189.50.104.98 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Brazil

Internet Service Provider: Silva & Silveira Provedor de Internet Ltda

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	May 8 22:56:46 scw-6657dc sshd[4251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.50.104.98 May 8 22:56:46 scw-6657dc sshd[4251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.50.104.98 May 8 22:56:48 scw-6657dc sshd[4251]: Failed password for invalid user i2b2metadata from 189.50.104.98 port 9224 ssh2 ...	2020-05-09 07:49:26
attackspam	port scan and connect, tcp 22 (ssh)	2020-04-16 14:10:29
attack	From: Ciaxa Bank Received: from mail2.lpnet.com.br ([189.1.144.235]) by ns3041838.ip-188-165-236.eu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.90_1) (envelope-from ) id 1iNCqf-0002yj-Jc for admon@alsurmedia.com; Wed, 23 Oct 2019 11:22:34 +0200 Received: (qmail 29223 invoked by uid 89); 23 Oct 2019 09:20:04 -0000 Received: by simscan 1.4.0 ppid: 28997, pid: 29161, t: 0.5353s scanners: attach: 1.4.0 clamav: 0.99.2/m:57/d:22959 Received: from unknown (HELO svlnxwm130.lencoispaulista.sp.gov.br) (prefeitura@lencoispaulista.sp.gov.br@189.50.104.98) by 0 with ESMTPA; 23 O	2019-10-23 22:45:34

Type

Details

Datetime

attackspam

May  8 22:56:46 scw-6657dc sshd[4251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.50.104.98
May  8 22:56:46 scw-6657dc sshd[4251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.50.104.98
May  8 22:56:48 scw-6657dc sshd[4251]: Failed password for invalid user i2b2metadata from 189.50.104.98 port 9224 ssh2
...

2020-05-09 07:49:26

attackspam

port scan and connect, tcp 22 (ssh)

2020-04-16 14:10:29

attack

From: Ciaxa Bank 
Received: from mail2.lpnet.com.br ([189.1.144.235]) by ns3041838.ip-188-165-236.eu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.90_1) (envelope-from ) id 1iNCqf-0002yj-Jc for admon@alsurmedia.com; Wed, 23 Oct 2019 11:22:34 +0200
Received: (qmail 29223 invoked by uid 89); 23 Oct 2019 09:20:04 -0000
Received: by simscan 1.4.0 ppid: 28997, pid: 29161, t: 0.5353s scanners: attach: 1.4.0 clamav: 0.99.2/m:57/d:22959
Received: from unknown (HELO svlnxwm130.lencoispaulista.sp.gov.br) (prefeitura@lencoispaulista.sp.gov.br@189.50.104.98) by 0 with ESMTPA; 23 O

2019-10-23 22:45:34

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 189.50.104.98
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7840
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;189.50.104.98.			IN	A

;; AUTHORITY SECTION:
.			500	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019102300 1800 900 604800 86400

;; Query time: 116 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Oct 23 22:45:30 CST 2019
;; MSG SIZE  rcvd: 117

Host info

98.104.50.189.in-addr.arpa domain name pointer 189-50-104-98-wlan.lpnet.com.br.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
98.104.50.189.in-addr.arpa	name = 189-50-104-98-wlan.lpnet.com.br.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
14.63.167.192	attackbotsspam	2019-10-29T05:46:53.870908-07:00 suse-nuc sshd[10789]: Invalid user rdillion from 14.63.167.192 port 53936 ...	2019-10-30 01:39:02
41.220.13.103	attackbots	$f2bV_matches	2019-10-30 01:46:44
222.186.175.212	attackbotsspam	Oct 29 17:45:42 sshgateway sshd\[2527\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.212 user=root Oct 29 17:45:44 sshgateway sshd\[2527\]: Failed password for root from 222.186.175.212 port 11574 ssh2 Oct 29 17:46:00 sshgateway sshd\[2527\]: error: maximum authentication attempts exceeded for root from 222.186.175.212 port 11574 ssh2 \[preauth\]	2019-10-30 01:50:21
132.232.228.86	attackspambots	Oct 29 18:10:52 MK-Soft-VM6 sshd[8999]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.228.86 Oct 29 18:10:54 MK-Soft-VM6 sshd[8999]: Failed password for invalid user syrea2008 from 132.232.228.86 port 37692 ssh2 ...	2019-10-30 02:14:44
119.200.186.168	attackspambots	Invalid user amyg from 119.200.186.168 port 53118 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.200.186.168 Failed password for invalid user amyg from 119.200.186.168 port 53118 ssh2 Invalid user P@@$$w0rd1 from 119.200.186.168 port 35672 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.200.186.168	2019-10-30 02:11:48
125.213.233.211	attack	...	2019-10-30 01:49:47
45.143.221.14	attack	Attempted to connect 3 times to port 5060 UDP	2019-10-30 01:40:25
45.117.50.171	attack	Automatic report - Port Scan Attack	2019-10-30 01:41:22
124.253.4.125	attackspam	TCP Port Scanning	2019-10-30 02:00:20
35.181.116.72	normal	Country: France. Not United States like it says.	2019-10-30 02:12:54
197.50.250.176	attackbotsspam	Unauthorised access (Oct 29) SRC=197.50.250.176 LEN=52 TOS=0x10 PREC=0x40 TTL=110 ID=2600 DF TCP DPT=445 WINDOW=8192 SYN	2019-10-30 01:39:27
180.76.242.171	attackbotsspam	Oct 29 10:47:40 firewall sshd[12945]: Failed password for invalid user ts3bot2 from 180.76.242.171 port 48730 ssh2 Oct 29 10:53:19 firewall sshd[13087]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.242.171 user=root Oct 29 10:53:21 firewall sshd[13087]: Failed password for root from 180.76.242.171 port 59058 ssh2 ...	2019-10-30 02:12:51
106.12.201.154	attackbotsspam	Automatic report - Banned IP Access	2019-10-30 02:16:16
61.94.236.47	attackspam	Port Scan	2019-10-30 01:40:43
178.32.161.90	attack	Brute force SMTP login attempted. ...	2019-10-30 01:53:08

Recently Reported IPs

49.232.43.151	31.50.91.172	109.134.63.12	142.172.24.150
12.198.152.254	155.161.224.137	112.175.124.18	61.55.152.184
218.143.1.167	252.196.44.252	250.19.165.15	92.28.18.213
119.47.115.162	150.119.140.187	131.248.204.125	243.113.94.64
40.82.216.53	69.175.239.194	151.77.226.84	188.51.144.35