213.215.161.34

Basic Info

City: Turin

Region: Piedmont

Country: Italy

Internet Service Provider: Bbtech C/O Colt

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	May 1 07:54:40 localhost sshd\[23019\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.215.161.34 user=root May 1 07:54:42 localhost sshd\[23019\]: Failed password for root from 213.215.161.34 port 60053 ssh2 May 1 07:59:55 localhost sshd\[23152\]: Invalid user weblogic from 213.215.161.34 port 47344 ...	2020-05-01 17:40:59
attack	Apr 29 02:18:35 haigwepa sshd[6765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.215.161.34 Apr 29 02:18:37 haigwepa sshd[6765]: Failed password for invalid user marketing from 213.215.161.34 port 55610 ssh2 ...	2020-04-29 08:48:51

Type

Details

Datetime

attackspambots

May  1 07:54:40 localhost sshd\[23019\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.215.161.34  user=root
May  1 07:54:42 localhost sshd\[23019\]: Failed password for root from 213.215.161.34 port 60053 ssh2
May  1 07:59:55 localhost sshd\[23152\]: Invalid user weblogic from 213.215.161.34 port 47344
...

2020-05-01 17:40:59

attack

Apr 29 02:18:35 haigwepa sshd[6765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.215.161.34 
Apr 29 02:18:37 haigwepa sshd[6765]: Failed password for invalid user marketing from 213.215.161.34 port 55610 ssh2
...

2020-04-29 08:48:51

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 213.215.161.34
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11961
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;213.215.161.34.			IN	A

;; AUTHORITY SECTION:
.			257	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020042801 1800 900 604800 86400

;; Query time: 104 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Apr 29 08:48:48 CST 2020
;; MSG SIZE  rcvd: 118

Host info

Host 34.161.215.213.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 34.161.215.213.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
194.141.2.248	attackbots	Nov 8 20:04:51 ws19vmsma01 sshd[29117]: Failed password for root from 194.141.2.248 port 43663 ssh2 Nov 8 20:28:20 ws19vmsma01 sshd[80740]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.141.2.248 ...	2019-11-09 08:13:07
174.138.44.201	attackbots	xmlrpc attack	2019-11-09 08:23:34
192.228.100.28	attackspambots	82 failed attempt(s) in the last 24h	2019-11-09 07:55:54
128.199.73.25	attackspam	Failed password for invalid user image from 128.199.73.25 port 57046 ssh2 Invalid user jeevan from 128.199.73.25 port 48822 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.73.25 Failed password for invalid user jeevan from 128.199.73.25 port 48822 ssh2 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.73.25 user=root	2019-11-09 07:57:47
193.148.69.157	attackbotsspam	$f2bV_matches	2019-11-09 08:36:21
188.166.46.206	attack	Automatic report - Banned IP Access	2019-11-09 08:20:14
134.175.62.14	attackbotsspam	2019-11-08T23:36:29.415632abusebot-5.cloudsearch.cf sshd\[5480\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.175.62.14 user=root	2019-11-09 08:36:49
190.152.3.106	attack	Configuration snooping (/cgi-bin/ViewLog.asp): "POST 127.0.0.1:80/cgi-bin/ViewLog.asp"	2019-11-09 07:56:22
120.71.181.214	attack	k+ssh-bruteforce	2019-11-09 08:07:46
45.125.65.48	attack	\[2019-11-08 19:08:51\] SECURITY\[2634\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-11-08T19:08:51.830-0500",Severity="Error",Service="SIP",EventVersion="1",AccountID="8860801148672520014",SessionID="0x7fdf2c8a8ab8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.125.65.48/51948",ACLName="no_extension_match" \[2019-11-08 19:09:06\] SECURITY\[2634\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-11-08T19:09:06.237-0500",Severity="Error",Service="SIP",EventVersion="1",AccountID="8535201148297661002",SessionID="0x7fdf2c003608",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.125.65.48/61000",ACLName="no_extension_match" \[2019-11-08 19:09:07\] SECURITY\[2634\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-11-08T19:09:07.568-0500",Severity="Error",Service="SIP",EventVersion="1",AccountID="8197301148778878004",SessionID="0x7fdf2c3f5928",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.125.65.48/65224",ACLNam	2019-11-09 08:15:49
103.235.236.224	attackbotsspam	2019-11-09T00:08:26.613487abusebot-4.cloudsearch.cf sshd\[8584\]: Invalid user lw from 103.235.236.224 port 2434	2019-11-09 08:13:54
40.115.181.216	attackbotsspam	2019-11-09T01:12:19.369672mail01 postfix/smtpd[7800]: warning: unknown[40.115.181.216]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-11-09T01:14:06.438840mail01 postfix/smtpd[28566]: warning: unknown[40.115.181.216]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-11-09T01:14:54.075597mail01 postfix/smtpd[7800]: warning: unknown[40.115.181.216]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2019-11-09 08:31:57
139.59.2.205	attack	WordPress (CMS) attack attempts. Date: 2019 Nov 08. 23:35:19 Source IP: 139.59.2.205 Portion of the log(s): 139.59.2.205 - [08/Nov/2019:23:35:18 +0100] "POST /xmlrpc.php HTTP/1.1" 404 118 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.2.205 - [08/Nov/2019:23:35:13 +0100] "POST /xmlrpc.php HTTP/1.1" 404 118 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.2.205 - [08/Nov/2019:23:35:13 +0100] "POST /xmlrpc.php HTTP/1.1" 404 118 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.2.205 - [08/Nov/2019:23:35:12 +0100] "POST /xmlrpc.php HTTP/1.1" 404 118 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.2.205 - [08/Nov/2019:23:35:12 +0100] "POST /xmlrpc.php HTTP/1.1" 404 118 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.2.205 - [08/Nov/2019:23:35:12 +0100] "POST /xmlrpc.php HTTP/1.1" 404 118 "-"	2019-11-09 08:34:17
45.143.220.55	attack	SIPVicious Scanner Detection, PTR: PTR record not found	2019-11-09 08:38:45
81.4.125.221	attack	$f2bV_matches	2019-11-09 08:35:59

Recently Reported IPs

185.143.74.73	15.52.17.173	198.61.149.100	185.135.83.179
108.239.187.196	197.41.167.152	32.219.152.84	75.230.130.140
52.162.168.233	156.186.172.242	188.209.37.248	220.130.188.230
70.102.29.107	118.167.222.8	154.188.158.46	183.40.192.71
39.245.64.165	107.241.107.21	189.142.237.109	230.88.63.204