109.164.4.2 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Czech Republic

Internet Service Provider: SITKOM spol. s r.o.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	failed_logins	2020-07-07 17:47:13
attackbots	May 13 14:17:27 mail.srvfarm.net postfix/smtps/smtpd[553478]: warning: unknown[109.164.4.2]: SASL PLAIN authentication failed: May 13 14:17:27 mail.srvfarm.net postfix/smtps/smtpd[553478]: lost connection after AUTH from unknown[109.164.4.2] May 13 14:20:50 mail.srvfarm.net postfix/smtpd[556767]: warning: unknown[109.164.4.2]: SASL PLAIN authentication failed: May 13 14:20:50 mail.srvfarm.net postfix/smtpd[556767]: lost connection after AUTH from unknown[109.164.4.2] May 13 14:24:22 mail.srvfarm.net postfix/smtps/smtpd[553527]: warning: unknown[109.164.4.2]: SASL PLAIN authentication failed:	2020-05-14 02:49:57

Type

Details

Datetime

attackbots

failed_logins

2020-07-07 17:47:13

attackbots

May 13 14:17:27 mail.srvfarm.net postfix/smtps/smtpd[553478]: warning: unknown[109.164.4.2]: SASL PLAIN authentication failed: 
May 13 14:17:27 mail.srvfarm.net postfix/smtps/smtpd[553478]: lost connection after AUTH from unknown[109.164.4.2]
May 13 14:20:50 mail.srvfarm.net postfix/smtpd[556767]: warning: unknown[109.164.4.2]: SASL PLAIN authentication failed: 
May 13 14:20:50 mail.srvfarm.net postfix/smtpd[556767]: lost connection after AUTH from unknown[109.164.4.2]
May 13 14:24:22 mail.srvfarm.net postfix/smtps/smtpd[553527]: warning: unknown[109.164.4.2]: SASL PLAIN authentication failed:

2020-05-14 02:49:57

Comments on same subnet:

IP	Type	Details	Datetime
109.164.4.225	attack	Oct 1 06:39:40 mail.srvfarm.net postfix/smtpd[3729985]: warning: unknown[109.164.4.225]: SASL PLAIN authentication failed: Oct 1 06:39:40 mail.srvfarm.net postfix/smtpd[3729985]: lost connection after AUTH from unknown[109.164.4.225] Oct 1 06:45:56 mail.srvfarm.net postfix/smtps/smtpd[3723925]: warning: unknown[109.164.4.225]: SASL PLAIN authentication failed: Oct 1 06:45:56 mail.srvfarm.net postfix/smtps/smtpd[3723925]: lost connection after AUTH from unknown[109.164.4.225] Oct 1 06:49:19 mail.srvfarm.net postfix/smtps/smtpd[3729482]: warning: unknown[109.164.4.225]: SASL PLAIN authentication failed:	2020-10-02 01:24:00
109.164.4.225	attackbotsspam	Oct 1 06:39:40 mail.srvfarm.net postfix/smtpd[3729985]: warning: unknown[109.164.4.225]: SASL PLAIN authentication failed: Oct 1 06:39:40 mail.srvfarm.net postfix/smtpd[3729985]: lost connection after AUTH from unknown[109.164.4.225] Oct 1 06:45:56 mail.srvfarm.net postfix/smtps/smtpd[3723925]: warning: unknown[109.164.4.225]: SASL PLAIN authentication failed: Oct 1 06:45:56 mail.srvfarm.net postfix/smtps/smtpd[3723925]: lost connection after AUTH from unknown[109.164.4.225] Oct 1 06:49:19 mail.srvfarm.net postfix/smtps/smtpd[3729482]: warning: unknown[109.164.4.225]: SASL PLAIN authentication failed:	2020-10-01 17:30:05
109.164.4.225	attackbotsspam	Aug 7 07:03:03 mailman postfix/smtpd[19854]: warning: unknown[109.164.4.225]: SASL PLAIN authentication failed: authentication failure	2020-08-08 01:33:55
109.164.4.225	attackspambots	SASL PLAIN auth failed: ruser=...	2020-07-16 09:12:36

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 109.164.4.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23366
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;109.164.4.2.			IN	A

;; AUTHORITY SECTION:
.			170	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020051301 1800 900 604800 86400

;; Query time: 179 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu May 14 02:49:53 CST 2020
;; MSG SIZE  rcvd: 115

Host info

2.4.164.109.in-addr.arpa domain name pointer 2-4-164-109.cust.sitkom.cz.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
2.4.164.109.in-addr.arpa	name = 2-4-164-109.cust.sitkom.cz.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
36.72.151.69	attackspambots	SSHAttack	2019-10-15 06:46:34
180.249.116.70	attackbotsspam	Attempt to attack host OS, exploiting network vulnerabilities, on 14-10-2019 20:55:21.	2019-10-15 06:41:52
124.41.211.27	attackbotsspam	Invalid user ppp from 124.41.211.27 port 48364	2019-10-15 07:03:30
70.35.207.85	attack	WordPress login Brute force / Web App Attack on client site.	2019-10-15 06:34:48
138.36.209.77	attackspambots	Automatic report - Port Scan Attack	2019-10-15 06:39:26
12.189.126.59	attackbots	Oct 14 21:51:14 imap-login: Info: Disconnected \(auth failed, 1 attempts in 5 secs\): user=\, method=PLAIN, rip=12.189.126.59, lip=192.168.100.101, session=\\ Oct 14 21:51:21 imap-login: Info: Disconnected \(no auth attempts in 0 secs\): user=\<\>, rip=12.189.126.59, lip=192.168.100.101, session=\\ Oct 14 21:51:31 imap-login: Info: Disconnected \(auth failed, 1 attempts in 10 secs\): user=\, method=PLAIN, rip=12.189.126.59, lip=192.168.100.101, session=\\ Oct 14 21:51:53 imap-login: Info: Disconnected \(auth failed, 1 attempts in 4 secs\): user=\, method=PLAIN, rip=12.189.126.59, lip=192.168.100.101, session=\\ Oct 14 21:52:28 imap-login: Info: Disconnected \(auth failed, 1 attempts in 6 secs\): user=\, method=PLAIN, rip=12.189.126.59, lip=192.168.100.101, session=\\ Oct 14 21:52:37 imap-login: Info: Disconnected \(no auth atte	2019-10-15 06:53:08
104.248.175.232	attackbots	Invalid user skfur from 104.248.175.232 port 41104	2019-10-15 06:32:12
49.89.221.54	attackbotsspam	Port Scan detected from 49.89.221.54 (CN/China/54.221.89.49.broad.sz.js.dynamic.163data.com.cn). 4 hits in the last 221 seconds	2019-10-15 06:48:34
119.29.114.235	attackbotsspam	Oct 15 00:34:41 * sshd[30649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.29.114.235 Oct 15 00:34:43 * sshd[30649]: Failed password for invalid user swanson from 119.29.114.235 port 59470 ssh2	2019-10-15 06:44:40
27.210.143.2	attackbotsspam	Oct 14 22:48:46 dev0-dcde-rnet sshd[5721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.210.143.2 Oct 14 22:48:47 dev0-dcde-rnet sshd[5721]: Failed password for invalid user admin from 27.210.143.2 port 45601 ssh2 Oct 14 22:48:50 dev0-dcde-rnet sshd[5721]: Failed password for invalid user admin from 27.210.143.2 port 45601 ssh2 Oct 14 22:48:53 dev0-dcde-rnet sshd[5721]: Failed password for invalid user admin from 27.210.143.2 port 45601 ssh2	2019-10-15 07:02:34
64.150.183.27	attack	Brute force SMTP login attempts.	2019-10-15 06:54:42
46.61.176.86	attackbotsspam	Attempt to attack host OS, exploiting network vulnerabilities, on 14-10-2019 20:55:23.	2019-10-15 06:37:45
185.90.116.84	attackspam	10/14/2019-17:37:34.932542 185.90.116.84 Protocol: 6 ET SCAN Potential SSH Scan	2019-10-15 06:38:52
45.114.143.201	attackbotsspam	Oct 14 21:36:06 apollo sshd\[14297\]: Failed password for root from 45.114.143.201 port 46114 ssh2Oct 14 21:51:24 apollo sshd\[14370\]: Failed password for root from 45.114.143.201 port 37366 ssh2Oct 14 21:55:21 apollo sshd\[14385\]: Failed password for root from 45.114.143.201 port 48360 ssh2 ...	2019-10-15 06:41:15
101.226.168.96	attack	Port Scan detected from 101.226.168.96 (CN/China/-). 4 hits in the last 185 seconds	2019-10-15 06:55:30

Recently Reported IPs

52.255.142.30	178.79.32.15	170.130.69.188	78.188.168.64
90.53.122.154	187.240.206.174	215.239.112.43	90.189.229.9
142.93.124.210	45.66.208.247	78.189.190.149	171.246.211.113
18.215.254.243	106.53.8.137	179.189.19.133	69.167.40.150
150.107.242.91	8.238.23.126	106.74.36.68	86.74.26.166