134.209.208.159

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Port scan: Attack repeated for 24 hours	2020-06-21 00:54:32
attackspambots	TCP (SYN) 134.209.208.159:46179 -> port 7425, len 44	2020-06-15 15:37:35
attackbotsspam	firewall-block, port(s): 25804/tcp	2020-06-13 15:11:57
attackspam	May 29 22:50:47 debian-2gb-nbg1-2 kernel: \[13044230.816351\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=134.209.208.159 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=6339 PROTO=TCP SPT=58161 DPT=3540 WINDOW=1024 RES=0x00 SYN URGP=0	2020-05-30 05:16:17
attack	Port scan: Attack repeated for 24 hours	2020-05-03 01:12:31
attackbotsspam	firewall-block, port(s): 22225/tcp	2020-04-25 05:33:25
attack	Port scan(s) denied	2020-04-20 16:28:29
attackbotsspam	firewall-block, port(s): 15661/tcp	2020-04-13 06:33:44
attack	Oct 12 16:18:01 archiv sshd[30429]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.208.159 user=r.r Oct 12 16:18:02 archiv sshd[30429]: Failed password for r.r from 134.209.208.159 port 53194 ssh2 Oct 12 16:18:02 archiv sshd[30429]: Received disconnect from 134.209.208.159 port 53194:11: Bye Bye [preauth] Oct 12 16:18:02 archiv sshd[30429]: Disconnected from 134.209.208.159 port 53194 [preauth] Oct 12 16:30:15 archiv sshd[30518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.208.159 user=r.r Oct 12 16:30:17 archiv sshd[30518]: Failed password for r.r from 134.209.208.159 port 49688 ssh2 Oct 12 16:30:18 archiv sshd[30518]: Received disconnect from 134.209.208.159 port 49688:11: Bye Bye [preauth] Oct 12 16:30:18 archiv sshd[30518]: Disconnected from 134.209.208.159 port 49688 [preauth] Oct 12 16:33:52 archiv sshd[30582]: pam_unix(sshd:auth): authentication failure; logname........ -------------------------------	2019-10-13 17:23:05

Comments on same subnet:

IP	Type	Details	Datetime
134.209.208.91	attack	IP: 134.209.208.91 Ports affected Simple Mail Transfer (25) Abuse Confidence rating 16% Found in DNSBL('s) ASN Details AS14061 DigitalOcean LLC United States (US) CIDR 134.209.0.0/16 Log Date: 16/01/2020 11:43:21 AM UTC	2020-01-16 20:09:58
134.209.208.27	attack	xmlrpc attack	2019-09-21 08:18:30
134.209.208.112	attackspambots	19/9/20@10:18:28: FAIL: Alarm-Intrusion address from=134.209.208.112 ...	2019-09-21 01:46:10
134.209.208.112	attackspambots	19/9/17@09:36:00: FAIL: Alarm-Intrusion address from=134.209.208.112 ...	2019-09-17 21:38:06
134.209.208.27	attackspam	xmlrpc attack	2019-09-17 03:46:13
134.209.208.104	attack	" "	2019-09-12 19:40:04
134.209.208.27	attackbots	xmlrpc attack	2019-09-11 08:27:23
134.209.208.27	attack	WordPress wp-login brute force :: 134.209.208.27 0.064 BYPASS [09/Sep/2019:05:42:12 1000] [censored_2] "POST /wp-login.php HTTP/1.1" 200 4630 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-09-09 06:31:58
134.209.208.104	attackbotsspam	scan z	2019-09-08 18:00:46
134.209.208.112	attack	19/8/31@14:03:42: FAIL: Alarm-Intrusion address from=134.209.208.112 ...	2019-09-01 03:39:36
134.209.208.112	attack	VNC brute force attack detected by fail2ban	2019-08-07 06:39:20

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 134.209.208.159
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3925
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;134.209.208.159.		IN	A

;; AUTHORITY SECTION:
.			551	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019101201 1800 900 604800 86400

;; Query time: 85 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Oct 13 11:32:33 CST 2019
;; MSG SIZE  rcvd: 119

Host info

Host 159.208.209.134.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 159.208.209.134.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
159.65.154.48	attackbotsspam	May 8 16:51:19 vpn01 sshd[16199]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.154.48 May 8 16:51:22 vpn01 sshd[16199]: Failed password for invalid user test from 159.65.154.48 port 60390 ssh2 ...	2020-05-09 22:51:12
222.186.175.154	attackspambots	May 9 05:59:47 ift sshd\[13918\]: Failed password for root from 222.186.175.154 port 41992 ssh2May 9 05:59:51 ift sshd\[13918\]: Failed password for root from 222.186.175.154 port 41992 ssh2May 9 05:59:54 ift sshd\[13918\]: Failed password for root from 222.186.175.154 port 41992 ssh2May 9 05:59:58 ift sshd\[13918\]: Failed password for root from 222.186.175.154 port 41992 ssh2May 9 06:00:01 ift sshd\[13918\]: Failed password for root from 222.186.175.154 port 41992 ssh2 ...	2020-05-09 23:03:09
200.88.52.122	attack	May 9 04:38:04 melroy-server sshd[7051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.88.52.122 May 9 04:38:05 melroy-server sshd[7051]: Failed password for invalid user musa from 200.88.52.122 port 55100 ssh2 ...	2020-05-09 23:09:40
187.141.71.27	attackspam	2020-05-09T03:50:06.129314 sshd[24885]: Invalid user app from 187.141.71.27 port 33694 2020-05-09T03:50:06.144527 sshd[24885]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.141.71.27 2020-05-09T03:50:06.129314 sshd[24885]: Invalid user app from 187.141.71.27 port 33694 2020-05-09T03:50:08.768562 sshd[24885]: Failed password for invalid user app from 187.141.71.27 port 33694 ssh2 ...	2020-05-09 23:09:59
222.186.31.83	attackspambots	May 8 22:55:44 NPSTNNYC01T sshd[12366]: Failed password for root from 222.186.31.83 port 16352 ssh2 May 8 22:59:45 NPSTNNYC01T sshd[12644]: Failed password for root from 222.186.31.83 port 57265 ssh2 May 8 22:59:47 NPSTNNYC01T sshd[12644]: Failed password for root from 222.186.31.83 port 57265 ssh2 ...	2020-05-09 23:00:32
178.121.250.41	attackbots	(smtpauth) Failed SMTP AUTH login from 178.121.250.41 (BY/Belarus/mm-41-250-121-178.vitebsk.dynamic.pppoe.byfly.by): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2020-05-08 00:16:42 plain authenticator failed for ([127.0.0.1]) [178.121.250.41]: 535 Incorrect authentication data (set_id=ravabet_omomi@behzisty-esfahan.ir)	2020-05-09 22:44:40
71.6.232.7	attack	MultiHost/MultiPort Probe, Scan, Hack -	2020-05-09 23:05:06
186.206.139.166	attack	$f2bV_matches	2020-05-09 22:29:53
75.31.93.181	attackspam	SSH-BruteForce	2020-05-09 23:17:38
88.157.229.59	attackspam	May 9 04:43:55 ns382633 sshd\[11256\]: Invalid user user from 88.157.229.59 port 38496 May 9 04:43:55 ns382633 sshd\[11256\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.157.229.59 May 9 04:43:57 ns382633 sshd\[11256\]: Failed password for invalid user user from 88.157.229.59 port 38496 ssh2 May 9 04:54:16 ns382633 sshd\[13008\]: Invalid user testuser from 88.157.229.59 port 48554 May 9 04:54:16 ns382633 sshd\[13008\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.157.229.59	2020-05-09 23:13:15
71.6.232.8	attack	ET CINS Active Threat Intelligence Poor Reputation IP group 59 - port: 8333 proto: TCP cat: Misc Attack	2020-05-09 22:57:45
51.75.17.122	attackspam	2020-05-08T16:11:16.7417071495-001 sshd[48058]: Invalid user argentina from 51.75.17.122 port 32780 2020-05-08T16:11:16.7490251495-001 sshd[48058]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.ip-51-75-17.eu 2020-05-08T16:11:16.7417071495-001 sshd[48058]: Invalid user argentina from 51.75.17.122 port 32780 2020-05-08T16:11:19.0856751495-001 sshd[48058]: Failed password for invalid user argentina from 51.75.17.122 port 32780 ssh2 2020-05-08T16:14:59.3875141495-001 sshd[48174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.ip-51-75-17.eu user=root 2020-05-08T16:15:01.7940411495-001 sshd[48174]: Failed password for root from 51.75.17.122 port 41156 ssh2 ...	2020-05-09 22:47:43
178.123.249.131	attackspam	May 8 05:16:01 hni-server sshd[5676]: Invalid user admin from 178.123.249.131 May 8 05:16:01 hni-server sshd[5676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.123.249.131 May 8 05:16:03 hni-server sshd[5676]: Failed password for invalid user admin from 178.123.249.131 port 43200 ssh2 May 8 05:16:06 hni-server sshd[5676]: Connection closed by 178.123.249.131 port 43200 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=178.123.249.131	2020-05-09 22:35:11
178.123.33.179	attack	Email server abuse	2020-05-09 22:28:05
138.99.135.186	attackspambots	Unauthorized connection attempt detected from IP address 138.99.135.186 to port 445	2020-05-09 22:26:45

Recently Reported IPs

60.22.223.42	200.107.236.174	192.227.164.79	93.119.205.192
75.75.235.73	23.94.177.187	89.245.80.189	2.187.73.140
177.68.74.97	198.23.169.122	82.72.192.76	218.76.171.129
78.112.213.44	103.215.248.10	80.132.221.10	185.101.33.138
185.30.160.190	185.173.179.22	159.65.236.210	118.244.206.126