134.209.148.107

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbotsspam	Oct 6 18:51:56 router sshd[24181]: Failed password for root from 134.209.148.107 port 46336 ssh2 Oct 6 18:52:49 router sshd[24183]: Failed password for root from 134.209.148.107 port 56478 ssh2 ...	2020-10-07 02:13:06
attackbotsspam	[N3.H3.VM3] Port Scanner Detected Blocked by UFW	2020-10-06 18:08:51
attackspambots	[N1.H1.VM1] Port Scanner Detected Blocked by UFW	2020-09-30 03:43:16
attackbotsspam	[N3.H3.VM3] Port Scanner Detected Blocked by UFW	2020-09-29 19:49:18
attackspambots	TCP (SYN) 134.209.148.107:44843 -> port 24561, len 44	2020-09-11 23:00:06
attackspam	Port scan denied	2020-09-11 15:04:50
attack	13978/tcp 2841/tcp 19528/tcp... [2020-07-10/09-10]190pkt,72pt.(tcp)	2020-09-11 07:17:31
attackspam	Aug 23 11:38:05 PorscheCustomer sshd[10368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.148.107 Aug 23 11:38:07 PorscheCustomer sshd[10368]: Failed password for invalid user zn from 134.209.148.107 port 52346 ssh2 Aug 23 11:39:31 PorscheCustomer sshd[10404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.148.107 ...	2020-08-23 18:05:59
attack	TCP port : 25791	2020-08-22 18:49:24
attackspam	2020-08-19T16:48:15.283554server.mjenks.net sshd[3507142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.148.107 2020-08-19T16:48:15.276367server.mjenks.net sshd[3507142]: Invalid user szd from 134.209.148.107 port 59392 2020-08-19T16:48:17.967383server.mjenks.net sshd[3507142]: Failed password for invalid user szd from 134.209.148.107 port 59392 ssh2 2020-08-19T16:52:17.263658server.mjenks.net sshd[3507575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.148.107 user=root 2020-08-19T16:52:19.169542server.mjenks.net sshd[3507575]: Failed password for root from 134.209.148.107 port 38798 ssh2 ...	2020-08-20 08:42:45
attackspambots	Aug 19 21:26:38 pornomens sshd\[26061\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.148.107 user=root Aug 19 21:26:40 pornomens sshd\[26061\]: Failed password for root from 134.209.148.107 port 40294 ssh2 Aug 19 21:33:27 pornomens sshd\[26112\]: Invalid user mort from 134.209.148.107 port 48678 Aug 19 21:33:27 pornomens sshd\[26112\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.148.107 ...	2020-08-20 03:39:40
attackspam	Aug 19 00:51:57 rotator sshd\[30371\]: Failed password for root from 134.209.148.107 port 48254 ssh2Aug 19 00:54:14 rotator sshd\[30389\]: Failed password for root from 134.209.148.107 port 55288 ssh2Aug 19 00:56:23 rotator sshd\[31160\]: Invalid user mee from 134.209.148.107Aug 19 00:56:25 rotator sshd\[31160\]: Failed password for invalid user mee from 134.209.148.107 port 34098 ssh2Aug 19 00:58:38 rotator sshd\[31169\]: Invalid user courses from 134.209.148.107Aug 19 00:58:40 rotator sshd\[31169\]: Failed password for invalid user courses from 134.209.148.107 port 41142 ssh2 ...	2020-08-19 07:35:56
attackspambots	firewall-block, port(s): 13059/tcp	2020-08-15 02:48:55
attack	SSH Brute Force	2020-08-13 09:52:07
attackbotsspam	firewall-block, port(s): 16314/tcp	2020-08-08 16:28:09
attackspambots	Port scan: Attack repeated for 24 hours	2020-08-07 06:30:47
attackspam	Port Scan ...	2020-07-31 02:31:26
attack	Jul 27 00:06:40 fhem-rasp sshd[31201]: Invalid user refat from 134.209.148.107 port 52570 ...	2020-07-27 08:06:18
attack	TCP (SYN) 134.209.148.107:43335 -> port 4433, len 44	2020-07-21 00:44:48
attack	Invalid user joseph from 134.209.148.107 port 49244	2020-07-18 20:12:12
attackspambots	Jul 13 21:02:11 mout sshd[19229]: Invalid user oem from 134.209.148.107 port 57944 Jul 13 21:02:13 mout sshd[19229]: Failed password for invalid user oem from 134.209.148.107 port 57944 ssh2 Jul 13 21:02:15 mout sshd[19229]: Disconnected from invalid user oem 134.209.148.107 port 57944 [preauth]	2020-07-14 03:19:10
attackbotsspam	Jul 11 09:59:59 PorscheCustomer sshd[8281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.148.107 Jul 11 10:00:01 PorscheCustomer sshd[8281]: Failed password for invalid user marlo from 134.209.148.107 port 51800 ssh2 Jul 11 10:02:18 PorscheCustomer sshd[8321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.148.107 ...	2020-07-11 16:04:21
attackbotsspam	07/09/2020-12:11:35.797235 134.209.148.107 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-07-10 00:15:27
attackbots	scans 2 times in preceeding hours on the ports (in chronological order) 19921 30183	2020-07-08 21:10:27
attackspambots	firewall-block, port(s): 28048/tcp	2020-07-05 08:18:20
attack	TCP port : 5989	2020-07-01 01:30:20
attack	Fail2Ban Ban Triggered	2020-06-23 15:50:56
attack	Invalid user toor from 134.209.148.107 port 48802	2020-06-06 18:28:54
attack	web-1 [ssh] SSH Attack	2020-06-04 02:14:46
attackbotsspam	" "	2020-06-02 01:37:48

相同子网IP讨论:

IP	类型	评论内容	时间
134.209.148.148	attackbots	Mar 2 15:19:57 xxxxxxx7446550 sshd[19084]: Invalid user postgres from 134.209.148.148 Mar 2 15:19:57 xxxxxxx7446550 sshd[19084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.148.148 Mar 2 15:19:59 xxxxxxx7446550 sshd[19084]: Failed password for invalid user postgres from 134.209.148.148 port 50092 ssh2 Mar 2 15:19:59 xxxxxxx7446550 sshd[19085]: Received disconnect from 134.209.148.148: 11: Normal Shutdown Mar 2 15:23:45 xxxxxxx7446550 sshd[19884]: Invalid user farbe-bfi1234 from 134.209.148.148 Mar 2 15:23:45 xxxxxxx7446550 sshd[19884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.148.148 Mar 2 15:23:47 xxxxxxx7446550 sshd[19884]: Failed password for invalid user farbe-bfi1234 from 134.209.148.148 port 47848 ssh2 Mar 2 15:23:47 xxxxxxx7446550 sshd[19885]: Received disconnect from 134.209.148.148: 11: Normal Shutdown ........ ----------------------------------------------- https://www.blocklist.de/	2020-03-08 05:41:12
134.209.148.109	attack	Automatic report - XMLRPC Attack	2020-02-25 16:37:19
134.209.148.227	attackspam	2019-04-11 16:04:31 1hEaJa-0003i6-SD SMTP connection from silky.msolutioncode.com \(broad.criccrowd.icu\) \[134.209.148.227\]:49068 I=\[193.107.90.29\]:25 closed by DROP in ACL 2019-04-11 16:05:37 1hEaKf-0003jp-86 SMTP connection from silky.msolutioncode.com \(other.criccrowd.icu\) \[134.209.148.227\]:49562 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-04-11 16:06:55 1hEaLv-0003kw-0s SMTP connection from silky.msolutioncode.com \(spade.criccrowd.icu\) \[134.209.148.227\]:46689 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-04-12 15:48:59 1hEwY7-0008Sw-Kh SMTP connection from silky.msolutioncode.com \(harsh.criccrowd.icu\) \[134.209.148.227\]:43193 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-04-12 15:49:25 1hEwYX-0008Tq-AM SMTP connection from silky.msolutioncode.com \(stew.criccrowd.icu\) \[134.209.148.227\]:53901 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-04-12 15:49:47 1hEwYt-0008Uk-9M SMTP connection from silky.msolutioncode.com \(garnish.criccrowd.icu\) \[13 ...	2020-02-05 03:49:03

类型

评论内容

时间

134.209.148.148

attackbots

Mar  2 15:19:57 xxxxxxx7446550 sshd[19084]: Invalid user postgres from 134.209.148.148
Mar  2 15:19:57 xxxxxxx7446550 sshd[19084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.148.148 
Mar  2 15:19:59 xxxxxxx7446550 sshd[19084]: Failed password for invalid user postgres from 134.209.148.148 port 50092 ssh2
Mar  2 15:19:59 xxxxxxx7446550 sshd[19085]: Received disconnect from 134.209.148.148: 11: Normal Shutdown
Mar  2 15:23:45 xxxxxxx7446550 sshd[19884]: Invalid user farbe-bfi1234 from 134.209.148.148
Mar  2 15:23:45 xxxxxxx7446550 sshd[19884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.148.148 
Mar  2 15:23:47 xxxxxxx7446550 sshd[19884]: Failed password for invalid user farbe-bfi1234 from 134.209.148.148 port 47848 ssh2
Mar  2 15:23:47 xxxxxxx7446550 sshd[19885]: Received disconnect from 134.209.148.148: 11: Normal Shutdown


........
-----------------------------------------------
https://www.blocklist.de/

2020-03-08 05:41:12

134.209.148.109

attack

Automatic report - XMLRPC Attack

2020-02-25 16:37:19

134.209.148.227

attackspam

2019-04-11 16:04:31 1hEaJa-0003i6-SD SMTP connection from silky.msolutioncode.com \(broad.criccrowd.icu\) \[134.209.148.227\]:49068 I=\[193.107.90.29\]:25 closed by DROP in ACL
2019-04-11 16:05:37 1hEaKf-0003jp-86 SMTP connection from silky.msolutioncode.com \(other.criccrowd.icu\) \[134.209.148.227\]:49562 I=\[193.107.88.166\]:25 closed by DROP in ACL
2019-04-11 16:06:55 1hEaLv-0003kw-0s SMTP connection from silky.msolutioncode.com \(spade.criccrowd.icu\) \[134.209.148.227\]:46689 I=\[193.107.88.166\]:25 closed by DROP in ACL
2019-04-12 15:48:59 1hEwY7-0008Sw-Kh SMTP connection from silky.msolutioncode.com \(harsh.criccrowd.icu\) \[134.209.148.227\]:43193 I=\[193.107.88.166\]:25 closed by DROP in ACL
2019-04-12 15:49:25 1hEwYX-0008Tq-AM SMTP connection from silky.msolutioncode.com \(stew.criccrowd.icu\) \[134.209.148.227\]:53901 I=\[193.107.88.166\]:25 closed by DROP in ACL
2019-04-12 15:49:47 1hEwYt-0008Uk-9M SMTP connection from silky.msolutioncode.com \(garnish.criccrowd.icu\) \[13
...

2020-02-05 03:49:03

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 134.209.148.107
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7807
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;134.209.148.107.		IN	A

;; AUTHORITY SECTION:
.			424	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020020401 1800 900 604800 86400

;; Query time: 47 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Feb 05 15:41:05 CST 2020
;; MSG SIZE  rcvd: 119

HOST信息:

Host 107.148.209.134.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 107.148.209.134.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
193.176.86.166	attackspam	Aug 24 19:11:33 ws24vmsma01 sshd[83820]: Failed password for root from 193.176.86.166 port 54459 ssh2 ...	2020-08-25 06:48:27
36.155.115.95	attackbotsspam	Aug 24 22:08:21 eventyay sshd[8554]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.155.115.95 Aug 24 22:08:24 eventyay sshd[8554]: Failed password for invalid user online from 36.155.115.95 port 43192 ssh2 Aug 24 22:14:05 eventyay sshd[8866]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.155.115.95 ...	2020-08-25 06:57:52
92.118.161.21	attackspambots	port scan and connect, tcp 2121 (ccproxy-ftp)	2020-08-25 07:01:12
119.29.16.190	attack	Aug 24 23:32:36 eventyay sshd[13069]: Failed password for root from 119.29.16.190 port 52360 ssh2 Aug 24 23:34:44 eventyay sshd[13171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.29.16.190 Aug 24 23:34:46 eventyay sshd[13171]: Failed password for invalid user nagios from 119.29.16.190 port 42778 ssh2 ...	2020-08-25 07:06:21
202.173.121.150	attackbotsspam	HTTPS port 443 hits : GET /?q user	2020-08-25 07:19:52
222.186.175.183	attackspambots	Aug 25 08:43:09 localhost sshd[4021139]: Unable to negotiate with 222.186.175.183 port 55664: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1 [preauth] ...	2020-08-25 06:49:13
122.51.91.2	attackspambots	2020-08-24T16:54:27.1016031495-001 sshd[12581]: Failed password for invalid user composer from 122.51.91.2 port 53734 ssh2 2020-08-24T16:57:48.4463411495-001 sshd[12826]: Invalid user user from 122.51.91.2 port 36894 2020-08-24T16:57:48.4503061495-001 sshd[12826]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.91.2 2020-08-24T16:57:48.4463411495-001 sshd[12826]: Invalid user user from 122.51.91.2 port 36894 2020-08-24T16:57:50.3235941495-001 sshd[12826]: Failed password for invalid user user from 122.51.91.2 port 36894 ssh2 2020-08-24T17:01:10.6555421495-001 sshd[13038]: Invalid user cs from 122.51.91.2 port 48286 ...	2020-08-25 07:11:53
137.112.176.174	attackspambots	SSH brute force	2020-08-25 07:08:10
119.53.149.66	attack	2020-08-2422:14:001kAIqt-0005O0-M5\<=simone@gedacom.chH=\(localhost\)[119.53.149.66]:45943P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:simone@gedacom.chS=1917id=7F7ACC9F94406EDD01044DF531CC1910@gedacom.chT="Desiretoexploreyou"fortonysager18@gmail.com2020-08-2422:13:131kAIq8-0005Kr-I9\<=simone@gedacom.chH=\(localhost\)[123.21.10.120]:44977P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:simone@gedacom.chS=3975id=85bbd08388a3767a5d18aefd09ce34383369825d@gedacom.chT="\\360\\237\\215\\212\\360\\237\\221\\221\\360\\237\\215\\221\\360\\237\\214\\212Seekingoutyourhometownchicks\?"forvhhhhh@gfg.comjazz.bramble96@gmail.com2020-08-2422:13:381kAIqX-0005N9-2t\<=simone@gedacom.chH=\(localhost\)[36.152.127.130]:39232P=esmtpsaX=TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256CV=noA=dovecot_login:simone@gedacom.chS=1970id=202593C0CB1F31825E5B12AA6E9E8194@gedacom.chT="Onlyneedjustabitofyourattention"forbyronseabern@gmail.com2020-08-2422:13:071kAIq2-0005Jk-Ae\<=simone@gedacom.chH=\(loc	2020-08-25 06:59:03
188.173.97.144	attackspam	Aug 24 23:47:57 sxvn sshd[20872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.173.97.144	2020-08-25 07:03:04
66.230.230.230	attackspambots	2020-08-24T23:01:06.354529abusebot-2.cloudsearch.cf sshd[7108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.230.230.230 user=root 2020-08-24T23:01:08.176896abusebot-2.cloudsearch.cf sshd[7108]: Failed password for root from 66.230.230.230 port 46942 ssh2 2020-08-24T23:01:10.752579abusebot-2.cloudsearch.cf sshd[7108]: Failed password for root from 66.230.230.230 port 46942 ssh2 2020-08-24T23:01:06.354529abusebot-2.cloudsearch.cf sshd[7108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.230.230.230 user=root 2020-08-24T23:01:08.176896abusebot-2.cloudsearch.cf sshd[7108]: Failed password for root from 66.230.230.230 port 46942 ssh2 2020-08-24T23:01:10.752579abusebot-2.cloudsearch.cf sshd[7108]: Failed password for root from 66.230.230.230 port 46942 ssh2 2020-08-24T23:01:06.354529abusebot-2.cloudsearch.cf sshd[7108]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser ...	2020-08-25 07:10:34
106.53.97.24	attackbots	Aug 24 22:54:28 plex-server sshd[2993316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.53.97.24 Aug 24 22:54:28 plex-server sshd[2993316]: Invalid user lxr from 106.53.97.24 port 43118 Aug 24 22:54:30 plex-server sshd[2993316]: Failed password for invalid user lxr from 106.53.97.24 port 43118 ssh2 Aug 24 22:57:25 plex-server sshd[2994483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.53.97.24 user=root Aug 24 22:57:27 plex-server sshd[2994483]: Failed password for root from 106.53.97.24 port 58816 ssh2 ...	2020-08-25 07:12:41
182.151.15.175	attack	Aug 25 03:21:16 dhoomketu sshd[2639168]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.151.15.175 Aug 25 03:21:16 dhoomketu sshd[2639168]: Invalid user shit from 182.151.15.175 port 37116 Aug 25 03:21:18 dhoomketu sshd[2639168]: Failed password for invalid user shit from 182.151.15.175 port 37116 ssh2 Aug 25 03:24:14 dhoomketu sshd[2639216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.151.15.175 user=root Aug 25 03:24:16 dhoomketu sshd[2639216]: Failed password for root from 182.151.15.175 port 59965 ssh2 ...	2020-08-25 07:02:10
95.111.245.15	attack	Aug 24 22:05:22 web-main sshd[2849790]: Invalid user od from 95.111.245.15 port 34884 Aug 24 22:05:24 web-main sshd[2849790]: Failed password for invalid user od from 95.111.245.15 port 34884 ssh2 Aug 24 22:14:15 web-main sshd[2850887]: Invalid user transfer from 95.111.245.15 port 33948	2020-08-25 06:47:35
101.251.206.30	attackbots	Aug 24 22:12:10 cho sshd[1543447]: Invalid user rashid from 101.251.206.30 port 49798 Aug 24 22:12:10 cho sshd[1543447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.251.206.30 Aug 24 22:12:10 cho sshd[1543447]: Invalid user rashid from 101.251.206.30 port 49798 Aug 24 22:12:11 cho sshd[1543447]: Failed password for invalid user rashid from 101.251.206.30 port 49798 ssh2 Aug 24 22:13:46 cho sshd[1543635]: Invalid user ifc from 101.251.206.30 port 44332 ...	2020-08-25 07:15:04

最近上报的IP列表

150.239.30.166	213.220.25.72	163.142.135.30	185.162.131.27
82.108.176.227	245.106.215.180	243.135.105.153	21.71.147.229
69.122.9.70	206.109.150.214	37.32.115.14	2.233.119.49
218.103.128.177	202.28.217.11	194.75.150.227	187.102.57.21
185.172.35.84	185.146.3.165	177.126.141.171	175.180.167.63