134.90.149.22 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Norway

Internet Service Provider: Blix Group AS

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	134.90.149.22 - - [27/Jul/2019:07:15:25 +0200] "GET /Autodiscover/Autodiscover.xml HTTP/1.1" 404 458 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.2223.0 Safari/537.36" 134.90.149.22 - - [27/Jul/2019:07:15:25 +0200] "GET /Autodiscover/Autodiscover.xml HTTP/1.1" 404 402 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.2223.0 Safari/537.36" 134.90.149.22 - - [27/Jul/2019:07:15:26 +0200] "GET /jmx-console HTTP/1.1" 404 440 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1 en-US; rv:1.9.2.18) Gecko/20110614 Firefox/53.6.11" 134.90.149.22 - - [27/Jul/2019:07:15:26 +0200] "GET ///jmx-console HTTP/1.1" 404 440 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1 en-US; rv:1.9.2.18) Gecko/20110614 Firefox/53.6.11" 134.90.149.22 - - [27/Jul/2019:07:15:26 +0200] "GET /manager/html HTTP/1.1" 404 441 "-" "Mozilla/5.0 (Windows NT 6.1; WOW6 ...	2019-07-27 13:20:47
attack	Port scan on 5 port(s): 22 3389 5900 5901 6000	2019-07-26 22:58:11
attackspambots	Port scan on 3 port(s): 2301 8080 8081	2019-07-25 23:25:36

Type

Details

Datetime

attack

134.90.149.22 - - [27/Jul/2019:07:15:25 +0200] "GET /Autodiscover/Autodiscover.xml HTTP/1.1" 404 458 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.2223.0 Safari/537.36"
134.90.149.22 - - [27/Jul/2019:07:15:25 +0200] "GET /Autodiscover/Autodiscover.xml HTTP/1.1" 404 402 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.2223.0 Safari/537.36"
134.90.149.22 - - [27/Jul/2019:07:15:26 +0200] "GET /jmx-console HTTP/1.1" 404 440 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1 en-US; rv:1.9.2.18) Gecko/20110614 Firefox/53.6.11"
134.90.149.22 - - [27/Jul/2019:07:15:26 +0200] "GET ///jmx-console HTTP/1.1" 404 440 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1 en-US; rv:1.9.2.18) Gecko/20110614 Firefox/53.6.11"
134.90.149.22 - - [27/Jul/2019:07:15:26 +0200] "GET /manager/html HTTP/1.1" 404 441 "-" "Mozilla/5.0 (Windows NT 6.1; WOW6
...

2019-07-27 13:20:47

attack

Port scan on 5 port(s): 22 3389 5900 5901 6000

2019-07-26 22:58:11

attackspambots

Port scan on 3 port(s): 2301 8080 8081

2019-07-25 23:25:36

Comments on same subnet:

IP	Type	Details	Datetime
134.90.149.146	attack		2020-08-14 22:51:59
134.90.149.147	attack		2020-08-14 22:50:48
134.90.149.147	attackspam	fell into ViewStateTrap:wien2018	2020-08-10 16:05:48
134.90.149.150	attack	Port scan detected on ports: 8080[TCP], 5836[TCP], 3121[TCP]	2020-08-05 00:08:34
134.90.149.146	attack	0,47-01/07 [bc01/m11] PostRequest-Spammer scoring: Lusaka01	2020-02-29 21:41:14
134.90.149.146	attack	0,37-01/09 [bc01/m16] PostRequest-Spammer scoring: lisboa	2020-02-29 07:07:42
134.90.149.146	attackbots	0,42-01/06 [bc01/m14] PostRequest-Spammer scoring: harare01	2020-02-28 14:30:35
134.90.149.146	attack	(From tanya-borden@msn.com) Wеlcome Bоnus - $585 Bоnus + 542 Frеe Speеns: http://qgytgdspn.nccprojects.org/ec89cf	2020-02-27 02:52:57
134.90.149.146	attackbotsspam	(From 5633431@aol.com) Best Online Сasino in Cаnada - $758 Bonus + 423 Frее Speеns: http://eljbi.storyofafeather.com/724ecf	2020-02-26 01:56:01
134.90.149.146	attack	(From jltoney86@gmail.com) Веst Оnline Casino in USA - $985 Воnus + 355 Frее Speеns: http://bqknnaxq.12minuteaffiliate.website/71b11a29	2020-02-25 14:56:59
134.90.149.146	attackspam	0,39-02/05 [bc01/m08] PostRequest-Spammer scoring: rome	2020-02-25 05:51:15
134.90.149.146	attackspam	0,19-01/04 [bc01/m11] PostRequest-Spammer scoring: essen	2020-02-24 13:31:53
134.90.149.147	attackbots	(From afonsosreis@msn.com) UРDАTE: Crуptoсurrenсy Investing Strategу - Q2 2020. Rеcеivе рassive incomе of $ 70,000 рer month: https://links.wtf/oAhi	2020-02-23 06:27:43
134.90.149.147	attackbots	(From irungu.millicent@yahoo.com) Invest $ 5,000 in Bitcoin mining оnce аnd get $ 70,000 passive incоmе pеr month: https://darknesstr.com/getmoney159489	2020-02-23 00:29:23
134.90.149.147	attackspam	(From sbrkovich@msn.com) Bесomе a bitcоin millionairе. Get frоm $ 2500 pеr day: https://1borsa.com/getmillions981769	2020-02-22 20:10:11

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 134.90.149.22
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31660
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;134.90.149.22.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019072501 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu Jul 25 23:25:07 CST 2019
;; MSG SIZE  rcvd: 117

Host info

22.149.90.134.in-addr.arpa domain name pointer s1349014922.blix.com.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
22.149.90.134.in-addr.arpa	name = s1349014922.blix.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
47.75.74.254	attackspambots	47.75.74.254 - - \[30/Mar/2020:21:44:13 +0200\] "POST /wp-login.php HTTP/1.0" 200 6509 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 47.75.74.254 - - \[30/Mar/2020:21:44:24 +0200\] "POST /wp-login.php HTTP/1.0" 200 6487 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 47.75.74.254 - - \[30/Mar/2020:21:44:30 +0200\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-03-31 06:13:32
222.186.15.65	attackbots	Brute force SMTP login attempted. ...	2020-03-31 06:10:10
198.108.66.217	attack	Port 5902 scan denied	2020-03-31 06:32:26
107.172.68.43	attack	Unauthorized access detected from black listed ip!	2020-03-31 06:23:15
2a01:488:66:1000:5ccc:3293:0:1	attack	(mod_security) mod_security (id:210730) triggered by 2a01:488:66:1000:5ccc:3293:0:1 (vs248268.vs.hosteurope.de): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Mon Mar 30 09:51:05.434111 2020] [:error] [pid 57662:tid 46912908662528] [client 2a01:488:66:1000:5ccc:3293:0:1:27938] [client 2a01:488:66:1000:5ccc:3293:0:1] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".xsd/" at TX:extension. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "3"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cjthedj97.me\|F\|2"] [data ".xsd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cjthedj97.me"] [uri "/vendor/phpunit/phpunit/phpunit.xsd"] [unique_id "XoH5SWvQlui8rvGunqX9dAAAAAg"]	2020-03-31 06:03:50
222.186.173.215	attack	Brute force SMTP login attempted. ...	2020-03-31 05:57:48
119.29.205.52	attackspambots	Mar 30 15:47:16 silence02 sshd[32570]: Failed password for root from 119.29.205.52 port 48188 ssh2 Mar 30 15:51:06 silence02 sshd[384]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.29.205.52 Mar 30 15:51:08 silence02 sshd[384]: Failed password for invalid user cn from 119.29.205.52 port 48732 ssh2	2020-03-31 06:05:05
218.92.0.192	attackbotsspam	Mar 30 23:43:25 legacy sshd[18506]: Failed password for root from 218.92.0.192 port 23229 ssh2 Mar 30 23:44:23 legacy sshd[18527]: Failed password for root from 218.92.0.192 port 26906 ssh2 Mar 30 23:44:25 legacy sshd[18527]: Failed password for root from 218.92.0.192 port 26906 ssh2 ...	2020-03-31 06:06:32
182.242.163.122	attack	Mar 30 20:17:25 srv01 sshd[19629]: Invalid user Qwer32 from 182.242.163.122 port 41476 Mar 30 20:17:25 srv01 sshd[19629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.242.163.122 Mar 30 20:17:25 srv01 sshd[19629]: Invalid user Qwer32 from 182.242.163.122 port 41476 Mar 30 20:17:26 srv01 sshd[19629]: Failed password for invalid user Qwer32 from 182.242.163.122 port 41476 ssh2 Mar 30 20:19:56 srv01 sshd[19887]: Invalid user !QAZxsw22wsx from 182.242.163.122 port 41912 ...	2020-03-31 06:07:28
222.184.233.222	attackbots	Brute force SMTP login attempted. ...	2020-03-31 06:15:06
205.250.113.121	attackbotsspam	SSH authentication failure x 6 reported by Fail2Ban ...	2020-03-31 06:27:52
222.186.169.194	attack	Brute force SMTP login attempted. ...	2020-03-31 06:06:10
217.112.142.66	attackspambots	Mar 30 16:36:22 mail.srvfarm.net postfix/smtpd[1583913]: NOQUEUE: reject: RCPT from unknown[217.112.142.66]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo= Mar 30 16:36:25 mail.srvfarm.net postfix/smtpd[1604200]: NOQUEUE: reject: RCPT from unknown[217.112.142.66]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo= Mar 30 16:36:25 mail.srvfarm.net postfix/smtpd[1604197]: NOQUEUE: reject: RCPT from unknown[217.112.142.66]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo= Mar 30 16:41:20 mail.srvfarm.net postfix/smtpd[1604475]: NOQUEUE: reject: RCPT from unknown[217.112.142	2020-03-31 06:16:51
222.175.142.131	attack	Mar 30 14:46:03 vlre-nyc-1 sshd\[5709\]: Invalid user www from 222.175.142.131 Mar 30 14:46:03 vlre-nyc-1 sshd\[5709\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.175.142.131 Mar 30 14:46:05 vlre-nyc-1 sshd\[5709\]: Failed password for invalid user www from 222.175.142.131 port 45224 ssh2 Mar 30 14:48:39 vlre-nyc-1 sshd\[5747\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.175.142.131 user=root Mar 30 14:48:42 vlre-nyc-1 sshd\[5747\]: Failed password for root from 222.175.142.131 port 34352 ssh2 ...	2020-03-31 06:21:04
86.122.159.137	attackspambots	SSH Brute-Force Attack	2020-03-31 05:52:55

Recently Reported IPs

2403:6200:8832:d552:2c1e:b86b:6bdf:4b12	165.11.240.98	182.232.31.57	2a01:598:a005:4682:457c:e9b9:f98c:bcd7
109.38.40.46	105.96.198.133	121.79.131.234	216.21.79.188
88.0.250.129	121.176.22.177	61.8.138.46	173.2.124.98
152.209.178.50	50.63.164.251	173.30.71.188	40.242.184.212
84.133.255.245	125.249.87.17	84.193.142.76	55.224.184.56