107.173.231.134

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: My Server Planet LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	[SMB remote code execution attempt: port tcp/445] *(RWIN=1024)(07301024)	2019-07-30 18:21:20

Comments on same subnet:

IP	Type	Details	Datetime
107.173.231.135	attack	TCP (SYN) 107.173.231.135:52003 -> port 445, len 40	2020-05-20 05:34:50
107.173.231.143	attackbots	firewall-block, port(s): 445/tcp	2020-04-05 09:39:13
107.173.231.143	attackspambots	Honeypot attack, port: 445, PTR: 107-173-231-143-host.colocrossing.com.	2020-01-11 08:02:29
107.173.231.135	attackspam	firewall-block, port(s): 445/tcp	2019-11-18 08:49:56
107.173.231.135	attackbotsspam	Oct 4 19:54:36 localhost kernel: [3971095.102461] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=107.173.231.135 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=30304 PROTO=TCP SPT=58919 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 4 19:54:36 localhost kernel: [3971095.102494] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=107.173.231.135 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=30304 PROTO=TCP SPT=58919 DPT=445 SEQ=1412110243 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 5 07:34:02 localhost kernel: [4013061.423494] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=107.173.231.135 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=8727 PROTO=TCP SPT=46531 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 5 07:34:02 localhost kernel: [4013061.423521] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=107.173.231.135 DST=[mungedIP2] LEN=40 TOS=0x00	2019-10-06 00:33:24
107.173.231.135	attackspambots	[SMB remote code execution attempt: port tcp/445] *(RWIN=1024)(08050931)	2019-08-06 00:24:33

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 107.173.231.134
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1894
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;107.173.231.134.		IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019052401 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat May 25 03:45:07 CST 2019
;; MSG SIZE  rcvd: 119

Host info

134.231.173.107.in-addr.arpa domain name pointer 107-173-231-134-host.colocrossing.com.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
134.231.173.107.in-addr.arpa	name = 107-173-231-134-host.colocrossing.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
27.224.136.9	attackbotsspam	Unauthorized connection attempt detected from IP address 27.224.136.9 to port 8888 [T]	2020-01-10 09:29:35
1.202.113.120	attackbotsspam	Unauthorized connection attempt detected from IP address 1.202.113.120 to port 802 [T]	2020-01-10 09:29:54
212.69.18.221	attack	Jan 10 05:59:04 debian-2gb-nbg1-2 kernel: \[891655.630921\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=212.69.18.221 DST=195.201.40.59 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=51072 DF PROTO=TCP SPT=57273 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0	2020-01-10 13:09:00
185.176.27.54	attackbots	Jan 10 06:16:12 debian-2gb-nbg1-2 kernel: \[892683.001888\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=185.176.27.54 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=55161 PROTO=TCP SPT=40054 DPT=26032 WINDOW=1024 RES=0x00 SYN URGP=0	2020-01-10 13:27:38
46.38.144.247	attackspambots	Jan 10 04:59:19 blackbee postfix/smtpd\[19161\]: warning: unknown\[46.38.144.247\]: SASL LOGIN authentication failed: authentication failure Jan 10 04:59:37 blackbee postfix/smtpd\[19058\]: warning: unknown\[46.38.144.247\]: SASL LOGIN authentication failed: authentication failure Jan 10 04:59:48 blackbee postfix/smtpd\[19034\]: warning: unknown\[46.38.144.247\]: SASL LOGIN authentication failed: authentication failure Jan 10 05:00:07 blackbee postfix/smtpd\[19161\]: warning: unknown\[46.38.144.247\]: SASL LOGIN authentication failed: authentication failure Jan 10 05:00:31 blackbee postfix/smtpd\[19034\]: warning: unknown\[46.38.144.247\]: SASL LOGIN authentication failed: authentication failure ...	2020-01-10 13:23:42
218.92.0.138	attack	Jan 10 06:12:09 eventyay sshd[15027]: Failed password for root from 218.92.0.138 port 12254 ssh2 Jan 10 06:12:22 eventyay sshd[15027]: error: maximum authentication attempts exceeded for root from 218.92.0.138 port 12254 ssh2 [preauth] Jan 10 06:12:28 eventyay sshd[15030]: Failed password for root from 218.92.0.138 port 20438 ssh2 ...	2020-01-10 13:18:05
36.224.83.81	attack	1578632320 - 01/10/2020 05:58:40 Host: 36.224.83.81/36.224.83.81 Port: 23 TCP Blocked	2020-01-10 13:22:40
60.208.210.126	attackbots	Unauthorized connection attempt detected from IP address 60.208.210.126 to port 8000 [T]	2020-01-10 09:26:37
111.72.193.26	attackspam	2020-01-09 22:58:15 dovecot_login authenticator failed for (foyub) [111.72.193.26]:62108 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=liyan@lerctr.org) 2020-01-09 22:58:23 dovecot_login authenticator failed for (blrvi) [111.72.193.26]:62108 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=liyan@lerctr.org) 2020-01-09 22:58:35 dovecot_login authenticator failed for (kqjbm) [111.72.193.26]:62108 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=liyan@lerctr.org) ...	2020-01-10 13:24:45
175.199.169.49	attackspam	firewall-block, port(s): 23/tcp	2020-01-10 13:12:02
222.94.163.17	attackspam	Unauthorized connection attempt detected from IP address 222.94.163.17 to port 9999 [T]	2020-01-10 09:31:06
58.248.200.68	attackspam	Unauthorized connection attempt detected from IP address 58.248.200.68 to port 801 [T]	2020-01-10 09:27:08
113.141.70.184	attack	repeated attempts to login to Voip server - unauthorized	2020-01-10 10:11:33
36.76.220.4	attackspambots	1578632355 - 01/10/2020 05:59:15 Host: 36.76.220.4/36.76.220.4 Port: 445 TCP Blocked	2020-01-10 13:02:32
103.99.15.211	attackbots	1578632338 - 01/10/2020 05:58:58 Host: 103.99.15.211/103.99.15.211 Port: 445 TCP Blocked	2020-01-10 13:12:31

Recently Reported IPs

193.201.224.82	27.253.113.177	228.88.40.45	74.211.3.248
82.235.227.179	241.55.123.206	151.80.40.199	114.33.146.105
103.207.39.136	89.201.5.167	47.198.224.40	109.19.16.40
159.203.86.82	117.50.95.121	162.144.145.151	41.160.6.186
89.221.195.139	185.10.99.14	185.234.218.129	188.213.166.219