unknown[109.164.4.225]: SASL PLAIN authentication failed:	2020-10-01 17:30:05
109.164.4.225	attackbotsspam	Aug 7 07:03:03 mailman postfix/smtpd[19854]: warning: unknown[109.164.4.225]: SASL PLAIN authentication failed: authentication failure	2020-08-08 01:33:55
109.164.4.225	attackspambots	SASL PLAIN auth failed: ruser=...	2020-07-16 09:12:36

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 109.164.4.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23366
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;109.164.4.2.			IN	A

;; AUTHORITY SECTION:
.			170	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020051301 1800 900 604800 86400

;; Query time: 179 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu May 14 02:49:53 CST 2020
;; MSG SIZE  rcvd: 115

Host info

2.4.164.109.in-addr.arpa domain name pointer 2-4-164-109.cust.sitkom.cz.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
2.4.164.109.in-addr.arpa	name = 2-4-164-109.cust.sitkom.cz.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
222.186.175.154	attackspambots	Dec 6 00:15:28 dcd-gentoo sshd[1714]: User root from 222.186.175.154 not allowed because none of user's groups are listed in AllowGroups Dec 6 00:15:31 dcd-gentoo sshd[1714]: error: PAM: Authentication failure for illegal user root from 222.186.175.154 Dec 6 00:15:28 dcd-gentoo sshd[1714]: User root from 222.186.175.154 not allowed because none of user's groups are listed in AllowGroups Dec 6 00:15:31 dcd-gentoo sshd[1714]: error: PAM: Authentication failure for illegal user root from 222.186.175.154 Dec 6 00:15:28 dcd-gentoo sshd[1714]: User root from 222.186.175.154 not allowed because none of user's groups are listed in AllowGroups Dec 6 00:15:31 dcd-gentoo sshd[1714]: error: PAM: Authentication failure for illegal user root from 222.186.175.154 Dec 6 00:15:31 dcd-gentoo sshd[1714]: Failed keyboard-interactive/pam for invalid user root from 222.186.175.154 port 53400 ssh2 ...	2019-12-06 07:17:34
175.158.50.19	attack	[ssh] SSH attack	2019-12-06 07:45:34
104.248.40.175	attackbotsspam	WP_xmlrpc_attack	2019-12-06 07:28:09
106.13.87.145	attackspambots	Dec 5 18:23:32 plusreed sshd[4855]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.87.145 user=root Dec 5 18:23:35 plusreed sshd[4855]: Failed password for root from 106.13.87.145 port 53506 ssh2 ...	2019-12-06 07:28:51
209.17.96.218	attackbotsspam	Unauthorized connection attempt from IP address 209.17.96.218 on Port 137(NETBIOS)	2019-12-06 07:48:24
5.196.225.45	attackbotsspam	Dec 5 23:46:53 mail sshd[16014]: Failed password for root from 5.196.225.45 port 44648 ssh2 Dec 5 23:52:03 mail sshd[17094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.196.225.45 Dec 5 23:52:05 mail sshd[17094]: Failed password for invalid user com from 5.196.225.45 port 54880 ssh2	2019-12-06 07:16:59
188.254.0.183	attack	Dec 6 00:47:21 nextcloud sshd\[25935\]: Invalid user shamita from 188.254.0.183 Dec 6 00:47:21 nextcloud sshd\[25935\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.254.0.183 Dec 6 00:47:23 nextcloud sshd\[25935\]: Failed password for invalid user shamita from 188.254.0.183 port 59166 ssh2 ...	2019-12-06 07:49:59
45.250.40.230	attackspam	Dec 5 13:23:33 php1 sshd\[20924\]: Invalid user amnoi from 45.250.40.230 Dec 5 13:23:33 php1 sshd\[20924\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.250.40.230 Dec 5 13:23:35 php1 sshd\[20924\]: Failed password for invalid user amnoi from 45.250.40.230 port 44542 ssh2 Dec 5 13:30:04 php1 sshd\[21569\]: Invalid user audie from 45.250.40.230 Dec 5 13:30:04 php1 sshd\[21569\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.250.40.230	2019-12-06 07:37:33
118.69.32.167	attack	Dec 6 00:23:56 ArkNodeAT sshd\[5315\]: Invalid user user1 from 118.69.32.167 Dec 6 00:23:56 ArkNodeAT sshd\[5315\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.69.32.167 Dec 6 00:23:59 ArkNodeAT sshd\[5315\]: Failed password for invalid user user1 from 118.69.32.167 port 37792 ssh2	2019-12-06 07:24:57
114.237.154.33	attackbots	Brute force SMTP login attempts.	2019-12-06 07:14:07
103.57.123.1	attack	20 attempts against mh-ssh on echoip.magehost.pro	2019-12-06 07:23:14
178.128.13.87	attack	Dec 5 23:54:49 OPSO sshd\[9152\]: Invalid user swearer from 178.128.13.87 port 35676 Dec 5 23:54:49 OPSO sshd\[9152\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.13.87 Dec 5 23:54:51 OPSO sshd\[9152\]: Failed password for invalid user swearer from 178.128.13.87 port 35676 ssh2 Dec 6 00:00:02 OPSO sshd\[10452\]: Invalid user kidston from 178.128.13.87 port 45620 Dec 6 00:00:02 OPSO sshd\[10452\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.13.87	2019-12-06 07:15:45
81.22.45.250	attackbots	Dec 5 23:58:39 mc1 kernel: \[6872918.036101\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=81.22.45.250 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=60854 PROTO=TCP SPT=51648 DPT=5830 WINDOW=1024 RES=0x00 SYN URGP=0 Dec 6 00:01:51 mc1 kernel: \[6873110.550457\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=81.22.45.250 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=13802 PROTO=TCP SPT=51648 DPT=61441 WINDOW=1024 RES=0x00 SYN URGP=0 Dec 6 00:06:41 mc1 kernel: \[6873399.900698\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=81.22.45.250 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=8487 PROTO=TCP SPT=51648 DPT=7452 WINDOW=1024 RES=0x00 SYN URGP=0 ...	2019-12-06 07:10:23
188.166.87.238	attack	Dec 5 22:01:49 MK-Soft-Root2 sshd[25927]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.87.238 Dec 5 22:01:52 MK-Soft-Root2 sshd[25927]: Failed password for invalid user bud2191 from 188.166.87.238 port 51480 ssh2 ...	2019-12-06 07:40:15
129.226.122.195	attackbotsspam	[ssh] SSH attack	2019-12-06 07:35:01

Recently Reported IPs

52.255.142.30	178.79.32.15	170.130.69.188	78.188.168.64
90.53.122.154	187.240.206.174	215.239.112.43	90.189.229.9
142.93.124.210	45.66.208.247	78.189.190.149	171.246.211.113
18.215.254.243	106.53.8.137	179.189.19.133	69.167.40.150
150.107.242.91	8.238.23.126	106.74.36.68	86.74.26.166