134.209.21.249

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
134.209.213.153	attackspambots	DigitalOcean BotNet attack - 10s of requests to non- pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks UA removed	2020-04-10 21:46:41
134.209.214.75	attack	DigitalOcean BotNet attack - 10s of requests to non-existent pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks node-superagent/4.1.0	2020-03-10 02:49:14
134.209.214.75	attackbotsspam	DigitalOcean BotNet attack - 10s of requests to non-existent pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks node-superagent/4.1.0	2020-02-27 02:50:10
134.209.216.249	attackbotsspam	Automatic report - XMLRPC Attack	2019-12-18 15:48:37
134.209.214.165	attackbots	DigitalOcean BotNet attack - 10s of requests to non-existent pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks node-superagent/4.1.0	2019-12-04 22:34:43
134.209.211.153	attack	134.209.211.153 - - \[19/Nov/2019:09:56:30 +0100\] "POST /wp-login.php HTTP/1.0" 200 4474 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 134.209.211.153 - - \[19/Nov/2019:09:56:32 +0100\] "POST /wp-login.php HTTP/1.0" 200 4287 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 134.209.211.153 - - \[19/Nov/2019:09:56:33 +0100\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-11-19 16:59:07
134.209.216.249	attackbots	miraniessen.de 134.209.216.249 \[12/Nov/2019:08:02:34 +0100\] "POST /wp-login.php HTTP/1.1" 200 5974 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" miraniessen.de 134.209.216.249 \[12/Nov/2019:08:02:37 +0100\] "POST /wp-login.php HTTP/1.1" 200 5975 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-11-12 22:28:04
134.209.211.153	attack	134.209.211.153 - - \[11/Nov/2019:14:46:37 +0100\] "POST /wp-login.php HTTP/1.0" 200 3909 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 134.209.211.153 - - \[11/Nov/2019:14:46:40 +0100\] "POST /wp-login.php HTTP/1.0" 200 4410 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 134.209.211.153 - - \[11/Nov/2019:14:46:53 +0100\] "POST /wp-login.php HTTP/1.0" 200 4408 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-11-11 21:56:33
134.209.211.153	attackspambots	fail2ban honeypot	2019-10-31 00:31:51
134.209.219.234	attackbotsspam	Automatic report - XMLRPC Attack	2019-10-29 16:38:34
134.209.210.100	attackbotsspam	134.209.210.100 - - [26/Oct/2019:22:28:57 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.209.210.100 - - [26/Oct/2019:22:28:57 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.209.210.100 - - [26/Oct/2019:22:28:58 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.209.210.100 - - [26/Oct/2019:22:28:58 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.209.210.100 - - [26/Oct/2019:22:29:02 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.209.210.100 - - [26/Oct/2019:22:29:02 +0200] "POST /wp-login.php HTTP/1.1" 200 1486 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-10-27 04:51:08
134.209.218.189	attackbotsspam	ssh intrusion attempt	2019-10-25 19:44:40
134.209.21.229	attackbots	port scan and connect, tcp 23 (telnet)	2019-10-21 00:59:08
134.209.211.153	attack	villaromeo.de 134.209.211.153 \[14/Oct/2019:21:30:45 +0200\] "POST /wp-login.php HTTP/1.1" 200 2061 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" villaromeo.de 134.209.211.153 \[14/Oct/2019:21:30:51 +0200\] "POST /wp-login.php HTTP/1.1" 200 2025 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-10-15 03:41:06
134.209.216.249	attackbotsspam	Automatic report - XMLRPC Attack	2019-10-14 01:13:33

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 134.209.21.249
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26249
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;134.209.21.249.			IN	A

;; AUTHORITY SECTION:
.			433	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022021702 1800 900 604800 86400

;; Query time: 18 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Feb 18 11:41:19 CST 2022
;; MSG SIZE  rcvd: 107

Host info

Host 249.21.209.134.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 249.21.209.134.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
203.143.84.227	attackbotsspam	fraudulent SSH attempt	2020-01-28 01:29:41
77.227.65.219	attackspam	Unauthorized connection attempt detected from IP address 77.227.65.219 to port 23 [J]	2020-01-28 01:04:31
62.210.123.95	attackbots	Jan 27 08:39:13 h2570396 sshd[18299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-123-95.rev.poneytelecom.eu Jan 27 08:39:15 h2570396 sshd[18299]: Failed password for invalid user sl from 62.210.123.95 port 49172 ssh2 Jan 27 08:39:15 h2570396 sshd[18299]: Received disconnect from 62.210.123.95: 11: Bye Bye [preauth] Jan 27 09:00:10 h2570396 sshd[19878]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-123-95.rev.poneytelecom.eu Jan 27 09:00:12 h2570396 sshd[19878]: Failed password for invalid user adam from 62.210.123.95 port 55020 ssh2 Jan 27 09:00:12 h2570396 sshd[19878]: Received disconnect from 62.210.123.95: 11: Bye Bye [preauth] Jan 27 09:02:59 h2570396 sshd[20996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62-210-123-95.rev.poneytelecom.eu Jan 27 09:03:01 h2570396 sshd[20996]: Failed password for invalid user shiva from 62........ -------------------------------	2020-01-28 01:08:44
80.82.70.106	attack	Jan 27 17:52:44 debian-2gb-nbg1-2 kernel: \[2403233.556890\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=80.82.70.106 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=59572 PROTO=TCP SPT=44030 DPT=11114 WINDOW=1024 RES=0x00 SYN URGP=0	2020-01-28 00:54:39
206.72.201.78	attackspam	[Mon Jan 27 06:50:03.750031 2020] [:error] [pid 74862] [client 206.72.201.78:41452] [client 206.72.201.78] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 21)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "127.0.0.1"] [uri "/cgi-bin/ViewLog.asp"] [unique_id "Xi6yS8Wr@36hGjoUZRFNNwAAAAM"] ...	2020-01-28 01:13:07
58.209.234.87	attack	Jan 27 10:05:56 nbi-636 sshd[26870]: Invalid user usuario from 58.209.234.87 port 52802 Jan 27 10:05:58 nbi-636 sshd[26870]: Failed password for invalid user usuario from 58.209.234.87 port 52802 ssh2 Jan 27 10:05:58 nbi-636 sshd[26870]: Received disconnect from 58.209.234.87 port 52802:11: Bye Bye [preauth] Jan 27 10:05:58 nbi-636 sshd[26870]: Disconnected from 58.209.234.87 port 52802 [preauth] Jan 27 10:11:41 nbi-636 sshd[28866]: Invalid user yang from 58.209.234.87 port 51460 Jan 27 10:11:43 nbi-636 sshd[28866]: Failed password for invalid user yang from 58.209.234.87 port 51460 ssh2 Jan 27 10:11:43 nbi-636 sshd[28866]: Received disconnect from 58.209.234.87 port 51460:11: Bye Bye [preauth] Jan 27 10:11:43 nbi-636 sshd[28866]: Disconnected from 58.209.234.87 port 51460 [preauth] Jan 27 10:14:18 nbi-636 sshd[29640]: Invalid user coffee from 58.209.234.87 port 37414 Jan 27 10:14:20 nbi-636 sshd[29640]: Failed password for invalid user coffee from 58.209.234.87 port 37........ -------------------------------	2020-01-28 01:00:35
85.116.106.94	attackspambots	Unauthorized connection attempt from IP address 85.116.106.94 on Port 445(SMB)	2020-01-28 01:11:45
172.104.92.168	attack	Jan 27 10:50:05 debian-2gb-nbg1-2 kernel: \[2377874.376361\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=172.104.92.168 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=57366 DPT=4567 WINDOW=65535 RES=0x00 SYN URGP=0	2020-01-28 01:10:51
193.188.22.188	attackspam	2020-01-27T17:57:23.441366ns386461 sshd\[28497\]: Invalid user admin from 193.188.22.188 port 44520 2020-01-27T17:57:23.454717ns386461 sshd\[28497\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.188.22.188 2020-01-27T17:57:25.164333ns386461 sshd\[28497\]: Failed password for invalid user admin from 193.188.22.188 port 44520 ssh2 2020-01-27T17:57:25.345259ns386461 sshd\[28503\]: Invalid user admin from 193.188.22.188 port 47938 2020-01-27T17:57:25.358268ns386461 sshd\[28503\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.188.22.188 ...	2020-01-28 01:30:17
196.23.154.76	attack	Attempt to attack host OS, exploiting network vulnerabilities, on 27-01-2020 09:50:13.	2020-01-28 00:58:40
204.48.27.10	attackspam	Unauthorized connection attempt detected from IP address 204.48.27.10 to port 2220 [J]	2020-01-28 01:20:53
62.215.6.11	attackspambots	Unauthorized connection attempt detected from IP address 62.215.6.11 to port 2220 [J]	2020-01-28 01:36:06
167.172.169.6	attack	Invalid user web from 167.172.169.6 port 47678	2020-01-28 01:28:09
45.227.253.147	attackspam	20 attempts against mh_ha-misbehave-ban on wheat	2020-01-28 01:14:58
13.94.173.68	attackspam	Unauthorized connection attempt detected from IP address 13.94.173.68 to port 2220 [J]	2020-01-28 01:12:32

Recently Reported IPs

134.209.200.194	134.209.206.208	134.209.208.48	134.209.202.110
134.209.211.193	134.209.210.89	134.209.217.255	134.209.22.225
134.209.214.183	134.209.211.196	134.209.222.31	134.209.219.105
134.209.220.127	134.209.227.132	134.209.225.121	134.209.235.113
134.209.229.31	134.209.241.164	134.209.24.246	134.209.240.64