165.255.134.125

Basic Info

City: unknown

Region: unknown

Country: South Africa

Internet Service Provider: Afrihost (Pty) Ltd

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Sep 26 21:11:03 tuotantolaitos sshd[6968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.255.134.125 Sep 26 21:11:05 tuotantolaitos sshd[6968]: Failed password for invalid user jule from 165.255.134.125 port 35846 ssh2 ...	2019-09-27 04:20:55

Type

Details

Datetime

attackbots

Sep 26 21:11:03 tuotantolaitos sshd[6968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.255.134.125
Sep 26 21:11:05 tuotantolaitos sshd[6968]: Failed password for invalid user jule from 165.255.134.125 port 35846 ssh2
...

2019-09-27 04:20:55

Comments on same subnet:

IP	Type	Details	Datetime
165.255.134.24	attackspambots	Jul 25 02:36:50 v22018076622670303 sshd\[16543\]: Invalid user info from 165.255.134.24 port 45238 Jul 25 02:36:50 v22018076622670303 sshd\[16543\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.255.134.24 Jul 25 02:36:52 v22018076622670303 sshd\[16543\]: Failed password for invalid user info from 165.255.134.24 port 45238 ssh2 ...	2019-07-25 09:57:42
165.255.134.187	attackbotsspam	SSH/22 MH Probe, BF, Hack -	2019-07-14 20:09:58
165.255.134.140	attack	Jul 12 01:49:40 shared03 sshd[21029]: Invalid user est from 165.255.134.140 Jul 12 01:49:40 shared03 sshd[21029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.255.134.140 Jul 12 01:49:43 shared03 sshd[21029]: Failed password for invalid user est from 165.255.134.140 port 55966 ssh2 Jul 12 01:49:43 shared03 sshd[21029]: Received disconnect from 165.255.134.140 port 55966:11: Bye Bye [preauth] Jul 12 01:49:43 shared03 sshd[21029]: Disconnected from 165.255.134.140 port 55966 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=165.255.134.140	2019-07-12 09:05:35

Type

Details

Datetime

165.255.134.24

attackspambots

Jul 25 02:36:50 v22018076622670303 sshd\[16543\]: Invalid user info from 165.255.134.24 port 45238
Jul 25 02:36:50 v22018076622670303 sshd\[16543\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.255.134.24
Jul 25 02:36:52 v22018076622670303 sshd\[16543\]: Failed password for invalid user info from 165.255.134.24 port 45238 ssh2
...

2019-07-25 09:57:42

165.255.134.187

attackbotsspam

SSH/22 MH Probe, BF, Hack -

2019-07-14 20:09:58

165.255.134.140

attack

Jul 12 01:49:40 shared03 sshd[21029]: Invalid user est from 165.255.134.140
Jul 12 01:49:40 shared03 sshd[21029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.255.134.140
Jul 12 01:49:43 shared03 sshd[21029]: Failed password for invalid user est from 165.255.134.140 port 55966 ssh2
Jul 12 01:49:43 shared03 sshd[21029]: Received disconnect from 165.255.134.140 port 55966:11: Bye Bye [preauth]
Jul 12 01:49:43 shared03 sshd[21029]: Disconnected from 165.255.134.140 port 55966 [preauth]


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=165.255.134.140

2019-07-12 09:05:35

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 165.255.134.125
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63060
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;165.255.134.125.		IN	A

;; AUTHORITY SECTION:
.			477	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019092601 1800 900 604800 86400

;; Query time: 93 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Sep 27 04:20:51 CST 2019
;; MSG SIZE  rcvd: 119

Host info

125.134.255.165.in-addr.arpa domain name pointer 165-255-134-125.ip.adsl.co.za.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
125.134.255.165.in-addr.arpa	name = 165-255-134-125.ip.adsl.co.za.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
94.102.50.137	attack	TCP (SYN) 94.102.50.137:54939 -> port 4109, len 44	2020-07-06 23:58:23
94.76.92.10	attackbotsspam	VNC brute force attack detected by fail2ban	2020-07-06 23:25:33
2.189.189.130	attackspam	TCP (SYN) 2.189.189.130:48108 -> port 29869, len 44	2020-07-06 23:42:52
138.97.123.176	attack	cctv illegal login	2020-07-06 23:54:52
222.186.61.19	attack	TCP (SYN) 222.186.61.19:37181 -> port 443, len 44	2020-07-06 23:43:46
185.39.11.38	attackspam	TCP (SYN) 185.39.11.38:53013 -> port 25741, len 44	2020-07-06 23:49:06
94.102.51.106	attackbotsspam	TCP (SYN) 94.102.51.106:42578 -> port 23, len 44	2020-07-06 23:55:56
185.39.10.47	attack	Jul 6 17:40:56 debian-2gb-nbg1-2 kernel: \[16308664.508219\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=185.39.10.47 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=19473 PROTO=TCP SPT=44666 DPT=6500 WINDOW=1024 RES=0x00 SYN URGP=0	2020-07-06 23:50:10
58.200.120.251	attack	scans 2 times in preceeding hours on the ports (in chronological order) 53389 63389	2020-07-06 23:32:48
94.102.49.114	attackspam	firewall-block, port(s): 5048/tcp, 8228/tcp, 8310/tcp, 8401/tcp, 51630/tcp, 52003/tcp	2020-07-06 23:59:05
14.241.73.201	attack	probes 4 times on the port 8291	2020-07-06 23:41:47
172.104.112.228	attackbots	Jul 6 15:06:14 debian-2gb-nbg1-2 kernel: \[16299382.552893\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=172.104.112.228 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=35194 PROTO=TCP SPT=44423 DPT=815 WINDOW=1024 RES=0x00 SYN URGP=0	2020-07-06 23:53:54
125.64.94.130	attackspam	" "	2020-07-06 23:54:46
172.105.51.125	attackspambots	scans once in preceeding hours on the ports (in chronological order) 8545 resulting in total of 10 scans from 172.104.0.0/15 block.	2020-07-06 23:52:14
172.105.13.127	attack	TCP (SYN) 172.105.13.127:49080 -> port 8333, len 44	2020-07-06 23:53:12

Recently Reported IPs

142.136.85.75	50.238.201.214	101.156.140.235	154.156.119.33
45.112.43.46	76.36.211.163	165.112.173.95	230.226.208.152
39.116.89.137	230.191.82.155	38.0.46.13	173.165.166.141
178.128.39.92	103.109.37.36	1.20.251.53	113.162.180.4
49.148.197.250	198.1.102.117	171.6.246.2	123.189.157.176