220.158.148.243

Basic Info

City: unknown

Region: unknown

Country: Cambodia

Internet Service Provider: Kingtel KH

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	2019-11-19T13:32:38.4852211495-001 sshd\[11575\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=movie1.snowball.com.kh 2019-11-19T13:47:14.5908951495-001 sshd\[12013\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=movie1.snowball.com.kh user=squid 2019-11-19T13:51:10.4986861495-001 sshd\[12134\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=movie1.snowball.com.kh user=root 2019-11-19T14:55:13.4345541495-001 sshd\[14290\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=movie1.snowball.com.kh 2019-11-19T14:59:18.1381211495-001 sshd\[14488\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=movie1.snowball.com.kh user=root 2019-11-19T16:01:35.6275811495-001 sshd\[16562\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=movie ...	2019-11-20 07:13:05

Type

Details

Datetime

attack

2019-11-19T13:32:38.4852211495-001 sshd\[11575\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=movie1.snowball.com.kh
2019-11-19T13:47:14.5908951495-001 sshd\[12013\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=movie1.snowball.com.kh  user=squid
2019-11-19T13:51:10.4986861495-001 sshd\[12134\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=movie1.snowball.com.kh  user=root
2019-11-19T14:55:13.4345541495-001 sshd\[14290\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=movie1.snowball.com.kh
2019-11-19T14:59:18.1381211495-001 sshd\[14488\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=movie1.snowball.com.kh  user=root
2019-11-19T16:01:35.6275811495-001 sshd\[16562\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=movie
...

2019-11-20 07:13:05

Comments on same subnet:

IP	Type	Details	Datetime
220.158.148.132	attackspambots	Jul 31 06:54:20 minden010 sshd[5254]: Failed password for root from 220.158.148.132 port 49762 ssh2 Jul 31 06:59:09 minden010 sshd[7221]: Failed password for root from 220.158.148.132 port 55446 ssh2 ...	2020-07-31 15:23:40
220.158.148.132	attack	Jul 29 15:12:58 minden010 sshd[2976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.158.148.132 Jul 29 15:13:00 minden010 sshd[2976]: Failed password for invalid user mujing from 220.158.148.132 port 52864 ssh2 Jul 29 15:16:45 minden010 sshd[3478]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.158.148.132 ...	2020-07-30 00:52:11
220.158.148.132	attackbotsspam	Jul 27 06:24:56 meumeu sshd[237054]: Invalid user mysql from 220.158.148.132 port 49146 Jul 27 06:24:56 meumeu sshd[237054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.158.148.132 Jul 27 06:24:56 meumeu sshd[237054]: Invalid user mysql from 220.158.148.132 port 49146 Jul 27 06:24:58 meumeu sshd[237054]: Failed password for invalid user mysql from 220.158.148.132 port 49146 ssh2 Jul 27 06:27:25 meumeu sshd[237128]: Invalid user admin from 220.158.148.132 port 53562 Jul 27 06:27:25 meumeu sshd[237128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.158.148.132 Jul 27 06:27:25 meumeu sshd[237128]: Invalid user admin from 220.158.148.132 port 53562 Jul 27 06:27:27 meumeu sshd[237128]: Failed password for invalid user admin from 220.158.148.132 port 53562 ssh2 Jul 27 06:29:48 meumeu sshd[237207]: Invalid user ubuntu from 220.158.148.132 port 57974 ...	2020-07-27 12:41:46
220.158.148.132	attackspambots	Jul 14 17:19:00 abendstille sshd\[24605\]: Invalid user mcj from 220.158.148.132 Jul 14 17:19:00 abendstille sshd\[24605\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.158.148.132 Jul 14 17:19:02 abendstille sshd\[24605\]: Failed password for invalid user mcj from 220.158.148.132 port 42432 ssh2 Jul 14 17:21:42 abendstille sshd\[27187\]: Invalid user internet from 220.158.148.132 Jul 14 17:21:42 abendstille sshd\[27187\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.158.148.132 ...	2020-07-15 02:17:36
220.158.148.132	attack	Jul 7 13:37:23 onepixel sshd[3470123]: Invalid user szd from 220.158.148.132 port 37124 Jul 7 13:37:23 onepixel sshd[3470123]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.158.148.132 Jul 7 13:37:23 onepixel sshd[3470123]: Invalid user szd from 220.158.148.132 port 37124 Jul 7 13:37:25 onepixel sshd[3470123]: Failed password for invalid user szd from 220.158.148.132 port 37124 ssh2 Jul 7 13:40:06 onepixel sshd[3471647]: Invalid user eric from 220.158.148.132 port 52548	2020-07-07 23:56:34
220.158.148.132	attackbots	2020-07-07T15:01:09.173515hostname sshd[14639]: Invalid user appserver from 220.158.148.132 port 54030 2020-07-07T15:01:11.174780hostname sshd[14639]: Failed password for invalid user appserver from 220.158.148.132 port 54030 ssh2 2020-07-07T15:04:27.048355hostname sshd[15998]: Invalid user martin from 220.158.148.132 port 52188 ...	2020-07-07 17:10:58
220.158.148.132	attack	Jun 23 22:48:32 piServer sshd[20178]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.158.148.132 Jun 23 22:48:34 piServer sshd[20178]: Failed password for invalid user build from 220.158.148.132 port 44370 ssh2 Jun 23 22:51:55 piServer sshd[20453]: Failed password for root from 220.158.148.132 port 43504 ssh2 ...	2020-06-24 05:05:56
220.158.148.132	attack	Jun 16 14:12:29 ns382633 sshd\[30319\]: Invalid user venus from 220.158.148.132 port 38268 Jun 16 14:12:29 ns382633 sshd\[30319\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.158.148.132 Jun 16 14:12:31 ns382633 sshd\[30319\]: Failed password for invalid user venus from 220.158.148.132 port 38268 ssh2 Jun 16 14:23:10 ns382633 sshd\[32046\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.158.148.132 user=root Jun 16 14:23:12 ns382633 sshd\[32046\]: Failed password for root from 220.158.148.132 port 46022 ssh2	2020-06-16 21:53:51
220.158.148.132	attackspam	(sshd) Failed SSH login from 220.158.148.132 (KH/Cambodia/movie1.snowball.com.kh): 5 in the last 3600 secs	2020-06-07 01:19:46
220.158.148.132	attackspam	Jun 5 21:58:24 web1 sshd[29846]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.158.148.132 user=root Jun 5 21:58:26 web1 sshd[29846]: Failed password for root from 220.158.148.132 port 44650 ssh2 Jun 5 22:07:28 web1 sshd[32381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.158.148.132 user=root Jun 5 22:07:30 web1 sshd[32381]: Failed password for root from 220.158.148.132 port 56114 ssh2 Jun 5 22:10:58 web1 sshd[932]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.158.148.132 user=root Jun 5 22:11:00 web1 sshd[932]: Failed password for root from 220.158.148.132 port 54652 ssh2 Jun 5 22:14:24 web1 sshd[1728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.158.148.132 user=root Jun 5 22:14:26 web1 sshd[1728]: Failed password for root from 220.158.148.132 port 53188 ssh2 Jun 5 22:17:46 web1 sshd[ ...	2020-06-06 00:47:17
220.158.148.132	attack	SSH login attempts.	2020-05-28 16:45:51
220.158.148.132	attack	(sshd) Failed SSH login from 220.158.148.132 (KH/Cambodia/movie1.snowball.com.kh): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: May 26 01:23:14 ubnt-55d23 sshd[25218]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.158.148.132 user=root May 26 01:23:16 ubnt-55d23 sshd[25218]: Failed password for root from 220.158.148.132 port 46212 ssh2	2020-05-26 12:22:29
220.158.148.132	attackspam	May 23 07:53:45 sigma sshd\[1886\]: Invalid user kh from 220.158.148.132May 23 07:53:48 sigma sshd\[1886\]: Failed password for invalid user kh from 220.158.148.132 port 50958 ssh2 ...	2020-05-23 18:33:57
220.158.148.132	attackbotsspam	2020-05-13T00:47:54.300920linuxbox-skyline sshd[135235]: Invalid user ec from 220.158.148.132 port 38092 ...	2020-05-13 14:52:46
220.158.148.132	attackspam	May 10 23:01:36 inter-technics sshd[22944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.158.148.132 user=root May 10 23:01:38 inter-technics sshd[22944]: Failed password for root from 220.158.148.132 port 52342 ssh2 May 10 23:05:32 inter-technics sshd[23225]: Invalid user misha from 220.158.148.132 port 60222 May 10 23:05:32 inter-technics sshd[23225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.158.148.132 May 10 23:05:32 inter-technics sshd[23225]: Invalid user misha from 220.158.148.132 port 60222 May 10 23:05:35 inter-technics sshd[23225]: Failed password for invalid user misha from 220.158.148.132 port 60222 ssh2 ...	2020-05-11 07:10:32

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 220.158.148.243
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6181
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;220.158.148.243.		IN	A

;; AUTHORITY SECTION:
.			880	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019081900 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Mon Aug 19 17:01:16 CST 2019
;; MSG SIZE  rcvd: 119

Host info

243.148.158.220.in-addr.arpa domain name pointer pns2.kingtel.com.kh.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
243.148.158.220.in-addr.arpa	name = pns2.kingtel.com.kh.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
185.94.111.1	attack	26.06.2019 07:47:38 Connection to port 4786 blocked by firewall	2019-06-26 16:04:49
185.209.0.19	attack	Scanning (more than 2 packets) random ports - tries to find possible vulnerable services	2019-06-26 15:53:02
219.90.67.89	attackspambots	2019-06-26T08:05:17.340631abusebot-8.cloudsearch.cf sshd\[23740\]: Invalid user sysbackup from 219.90.67.89 port 38402	2019-06-26 16:39:09
194.230.148.214	attackspam	Jun2605:49:05server4dovecot:imap-login:Abortedlogin\(authfailed\,1attemptsin2secs\):user=\\,method=PLAIN\,rip=194.230.148.214\,lip=148.251.104.70\,TLS\,session=\<1Scl7TGMLl7C5pTW\>Jun2605:49:05server4dovecot:imap-login:Abortedlogin\(authfailed\,1attemptsin2secs\):user=\\,method=PLAIN\,rip=194.230.148.214\,lip=148.251.104.70\,TLS\,session=\Jun2605:49:05server4dovecot:imap-login:Abortedlogin\(authfailed\,1attemptsin2secs\):user=\\,method=PLAIN\,rip=194.230.148.214\,lip=148.251.104.70\,TLS\,session=\Jun2605:49:11server4dovecot:imap-login:Abortedlogin\(authfailed\,1attemptsin6secs\):user=\\,method=PLAIN\,rip=194.230.148.214\,lip=148.251.104.70\,TLS\,session=\<6tRE7TGML17C5pTW\>Jun2605:49:11server4dovecot:imap-login:Abortedlogin\(authfailed\,1attemptsin6secs\):user=\\,method=PLAIN\,rip=194.230.148.214\,lip=148.251.104.70\,TLS\,session=\<14pE7TGMMF7C5pTW\>Jun2605:49:11serve	2019-06-26 16:14:36
185.176.27.58	attackbotsspam	firewall-block, port(s): 7463/tcp, 7471/tcp	2019-06-26 15:58:34
34.77.101.35	attackbots	21/tcp 22/tcp [2019-06-24/25]2pkt	2019-06-26 16:25:49
185.176.27.62	attackbotsspam	firewall-block, port(s): 7464/tcp	2019-06-26 15:58:02
92.119.160.80	attackspambots	2019-06-26T09:35:23.904410vfs-server-01 sshd\[11475\]: Invalid user admin from 92.119.160.80 port 34573 2019-06-26T09:35:24.227214vfs-server-01 sshd\[11477\]: Invalid user admin from 92.119.160.80 port 34724 2019-06-26T09:35:24.559607vfs-server-01 sshd\[11479\]: Invalid user admin from 92.119.160.80 port 34868	2019-06-26 16:21:56
51.254.47.198	attackspambots	2019-06-26T08:03:19.715275scmdmz1 sshd\[14477\]: Invalid user postgres from 51.254.47.198 port 48392 2019-06-26T08:03:19.719004scmdmz1 sshd\[14477\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns3016508.ip-51-254-47.eu 2019-06-26T08:03:21.682236scmdmz1 sshd\[14477\]: Failed password for invalid user postgres from 51.254.47.198 port 48392 ssh2 ...	2019-06-26 15:48:16
153.127.8.122	attackspam	WordPress login Brute force / Web App Attack on client site.	2019-06-26 16:41:21
34.90.167.119	attackspam	[portscan] tcp/139 [NetBIOS Session Service] *(RWIN=1024)(06261032)	2019-06-26 16:43:08
89.248.162.168	attackbotsspam	Port scan attempt detected by AWS-CCS, CTS, India	2019-06-26 16:06:53
58.97.100.186	attackbots	445/tcp 445/tcp 445/tcp [2019-05-21/06-26]3pkt	2019-06-26 16:36:16
66.240.205.34	attackbots	26.06.2019 05:48:10 Connection to port 53 blocked by firewall	2019-06-26 15:46:07
81.22.45.239	attackspambots	26.06.2019 07:39:03 Connection to port 4043 blocked by firewall	2019-06-26 16:07:54

Recently Reported IPs

172.104.166.184	183.63.49.21	142.93.208.219	136.55.162.246
88.122.156.151	114.101.255.156	165.22.237.183	124.187.221.13
188.234.150.27	152.42.226.193	123.11.183.254	112.240.231.100
121.28.165.122	3.36.182.104	96.253.204.168	148.170.198.105
182.186.116.50	171.48.50.149	137.150.57.96	47.91.108.168