168.228.148.164

Basic Info

City: Minacu

Region: Goias

Country: Brazil

Internet Service Provider: Integrato Telecomunicacoes Ltda - ME

Hostname: unknown

Organization: INTEGRATO TELECOMUNICAÇÕES LTDA - ME

Usage Type: Commercial

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
168.228.148.231	attackbots	failed_logins	2019-08-02 05:55:09
168.228.148.122	attackspambots	failed_logins	2019-08-01 07:13:29
168.228.148.193	attackbotsspam	failed_logins	2019-07-31 15:14:32
168.228.148.132	attack	Brute force attempt	2019-07-30 15:45:56
168.228.148.102	attackbots	failed_logins	2019-07-26 19:26:44
168.228.148.152	attackbotsspam	failed_logins	2019-07-14 00:41:14
168.228.148.137	attack	Brute force attack stopped by firewall	2019-07-08 16:24:45
168.228.148.118	attackspambots	Brute force attack to crack SMTP password (port 25 / 587)	2019-07-08 15:56:13
168.228.148.75	attackbotsspam	Brute force attack stopped by firewall	2019-07-08 14:58:24
168.228.148.196	attackspam	Brute force attack stopped by firewall	2019-07-08 14:53:38
168.228.148.109	attackspam	SMTP-sasl brute force ...	2019-07-07 16:48:49
168.228.148.156	attackspam	failed_logins	2019-07-07 11:36:42
168.228.148.141	attackspambots	failed_logins	2019-07-07 04:54:38
168.228.148.161	attackspam	Brute force attempt	2019-07-07 02:45:10
168.228.148.156	attackbotsspam	SMTP-sasl brute force ...	2019-07-07 00:07:35

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 168.228.148.164
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7937
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;168.228.148.164.		IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019070100 1800 900 604800 86400

;; Query time: 4 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Mon Jul 01 23:46:43 CST 2019
;; MSG SIZE  rcvd: 119

Host info

Host 164.148.228.168.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 164.148.228.168.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
49.88.112.78	attack	Sep 24 08:28:44 debian sshd[6157]: Unable to negotiate with 49.88.112.78 port 54163: no matching key exchange method found. Their offer: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth] Sep 24 09:42:11 debian sshd[11823]: Unable to negotiate with 49.88.112.78 port 27040: no matching key exchange method found. Their offer: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth] ...	2019-09-24 21:50:25
179.214.189.101	attackbotsspam	Sep 24 15:29:27 SilenceServices sshd[18179]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.214.189.101 Sep 24 15:29:29 SilenceServices sshd[18179]: Failed password for invalid user openelec from 179.214.189.101 port 43410 ssh2 Sep 24 15:36:03 SilenceServices sshd[19983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.214.189.101	2019-09-24 21:50:42
131.100.134.244	attack	[Tue Sep 24 19:45:15.082086 2019] [:error] [pid 557:tid 139859343623936] [client 131.100.134.244:54632] [client 131.100.134.244] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.1.1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "792"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197:80"] [severity "WARNING"] [ver "OWASP_CRS/3.1.1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "XYoP2xQw9A2OMwDcDThOAwAAAJM"] ...	2019-09-24 22:09:05
201.41.148.228	attack	Sep 24 03:39:45 friendsofhawaii sshd\[10708\]: Invalid user max from 201.41.148.228 Sep 24 03:39:45 friendsofhawaii sshd\[10708\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.41.148.228 Sep 24 03:39:48 friendsofhawaii sshd\[10708\]: Failed password for invalid user max from 201.41.148.228 port 50908 ssh2 Sep 24 03:46:33 friendsofhawaii sshd\[11279\]: Invalid user NpC from 201.41.148.228 Sep 24 03:46:33 friendsofhawaii sshd\[11279\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.41.148.228	2019-09-24 21:59:25
185.143.221.103	attackbots	09/24/2019-16:02:16.300704 185.143.221.103 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-09-24 22:08:51
122.228.208.113	attackspambots	Sep 24 14:43:05 h2177944 kernel: \[2205293.020642\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=122.228.208.113 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=36297 PROTO=TCP SPT=48966 DPT=8081 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 24 14:43:36 h2177944 kernel: \[2205323.932608\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=122.228.208.113 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=27967 PROTO=TCP SPT=48966 DPT=808 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 24 14:44:08 h2177944 kernel: \[2205356.563439\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=122.228.208.113 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=40235 PROTO=TCP SPT=48966 DPT=8118 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 24 14:44:29 h2177944 kernel: \[2205376.805901\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=122.228.208.113 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=38778 PROTO=TCP SPT=48966 DPT=8998 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 24 14:45:04 h2177944 kernel: \[2205411.704908\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=122.228.208.113 DST=85.	2019-09-24 22:17:50
115.68.207.48	attackbotsspam	ssh failed login	2019-09-24 22:04:34
138.197.93.133	attackbotsspam	Sep 24 15:27:36 microserver sshd[46470]: Invalid user sacre from 138.197.93.133 port 57202 Sep 24 15:27:36 microserver sshd[46470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.93.133 Sep 24 15:27:38 microserver sshd[46470]: Failed password for invalid user sacre from 138.197.93.133 port 57202 ssh2 Sep 24 15:30:58 microserver sshd[47067]: Invalid user pvp from 138.197.93.133 port 41920 Sep 24 15:30:58 microserver sshd[47067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.93.133 Sep 24 15:41:27 microserver sshd[48459]: Invalid user rszhu from 138.197.93.133 port 52534 Sep 24 15:41:27 microserver sshd[48459]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.93.133 Sep 24 15:41:29 microserver sshd[48459]: Failed password for invalid user rszhu from 138.197.93.133 port 52534 ssh2 Sep 24 15:44:59 microserver sshd[48647]: Invalid user temp from 138.197.93.133 port 37250	2019-09-24 21:56:50
129.213.122.26	attackbotsspam	Lines containing failures of 129.213.122.26 Sep 24 05:03:04 install sshd[31490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.213.122.26 user=backup Sep 24 05:03:06 install sshd[31490]: Failed password for backup from 129.213.122.26 port 56294 ssh2 Sep 24 05:03:06 install sshd[31490]: Received disconnect from 129.213.122.26 port 56294:11: Bye Bye [preauth] Sep 24 05:03:06 install sshd[31490]: Disconnected from authenticating user backup 129.213.122.26 port 56294 [preauth] Sep 24 05:31:10 install sshd[4101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.213.122.26 user=admin Sep 24 05:31:11 install sshd[4101]: Failed password for admin from 129.213.122.26 port 52886 ssh2 Sep 24 05:31:11 install sshd[4101]: Received disconnect from 129.213.122.26 port 52886:11: Bye Bye [preauth] Sep 24 05:31:11 install sshd[4101]: Disconnected from authenticating user admin 129.213.122.26 port 52........ ------------------------------	2019-09-24 21:51:44
118.25.113.195	attackspam	Sep 24 13:36:45 www_kotimaassa_fi sshd[23462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.25.113.195 Sep 24 13:36:47 www_kotimaassa_fi sshd[23462]: Failed password for invalid user eki from 118.25.113.195 port 49476 ssh2 ...	2019-09-24 21:49:59
222.186.52.107	attack	Sep 24 09:47:13 ny01 sshd[15214]: Failed password for root from 222.186.52.107 port 52868 ssh2 Sep 24 09:47:31 ny01 sshd[15214]: error: maximum authentication attempts exceeded for root from 222.186.52.107 port 52868 ssh2 [preauth] Sep 24 09:47:43 ny01 sshd[15293]: Failed password for root from 222.186.52.107 port 16618 ssh2	2019-09-24 22:08:22
40.114.44.98	attackspambots	F2B jail: sshd. Time: 2019-09-24 15:21:01, Reported by: VKReport	2019-09-24 21:43:11
114.141.104.45	attackbots	Sep 24 13:36:12 hcbbdb sshd\[30005\]: Invalid user itadmin from 114.141.104.45 Sep 24 13:36:12 hcbbdb sshd\[30005\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45-104-141-114.static-dsl.realworld.net.au Sep 24 13:36:15 hcbbdb sshd\[30005\]: Failed password for invalid user itadmin from 114.141.104.45 port 48993 ssh2 Sep 24 13:42:26 hcbbdb sshd\[30731\]: Invalid user design from 114.141.104.45 Sep 24 13:42:26 hcbbdb sshd\[30731\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45-104-141-114.static-dsl.realworld.net.au	2019-09-24 21:52:51
89.138.9.201	attackbots	LGS,WP GET /wp-login.php	2019-09-24 21:39:09
200.116.86.144	attackbots	Sep 24 20:07:59 itv-usvr-02 sshd[26974]: Invalid user Includu135dx from 200.116.86.144 port 44990 Sep 24 20:07:59 itv-usvr-02 sshd[26974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.116.86.144 Sep 24 20:07:59 itv-usvr-02 sshd[26974]: Invalid user Includu135dx from 200.116.86.144 port 44990 Sep 24 20:08:02 itv-usvr-02 sshd[26974]: Failed password for invalid user Includu135dx from 200.116.86.144 port 44990 ssh2 Sep 24 20:12:56 itv-usvr-02 sshd[27089]: Invalid user ivan from 200.116.86.144 port 57508	2019-09-24 21:53:18

Recently Reported IPs

66.104.22.8	190.88.116.56	134.147.234.54	220.174.125.41
98.90.44.5	193.106.247.24	121.235.101.37	88.165.14.150
77.98.183.181	103.81.63.18	117.60.137.51	199.88.141.197
168.228.150.68	72.254.213.64	206.33.168.230	191.90.7.41
69.44.177.34	142.39.138.158	123.232.124.106	37.96.59.156