1.52.134.18 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Viet Nam

Internet Service Provider: FPT Telecom Company

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	2020-04-14T21:20:18.296315struts4.enskede.local sshd\[13374\]: Invalid user pi from 1.52.134.18 port 52984 2020-04-14T21:20:18.296637struts4.enskede.local sshd\[13376\]: Invalid user pi from 1.52.134.18 port 52994 2020-04-14T21:20:18.579284struts4.enskede.local sshd\[13376\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.52.134.18 2020-04-14T21:20:18.584214struts4.enskede.local sshd\[13374\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.52.134.18 2020-04-14T21:20:22.122648struts4.enskede.local sshd\[13376\]: Failed password for invalid user pi from 1.52.134.18 port 52994 ssh2 ...	2020-04-15 04:10:05

Type

Details

Datetime

attack

2020-04-14T21:20:18.296315struts4.enskede.local sshd\[13374\]: Invalid user pi from 1.52.134.18 port 52984
2020-04-14T21:20:18.296637struts4.enskede.local sshd\[13376\]: Invalid user pi from 1.52.134.18 port 52994
2020-04-14T21:20:18.579284struts4.enskede.local sshd\[13376\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.52.134.18
2020-04-14T21:20:18.584214struts4.enskede.local sshd\[13374\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.52.134.18
2020-04-14T21:20:22.122648struts4.enskede.local sshd\[13376\]: Failed password for invalid user pi from 1.52.134.18 port 52994 ssh2
...

2020-04-15 04:10:05

Comments on same subnet:

IP	Type	Details	Datetime
1.52.134.27	attack	Telnet/23 MH Probe, Scan, BF, Hack -	2020-08-02 04:27:59
1.52.134.44	attackbots	Unauthorized connection attempt detected from IP address 1.52.134.44 to port 23 [T]	2020-04-17 23:40:58
1.52.134.46	attackspambots	Unauthorized connection attempt detected from IP address 1.52.134.46 to port 23 [T]	2020-03-22 20:27:34

Type

Details

Datetime

1.52.134.27

attack

Telnet/23 MH Probe, Scan, BF, Hack -

2020-08-02 04:27:59

1.52.134.44

attackbots

Unauthorized connection attempt detected from IP address 1.52.134.44 to port 23 [T]

2020-04-17 23:40:58

1.52.134.46

attackspambots

Unauthorized connection attempt detected from IP address 1.52.134.46 to port 23 [T]

2020-03-22 20:27:34

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 1.52.134.18
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36896
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;1.52.134.18.			IN	A

;; AUTHORITY SECTION:
.			130	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020041401 1800 900 604800 86400

;; Query time: 75 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Apr 15 04:10:02 CST 2020
;; MSG SIZE  rcvd: 115

Host info

Host 18.134.52.1.in-addr.arpa not found: 2(SERVFAIL)

Nslookup info:

;; Got SERVFAIL reply from 183.60.83.19, trying next server
Server:		183.60.82.98
Address:	183.60.82.98#53

** server can't find 18.134.52.1.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
58.250.161.97	attack	Sep 1 21:23:54 Tower sshd[42059]: Connection from 58.250.161.97 port 59723 on 192.168.10.220 port 22 Sep 1 21:23:56 Tower sshd[42059]: Invalid user ismail from 58.250.161.97 port 59723 Sep 1 21:23:56 Tower sshd[42059]: error: Could not get shadow information for NOUSER Sep 1 21:23:56 Tower sshd[42059]: Failed password for invalid user ismail from 58.250.161.97 port 59723 ssh2 Sep 1 21:23:57 Tower sshd[42059]: Received disconnect from 58.250.161.97 port 59723:11: Bye Bye [preauth] Sep 1 21:23:57 Tower sshd[42059]: Disconnected from invalid user ismail 58.250.161.97 port 59723 [preauth]	2019-09-02 09:42:47
154.73.75.99	attackbots	$f2bV_matches	2019-09-02 10:32:38
104.236.224.69	attackbots	SSH invalid-user multiple login attempts	2019-09-02 10:21:31
46.29.248.238	attackbots	Sep 1 10:44:48 friendsofhawaii sshd\[3928\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.29.248.238 user=root Sep 1 10:44:50 friendsofhawaii sshd\[3928\]: Failed password for root from 46.29.248.238 port 51834 ssh2 Sep 1 10:45:02 friendsofhawaii sshd\[3928\]: Failed password for root from 46.29.248.238 port 51834 ssh2 Sep 1 10:45:05 friendsofhawaii sshd\[3928\]: Failed password for root from 46.29.248.238 port 51834 ssh2 Sep 1 10:45:34 friendsofhawaii sshd\[4006\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.29.248.238 user=root	2019-09-02 09:26:28
187.190.111.180	attack	Blocked for port scanning. Time: Sun Sep 1. 09:34:23 2019 +0200 IP: 187.190.111.180 (MX/Mexico/fixed-187-190-111-180.totalplay.net) Sample of block hits: Sep 1 09:32:13 vserv kernel: [16966632.635124] Firewall: TCP_IN Blocked IN=venet0 OUT= MAC= SRC=187.190.111.180 DST=[removed] LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=14882 PROTO=TCP SPT=63675 DPT=88 WINDOW=4888 RES=0x00 SYN URGP=0 Sep 1 09:32:13 vserv kernel: [16966632.674041] Firewall: TCP_IN Blocked IN=venet0 OUT= MAC= SRC=187.190.111.180 DST=[removed] LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=14882 PROTO=TCP SPT=63675 DPT=88 WINDOW=4888 RES=0x00 SYN URGP=0 Sep 1 09:32:13 vserv kernel: [16966632.687550] Firewall: TCP_IN Blocked IN=venet0 OUT= MAC= SRC=187.190.111.180 DST=[removed] LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=14882 PROTO=TCP SPT=63675 DPT=88 WINDOW=4888 RES=0x00 SYN URGP=0 Sep 1 09:32:31 vserv kernel: [16966650.712079] Firewall: TCP_IN Blocked IN=venet0 OUT= MAC= SRC=187.190.111.180 DST=[removed] LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID ....	2019-09-02 10:14:57
148.70.206.90	attackbots	Telnet login attempt	2019-09-02 10:04:15
138.197.162.28	attackbotsspam	Sep 1 11:38:15 lcprod sshd\[22370\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.162.28 user=mysql Sep 1 11:38:16 lcprod sshd\[22370\]: Failed password for mysql from 138.197.162.28 port 33282 ssh2 Sep 1 11:42:11 lcprod sshd\[22792\]: Invalid user acc from 138.197.162.28 Sep 1 11:42:11 lcprod sshd\[22792\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.162.28 Sep 1 11:42:14 lcprod sshd\[22792\]: Failed password for invalid user acc from 138.197.162.28 port 49642 ssh2	2019-09-02 09:23:35
142.93.92.232	attack	Sep 1 23:59:31 markkoudstaal sshd[26182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.92.232 Sep 1 23:59:33 markkoudstaal sshd[26182]: Failed password for invalid user gmodserver from 142.93.92.232 port 43324 ssh2 Sep 2 00:03:47 markkoudstaal sshd[26611]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.92.232	2019-09-02 10:15:34
182.151.7.70	attackspambots	Sep 1 14:33:34 lcdev sshd\[12905\]: Invalid user credit from 182.151.7.70 Sep 1 14:33:34 lcdev sshd\[12905\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.151.7.70 Sep 1 14:33:36 lcdev sshd\[12905\]: Failed password for invalid user credit from 182.151.7.70 port 57258 ssh2 Sep 1 14:38:09 lcdev sshd\[13335\]: Invalid user passwd from 182.151.7.70 Sep 1 14:38:09 lcdev sshd\[13335\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.151.7.70	2019-09-02 09:58:04
151.80.207.9	attackbots	$f2bV_matches	2019-09-02 10:31:55
144.217.234.174	attack	Sep 2 01:35:31 SilenceServices sshd[17669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.217.234.174 Sep 2 01:35:33 SilenceServices sshd[17669]: Failed password for invalid user press from 144.217.234.174 port 44701 ssh2 Sep 2 01:39:37 SilenceServices sshd[20844]: Failed password for root from 144.217.234.174 port 38957 ssh2	2019-09-02 10:39:10
177.69.213.236	attack	Sep 1 15:50:00 php1 sshd\[24834\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.69.213.236 user=mysql Sep 1 15:50:01 php1 sshd\[24834\]: Failed password for mysql from 177.69.213.236 port 60888 ssh2 Sep 1 15:55:03 php1 sshd\[25358\]: Invalid user helpdesk from 177.69.213.236 Sep 1 15:55:03 php1 sshd\[25358\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.69.213.236 Sep 1 15:55:05 php1 sshd\[25358\]: Failed password for invalid user helpdesk from 177.69.213.236 port 48956 ssh2	2019-09-02 09:56:20
217.61.2.97	attackbotsspam	SSH-BruteForce	2019-09-02 09:49:15
171.244.129.66	attackspam	timhelmke.de 171.244.129.66 \[02/Sep/2019:03:17:44 +0200\] "POST /wp-login.php HTTP/1.1" 200 5593 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" timhelmke.de 171.244.129.66 \[02/Sep/2019:03:17:48 +0200\] "POST /wp-login.php HTTP/1.1" 200 5544 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-09-02 09:38:45
167.99.13.51	attackspambots	Sep 2 02:47:40 itv-usvr-02 sshd[15298]: Invalid user sergey from 167.99.13.51 port 49826 Sep 2 02:47:40 itv-usvr-02 sshd[15298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.13.51 Sep 2 02:47:40 itv-usvr-02 sshd[15298]: Invalid user sergey from 167.99.13.51 port 49826 Sep 2 02:47:41 itv-usvr-02 sshd[15298]: Failed password for invalid user sergey from 167.99.13.51 port 49826 ssh2 Sep 2 02:55:36 itv-usvr-02 sshd[15315]: Invalid user bird from 167.99.13.51 port 44756	2019-09-02 10:25:34

Recently Reported IPs

123.157.138.136	122.96.140.226	192.115.241.9	121.122.171.31
119.250.77.174	125.76.25.139	113.12.103.205	119.123.221.7
118.70.179.37	117.88.241.235	117.34.118.137	116.232.79.4
253.6.113.39	116.23.227.219	115.207.89.234	115.113.85.6
114.239.197.227	113.242.220.52	113.227.15.114	113.110.229.29