164.160.91.34 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: South Africa

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
164.160.91.28	attackspambots	Automatic report - XMLRPC Attack	2020-02-10 02:59:54
164.160.91.23	attackbots	www.xn--netzfundstckderwoche-yec.de 164.160.91.23 [03/Jan/2020:05:48:12 +0100] "POST /wp-login.php HTTP/1.1" 200 6301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" www.xn--netzfundstckderwoche-yec.de 164.160.91.23 [03/Jan/2020:05:48:13 +0100] "POST /xmlrpc.php HTTP/1.1" 200 4062 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-01-03 17:07:57
164.160.91.12	attack	Automatic report - XMLRPC Attack	2019-10-29 23:32:44

Type

Details

Datetime

164.160.91.28

attackspambots

Automatic report - XMLRPC Attack

2020-02-10 02:59:54

164.160.91.23

attackbots

www.xn--netzfundstckderwoche-yec.de 164.160.91.23 [03/Jan/2020:05:48:12 +0100] "POST /wp-login.php HTTP/1.1" 200 6301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
www.xn--netzfundstckderwoche-yec.de 164.160.91.23 [03/Jan/2020:05:48:13 +0100] "POST /xmlrpc.php HTTP/1.1" 200 4062 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

2020-01-03 17:07:57

164.160.91.12

attack

Automatic report - XMLRPC Attack

2019-10-29 23:32:44

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 164.160.91.34
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24039
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;164.160.91.34.			IN	A

;; AUTHORITY SECTION:
.			177	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022021800 1800 900 604800 86400

;; Query time: 104 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Feb 18 14:45:16 CST 2022
;; MSG SIZE  rcvd: 106

Host info

34.91.160.164.in-addr.arpa domain name pointer rs41-jhb.za-dns.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
34.91.160.164.in-addr.arpa	name = rs41-jhb.za-dns.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
207.180.222.40	attack	Input Traffic from this IP, but critial abuseconfidencescore	2019-11-10 22:27:29
92.242.240.17	attackspam	Nov 10 13:33:09 v22018076622670303 sshd\[21417\]: Invalid user aaa from 92.242.240.17 port 41726 Nov 10 13:33:09 v22018076622670303 sshd\[21417\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.242.240.17 Nov 10 13:33:11 v22018076622670303 sshd\[21417\]: Failed password for invalid user aaa from 92.242.240.17 port 41726 ssh2 ...	2019-11-10 22:39:10
149.56.132.202	attackbotsspam	$f2bV_matches	2019-11-10 22:38:37
189.125.2.234	attackbotsspam	Nov 10 04:43:11 php1 sshd\[29947\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.125.2.234 user=root Nov 10 04:43:13 php1 sshd\[29947\]: Failed password for root from 189.125.2.234 port 39916 ssh2 Nov 10 04:47:09 php1 sshd\[30235\]: Invalid user wk from 189.125.2.234 Nov 10 04:47:09 php1 sshd\[30235\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.125.2.234 Nov 10 04:47:12 php1 sshd\[30235\]: Failed password for invalid user wk from 189.125.2.234 port 5134 ssh2	2019-11-10 23:00:06
91.207.40.44	attackbots	Nov 10 15:24:48 dedicated sshd[22222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.207.40.44 Nov 10 15:24:48 dedicated sshd[22222]: Invalid user test from 91.207.40.44 port 39322 Nov 10 15:24:50 dedicated sshd[22222]: Failed password for invalid user test from 91.207.40.44 port 39322 ssh2 Nov 10 15:29:02 dedicated sshd[22913]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.207.40.44 user=root Nov 10 15:29:05 dedicated sshd[22913]: Failed password for root from 91.207.40.44 port 49038 ssh2	2019-11-10 22:43:42
35.198.197.139	attack	xmlrpc attack	2019-11-10 22:33:10
68.183.31.138	attackspambots	Nov 10 15:43:36 sso sshd[8626]: Failed password for root from 68.183.31.138 port 53662 ssh2 ...	2019-11-10 23:00:42
213.202.230.240	attackbotsspam	Lines containing failures of 213.202.230.240 Nov 10 11:16:45 nextcloud sshd[27785]: Invalid user lf from 213.202.230.240 port 36990 Nov 10 11:16:45 nextcloud sshd[27785]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.202.230.240 Nov 10 11:16:47 nextcloud sshd[27785]: Failed password for invalid user lf from 213.202.230.240 port 36990 ssh2 Nov 10 11:16:47 nextcloud sshd[27785]: Received disconnect from 213.202.230.240 port 36990:11: Bye Bye [preauth] Nov 10 11:16:47 nextcloud sshd[27785]: Disconnected from invalid user lf 213.202.230.240 port 36990 [preauth] Nov 10 11:22:59 nextcloud sshd[28821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.202.230.240 user=r.r Nov 10 11:23:00 nextcloud sshd[28821]: Failed password for r.r from 213.202.230.240 port 33550 ssh2 Nov 10 11:23:00 nextcloud sshd[28821]: Received disconnect from 213.202.230.240 port 33550:11: Bye Bye [preauth] Nov 10 11........ ------------------------------	2019-11-10 22:48:04
49.235.243.145	attack	Nov 10 12:09:47 server6 sshd[9379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.243.145 user=r.r Nov 10 12:09:49 server6 sshd[9379]: Failed password for r.r from 49.235.243.145 port 57076 ssh2 Nov 10 12:09:50 server6 sshd[9379]: Received disconnect from 49.235.243.145: 11: Bye Bye [preauth] Nov 10 12:36:50 server6 sshd[29474]: Failed password for invalid user l from 49.235.243.145 port 36400 ssh2 Nov 10 12:36:51 server6 sshd[29474]: Received disconnect from 49.235.243.145: 11: Bye Bye [preauth] Nov 10 12:41:22 server6 sshd[992]: Failed password for invalid user eo from 49.235.243.145 port 37140 ssh2 Nov 10 12:41:22 server6 sshd[992]: Received disconnect from 49.235.243.145: 11: Bye Bye [preauth] Nov 10 12:46:10 server6 sshd[4313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.235.243.145 user=r.r Nov 10 12:46:12 server6 sshd[4313]: Failed password for r.r from 49.235.243.14........ -------------------------------	2019-11-10 22:59:03
119.15.90.69	attackbotsspam	" "	2019-11-10 22:28:14
178.128.236.202	attack	Wordpress login attempts	2019-11-10 22:42:40
201.140.121.58	attack	Looking for resource vulnerabilities	2019-11-10 22:49:22
159.203.201.25	attackbotsspam	159.203.201.25 was recorded 5 times by 5 hosts attempting to connect to the following ports: 389. Incident counter (4h, 24h, all-time): 5, 18, 59	2019-11-10 22:39:27
190.236.38.236	attackbotsspam	Nov 9 23:25:36 eddieflores sshd\[31250\]: Invalid user guest from 190.236.38.236 Nov 9 23:25:36 eddieflores sshd\[31250\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.236.38.236 Nov 9 23:25:38 eddieflores sshd\[31250\]: Failed password for invalid user guest from 190.236.38.236 port 33618 ssh2 Nov 9 23:31:08 eddieflores sshd\[31681\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.236.38.236 user=root Nov 9 23:31:10 eddieflores sshd\[31681\]: Failed password for root from 190.236.38.236 port 35734 ssh2	2019-11-10 22:33:58
180.168.156.212	attack	Nov 10 15:43:11 vpn01 sshd[31466]: Failed password for root from 180.168.156.212 port 10568 ssh2 ...	2019-11-10 23:07:54

Recently Reported IPs

164.160.91.37	164.160.137.19	164.160.91.47	164.160.91.40
164.163.102.87	164.160.91.44	164.160.91.35	164.163.182.11
164.163.17.15	164.163.226.214	164.163.248.133	164.163.84.116
164.164.122.73	164.166.223.133	164.177.130.36	164.165.67.10
164.177.142.39	164.163.98.3	164.177.27.106	164.164.122.184