201.148.247.138

Basic Info

City: Caxias do Sul

Region: Rio Grande do Sul

Country: Brazil

Internet Service Provider: Blankenburg Comunicacoes Ltda

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Automatic report - Port Scan Attack	2020-09-07 00:31:23
attackbots	Automatic report - Port Scan Attack	2020-09-06 15:52:03
attack	Automatic report - Port Scan Attack	2020-09-06 07:54:42

Comments on same subnet:

IP	Type	Details	Datetime
201.148.247.102	attackbots	Aug 16 05:08:51 mail.srvfarm.net postfix/smtps/smtpd[1888715]: warning: unknown[201.148.247.102]: SASL PLAIN authentication failed: Aug 16 05:08:52 mail.srvfarm.net postfix/smtps/smtpd[1888715]: lost connection after AUTH from unknown[201.148.247.102] Aug 16 05:15:23 mail.srvfarm.net postfix/smtpd[1887547]: warning: unknown[201.148.247.102]: SASL PLAIN authentication failed: Aug 16 05:15:23 mail.srvfarm.net postfix/smtpd[1887547]: lost connection after AUTH from unknown[201.148.247.102] Aug 16 05:18:30 mail.srvfarm.net postfix/smtps/smtpd[1890438]: warning: unknown[201.148.247.102]: SASL PLAIN authentication failed:	2020-08-16 13:10:33
201.148.247.109	attack	(smtpauth) Failed SMTP AUTH login from 201.148.247.109 (BR/Brazil/ip-201-148-247-109.sulig.net.br): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2020-07-08 08:09:31 plain authenticator failed for ([201.148.247.109]) [201.148.247.109]: 535 Incorrect authentication data (set_id=info@mobarakehpipe.com)	2020-07-08 19:45:55
201.148.247.92	attackbotsspam	Jun 4 13:46:55 mail.srvfarm.net postfix/smtps/smtpd[2499228]: warning: unknown[201.148.247.92]: SASL PLAIN authentication failed: Jun 4 13:46:56 mail.srvfarm.net postfix/smtps/smtpd[2499228]: lost connection after AUTH from unknown[201.148.247.92] Jun 4 13:49:46 mail.srvfarm.net postfix/smtps/smtpd[2498061]: warning: unknown[201.148.247.92]: SASL PLAIN authentication failed: Jun 4 13:49:47 mail.srvfarm.net postfix/smtps/smtpd[2498061]: lost connection after AUTH from unknown[201.148.247.92] Jun 4 13:53:09 mail.srvfarm.net postfix/smtpd[2502231]: warning: unknown[201.148.247.92]: SASL PLAIN authentication failed:	2020-06-05 03:18:08
201.148.247.206	attackspam	Automatic report - Port Scan Attack	2020-01-04 02:38:23
201.148.247.80	attackbots	Unauthorized SMTP/IMAP/POP3 connection attempt	2019-09-11 12:49:35
201.148.247.84	attackspam	SASL PLAIN auth failed: ruser=...	2019-08-13 09:38:41
201.148.247.251	attackspam	failed_logins	2019-08-11 02:24:40
201.148.247.142	attackbotsspam	Try access to SMTP/POP/IMAP server.	2019-08-02 04:18:30
201.148.247.220	attack	libpam_shield report: forced login attempt	2019-07-30 15:21:15
201.148.247.240	attackbotsspam	Unauthorized connection attempt from IP address 201.148.247.240 on Port 25(SMTP)	2019-07-26 15:27:25
201.148.247.0	attackbotsspam	$f2bV_matches	2019-07-21 07:20:23
201.148.247.180	attackspambots	Brute force attempt	2019-07-17 14:50:21
201.148.247.158	attackbots	Brute force attempt	2019-07-17 05:50:08
201.148.247.83	attackspam	$f2bV_matches	2019-07-12 02:41:40
201.148.247.81	attackbotsspam	SMTP-sasl brute force ...	2019-07-08 11:33:23

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 201.148.247.138
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35496
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;201.148.247.138.		IN	A

;; AUTHORITY SECTION:
.			535	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020090501 1800 900 604800 86400

;; Query time: 485 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Sep 06 07:54:39 CST 2020
;; MSG SIZE  rcvd: 119

Host info

138.247.148.201.in-addr.arpa domain name pointer ip-201-148-247-138.sulig.net.br.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
138.247.148.201.in-addr.arpa	name = ip-201-148-247-138.sulig.net.br.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
141.98.11.12	attack	" "	2019-12-06 03:21:17
95.58.229.10	attackbotsspam	Unauthorized connection attempt from IP address 95.58.229.10 on Port 445(SMB)	2019-12-06 03:05:55
203.156.125.195	attackspam	Dec 5 15:53:24 vps691689 sshd[7745]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.156.125.195 Dec 5 15:53:27 vps691689 sshd[7745]: Failed password for invalid user rosen from 203.156.125.195 port 56703 ssh2 ...	2019-12-06 03:24:03
62.234.131.141	attackbots	Dec 5 16:07:06 localhost sshd\[24368\]: Invalid user smmsp from 62.234.131.141 port 41856 Dec 5 16:07:06 localhost sshd\[24368\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.131.141 Dec 5 16:07:08 localhost sshd\[24368\]: Failed password for invalid user smmsp from 62.234.131.141 port 41856 ssh2	2019-12-06 03:25:52
77.54.236.229	attackspam	Dec 5 20:19:23 vmanager6029 sshd\[29191\]: Invalid user pi from 77.54.236.229 port 50824 Dec 5 20:19:23 vmanager6029 sshd\[29192\]: Invalid user pi from 77.54.236.229 port 50826 Dec 5 20:19:23 vmanager6029 sshd\[29191\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.54.236.229	2019-12-06 03:32:19
69.253.219.99	attackspam	SSH brute force	2019-12-06 03:20:10
94.177.232.119	attackbotsspam	Dec 5 19:45:52 h2812830 sshd[30194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.232.119 user=root Dec 5 19:45:54 h2812830 sshd[30194]: Failed password for root from 94.177.232.119 port 37080 ssh2 Dec 5 19:55:43 h2812830 sshd[30586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.232.119 user=rpc Dec 5 19:55:45 h2812830 sshd[30586]: Failed password for rpc from 94.177.232.119 port 54194 ssh2 Dec 5 20:01:16 h2812830 sshd[30875]: Invalid user nagios from 94.177.232.119 port 36138 ...	2019-12-06 03:40:29
5.57.33.71	attackbotsspam	Dec 5 22:28:58 vibhu-HP-Z238-Microtower-Workstation sshd\[25730\]: Invalid user ervi from 5.57.33.71 Dec 5 22:28:58 vibhu-HP-Z238-Microtower-Workstation sshd\[25730\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.57.33.71 Dec 5 22:29:00 vibhu-HP-Z238-Microtower-Workstation sshd\[25730\]: Failed password for invalid user ervi from 5.57.33.71 port 62452 ssh2 Dec 5 22:35:10 vibhu-HP-Z238-Microtower-Workstation sshd\[26046\]: Invalid user travell from 5.57.33.71 Dec 5 22:35:10 vibhu-HP-Z238-Microtower-Workstation sshd\[26046\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.57.33.71 ...	2019-12-06 03:35:06
61.7.253.197	attack	12/05/2019-10:00:59.652348 61.7.253.197 Protocol: 6 ET SCAN Suspicious inbound to MSSQL port 1433	2019-12-06 03:05:05
179.178.192.26	attackbotsspam	Unauthorized connection attempt from IP address 179.178.192.26 on Port 445(SMB)	2019-12-06 03:41:48
207.107.67.67	attack	Dec 5 16:00:42 sso sshd[24983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.107.67.67 Dec 5 16:00:45 sso sshd[24983]: Failed password for invalid user adk from 207.107.67.67 port 34262 ssh2 ...	2019-12-06 03:20:44
181.236.229.15	attack	Telnet/23 MH Probe, BF, Hack -	2019-12-06 03:40:51
181.41.216.143	attack	$f2bV_matches	2019-12-06 03:30:15
193.112.32.238	attackbots	Dec 5 13:55:47 linuxvps sshd\[47942\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.32.238 user=daemon Dec 5 13:55:49 linuxvps sshd\[47942\]: Failed password for daemon from 193.112.32.238 port 56694 ssh2 Dec 5 14:02:18 linuxvps sshd\[51404\]: Invalid user iranpour from 193.112.32.238 Dec 5 14:02:18 linuxvps sshd\[51404\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.32.238 Dec 5 14:02:20 linuxvps sshd\[51404\]: Failed password for invalid user iranpour from 193.112.32.238 port 33852 ssh2	2019-12-06 03:17:40
213.186.35.114	attackspam	Dec 5 16:31:30 OPSO sshd\[26206\]: Invalid user gualtiero from 213.186.35.114 port 54786 Dec 5 16:31:30 OPSO sshd\[26206\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.186.35.114 Dec 5 16:31:33 OPSO sshd\[26206\]: Failed password for invalid user gualtiero from 213.186.35.114 port 54786 ssh2 Dec 5 16:37:34 OPSO sshd\[28015\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.186.35.114 user=root Dec 5 16:37:36 OPSO sshd\[28015\]: Failed password for root from 213.186.35.114 port 36668 ssh2	2019-12-06 03:28:40

Recently Reported IPs

163.178.219.39	118.168.79.47	121.145.80.45	43.249.113.243
178.47.63.98	164.147.173.221	12.77.2.232	79.41.234.173
111.163.55.93	2.38.130.63	88.71.117.132	173.197.76.9
92.201.220.198	3.23.95.220	197.201.87.129	150.147.166.181
151.11.210.174	108.30.221.151	210.212.230.7	85.119.77.112