131.72.220.134

Basic Info

City: unknown

Region: unknown

Country: Brazil

Internet Service Provider: Sec. de Estado de Plan. e Orcamento do DF

Hostname: unknown

Organization: unknown

Usage Type: Government

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-09-10 18:02:29,314 INFO [amun_request_handler] PortScan Detected on Port: 445 (131.72.220.134)	2019-09-11 08:56:30

Comments on same subnet:

IP	Type	Details	Datetime
131.72.220.153	attack	Unauthorized connection attempt from IP address 131.72.220.153 on Port 445(SMB)	2019-10-30 05:17:21

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 131.72.220.134
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51503
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;131.72.220.134.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019091003 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Sep 11 08:56:23 CST 2019
;; MSG SIZE  rcvd: 118

Host info

134.220.72.131.in-addr.arpa domain name pointer 131.72.220.134-gdfnet.df.gov.br.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
134.220.72.131.in-addr.arpa	name = 131.72.220.134-gdfnet.df.gov.br.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
201.163.176.203	attackbots	Unauthorised access (Sep 13) SRC=201.163.176.203 LEN=40 TTL=240 ID=62211 TCP DPT=139 WINDOW=1024 SYN Unauthorised access (Sep 11) SRC=201.163.176.203 LEN=40 TTL=240 ID=62768 TCP DPT=139 WINDOW=1024 SYN	2019-09-13 20:25:42
74.80.21.44	attack	Unauthorized connection attempt from IP address 74.80.21.44 on Port 445(SMB)	2019-09-13 20:18:47
112.85.42.237	attackbots	2019-09-13T12:22:40.725167abusebot-2.cloudsearch.cf sshd\[8138\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.237 user=root	2019-09-13 20:39:57
193.200.164.208	attackspambots	uneducated dickhead alert @ 193.200.164.208	2019-09-13 20:24:25
193.242.195.222	attack	Unauthorized connection attempt from IP address 193.242.195.222 on Port 445(SMB)	2019-09-13 20:44:00
185.211.245.170	attack	Sep 13 14:09:06 relay postfix/smtpd\[20142\]: warning: unknown\[185.211.245.170\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 13 14:21:59 relay postfix/smtpd\[20141\]: warning: unknown\[185.211.245.170\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 13 14:22:10 relay postfix/smtpd\[20814\]: warning: unknown\[185.211.245.170\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 13 14:25:02 relay postfix/smtpd\[20142\]: warning: unknown\[185.211.245.170\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 13 14:25:12 relay postfix/smtpd\[20141\]: warning: unknown\[185.211.245.170\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2019-09-13 20:33:13
165.22.189.61	attack	WordPress login Brute force / Web App Attack on client site.	2019-09-13 20:26:08
149.202.52.221	attackspambots	Sep 13 12:01:49 game-panel sshd[17644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.202.52.221 Sep 13 12:01:51 game-panel sshd[17644]: Failed password for invalid user dev from 149.202.52.221 port 43098 ssh2 Sep 13 12:05:37 game-panel sshd[17790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.202.52.221	2019-09-13 20:06:22
103.121.243.108	attackbotsspam	Attempts to probe for or exploit a Drupal 7.67 site on url: /wp-login.php. Reported by the module https://www.drupal.org/project/abuseipdb.	2019-09-13 20:43:17
138.68.247.1	attackspambots	Sep 13 01:33:03 aiointranet sshd\[19128\]: Invalid user cron from 138.68.247.1 Sep 13 01:33:03 aiointranet sshd\[19128\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.247.1 Sep 13 01:33:05 aiointranet sshd\[19128\]: Failed password for invalid user cron from 138.68.247.1 port 34684 ssh2 Sep 13 01:37:32 aiointranet sshd\[19499\]: Invalid user kuaisuweb from 138.68.247.1 Sep 13 01:37:32 aiointranet sshd\[19499\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.247.1	2019-09-13 20:45:37
167.71.13.164	attack	Port scan: Attack repeated for 24 hours	2019-09-13 20:00:31
137.74.119.50	attackspambots	Sep 13 02:20:36 tdfoods sshd\[22704\]: Invalid user teamspeak from 137.74.119.50 Sep 13 02:20:36 tdfoods sshd\[22704\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.ip-137-74-119.eu Sep 13 02:20:38 tdfoods sshd\[22704\]: Failed password for invalid user teamspeak from 137.74.119.50 port 49688 ssh2 Sep 13 02:24:44 tdfoods sshd\[23034\]: Invalid user servers from 137.74.119.50 Sep 13 02:24:44 tdfoods sshd\[23034\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.ip-137-74-119.eu	2019-09-13 20:28:52
58.233.175.12	attackspam	Sep 13 12:49:08 rdssrv1 sshd[19935]: Failed password for r.r from 58.233.175.12 port 39412 ssh2 Sep 13 12:49:10 rdssrv1 sshd[19935]: Failed password for r.r from 58.233.175.12 port 39412 ssh2 Sep 13 12:49:13 rdssrv1 sshd[19935]: Failed password for r.r from 58.233.175.12 port 39412 ssh2 Sep 13 12:49:15 rdssrv1 sshd[19935]: Failed password for r.r from 58.233.175.12 port 39412 ssh2 Sep 13 12:49:18 rdssrv1 sshd[19935]: Failed password for r.r from 58.233.175.12 port 39412 ssh2 Sep 13 12:49:20 rdssrv1 sshd[19935]: Failed password for r.r from 58.233.175.12 port 39412 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=58.233.175.12	2019-09-13 20:37:57
115.84.112.98	attack	2019-09-13T11:50:01.902723abusebot-6.cloudsearch.cf sshd\[26512\]: Invalid user git from 115.84.112.98 port 33604	2019-09-13 19:55:57
37.79.254.216	attackbotsspam	Sep 13 08:28:19 TORMINT sshd\[21154\]: Invalid user myftp from 37.79.254.216 Sep 13 08:28:19 TORMINT sshd\[21154\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.79.254.216 Sep 13 08:28:21 TORMINT sshd\[21154\]: Failed password for invalid user myftp from 37.79.254.216 port 53522 ssh2 ...	2019-09-13 20:38:45

Recently Reported IPs

56.4.109.9	253.126.78.119	52.217.194.11	11.46.11.98
23.143.134.205	46.34.106.127	86.254.42.5	195.42.18.51
146.175.151.240	182.92.89.197	221.25.167.22	241.104.208.158
10.92.254.95	228.4.227.37	35.168.147.94	255.134.203.132
201.1.87.237	20.36.96.70	124.64.116.189	118.169.241.2