169.1.34.102 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: South Africa

Internet Service Provider: Afrihost (Pty) Ltd

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Sep 26 23:18:14 vpn01 sshd[12470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=169.1.34.102 Sep 26 23:18:16 vpn01 sshd[12470]: Failed password for invalid user admin from 169.1.34.102 port 35870 ssh2 ...	2019-09-27 09:21:31

Type

Details

Datetime

attackbotsspam

Sep 26 23:18:14 vpn01 sshd[12470]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=169.1.34.102
Sep 26 23:18:16 vpn01 sshd[12470]: Failed password for invalid user admin from 169.1.34.102 port 35870 ssh2
...

2019-09-27 09:21:31

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 169.1.34.102
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27476
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;169.1.34.102.			IN	A

;; AUTHORITY SECTION:
.			237	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019092603 1800 900 604800 86400

;; Query time: 440 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Sep 27 09:21:28 CST 2019
;; MSG SIZE  rcvd: 116

Host info

102.34.1.169.in-addr.arpa domain name pointer 169-1-34-102.ip.afrihost.capetown.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
102.34.1.169.in-addr.arpa	name = 169-1-34-102.ip.afrihost.capetown.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
222.186.139.183	attackbotsspam	(smtpauth) Failed SMTP AUTH login from 222.186.139.183 (CN/China/-): 5 in the last 3600 secs	2020-04-24 05:32:08
5.253.205.28	attackspam	0,34-00/00 [bc00/m118] PostRequest-Spammer scoring: essen	2020-04-24 05:55:02
52.187.245.12	attackbotsspam	Repeated RDP login failures. Last user: admin	2020-04-24 05:34:52
187.115.109.113	attackspambots	Netgear DGN Device Remote Command Execution Vulnerability, PTR: 187.115.109.113.static.host.gvt.net.br.	2020-04-24 05:33:37
41.221.168.167	attackbotsspam	Invalid user dockerroot from 41.221.168.167 port 51177	2020-04-24 06:02:24
103.145.12.63	attackbotsspam	[2020-04-23 17:35:00] NOTICE[1170][C-0000449e] chan_sip.c: Call from '' (103.145.12.63:58907) to extension '0111513442037691065' rejected because extension not found in context 'public'. [2020-04-23 17:35:00] SECURITY[1184] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-04-23T17:35:00.902-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="0111513442037691065",SessionID="0x7f6c0802ca98",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/103.145.12.63/58907",ACLName="no_extension_match" [2020-04-23 17:36:12] NOTICE[1170][C-000044a1] chan_sip.c: Call from '' (103.145.12.63:64628) to extension '0111514442037691065' rejected because extension not found in context 'public'. [2020-04-23 17:36:12] SECURITY[1184] res_security_log.c: SecurityEvent="FailedACL",EventTV="2020-04-23T17:36:12.708-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="0111514442037691065",SessionID="0x7f6c083f2118",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAd ...	2020-04-24 05:47:26
96.73.79.150	attackbotsspam	/boaform/admin/formPing	2020-04-24 06:02:01
211.234.119.189	attackbotsspam	no	2020-04-24 05:32:39
92.63.194.79	attack	VNC brute force attack detected by fail2ban	2020-04-24 06:03:31
128.199.218.137	attack	Apr 23 20:38:26 localhost sshd[119334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.218.137 user=root Apr 23 20:38:28 localhost sshd[119334]: Failed password for root from 128.199.218.137 port 47998 ssh2 Apr 23 20:41:56 localhost sshd[119748]: Invalid user postgres from 128.199.218.137 port 41638 Apr 23 20:41:56 localhost sshd[119748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.218.137 Apr 23 20:41:56 localhost sshd[119748]: Invalid user postgres from 128.199.218.137 port 41638 Apr 23 20:41:58 localhost sshd[119748]: Failed password for invalid user postgres from 128.199.218.137 port 41638 ssh2 ...	2020-04-24 05:36:45
182.176.120.32	attack	Apr 23 12:37:40 cumulus sshd[5774]: Did not receive identification string from 182.176.120.32 port 61305 Apr 23 12:37:41 cumulus sshd[5776]: Did not receive identification string from 182.176.120.32 port 61685 Apr 23 12:37:41 cumulus sshd[5775]: Did not receive identification string from 182.176.120.32 port 61799 Apr 23 12:37:41 cumulus sshd[5778]: Did not receive identification string from 182.176.120.32 port 61759 Apr 23 12:37:41 cumulus sshd[5777]: Did not receive identification string from 182.176.120.32 port 61749 Apr 23 12:37:41 cumulus sshd[5780]: Did not receive identification string from 182.176.120.32 port 61803 Apr 23 12:37:41 cumulus sshd[5779]: Did not receive identification string from 182.176.120.32 port 61842 Apr 23 12:37:45 cumulus sshd[5795]: Invalid user admina from 182.176.120.32 port 53511 Apr 23 12:37:45 cumulus sshd[5796]: Invalid user admina from 182.176.120.32 port 54042 Apr 23 12:37:45 cumulus sshd[5795]: pam_unix(sshd:auth): authentication fai........ -------------------------------	2020-04-24 06:01:36
190.113.208.255	attackbots	Lines containing failures of 190.113.208.255 Apr 23 18:28:31 shared07 sshd[19016]: Invalid user test from 190.113.208.255 port 23896 Apr 23 18:28:31 shared07 sshd[19016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.113.208.255 Apr 23 18:28:33 shared07 sshd[19016]: Failed password for invalid user test from 190.113.208.255 port 23896 ssh2 Apr 23 18:28:34 shared07 sshd[19016]: Connection closed by invalid user test 190.113.208.255 port 23896 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=190.113.208.255	2020-04-24 05:29:43
31.130.63.167	attackbots	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-04-24 05:35:56
115.216.168.39	attack	Lines containing failures of 115.216.168.39 Apr 23 12:30:59 neweola postfix/smtpd[4862]: connect from unknown[115.216.168.39] Apr 23 12:31:00 neweola postfix/smtpd[4862]: lost connection after AUTH from unknown[115.216.168.39] Apr 23 12:31:00 neweola postfix/smtpd[4862]: disconnect from unknown[115.216.168.39] ehlo=1 auth=0/1 commands=1/2 Apr 23 12:31:01 neweola postfix/smtpd[4862]: connect from unknown[115.216.168.39] Apr 23 12:31:01 neweola postfix/smtpd[4862]: lost connection after AUTH from unknown[115.216.168.39] Apr 23 12:31:01 neweola postfix/smtpd[4862]: disconnect from unknown[115.216.168.39] ehlo=1 auth=0/1 commands=1/2 Apr 23 12:31:02 neweola postfix/smtpd[4862]: connect from unknown[115.216.168.39] Apr 23 12:31:04 neweola postfix/smtpd[4862]: lost connection after AUTH from unknown[115.216.168.39] Apr 23 12:31:04 neweola postfix/smtpd[4862]: disconnect from unknown[115.216.168.39] ehlo=1 auth=0/1 commands=1/2 Apr 23 12:31:04 neweola postfix/smtpd[4862]: conne........ ------------------------------	2020-04-24 05:33:17
58.87.90.156	attackbots	SSH Invalid Login	2020-04-24 05:47:11

Recently Reported IPs

100.207.209.67	86.30.196.222	137.71.173.44	25.169.7.7
81.46.226.80	35.202.213.9	185.156.177.197	188.155.209.146
170.0.7.210	170.84.182.26	46.242.15.80	172.94.53.141
116.203.22.161	187.58.139.189	173.249.15.49	221.214.201.225
115.249.92.88	200.24.238.107	180.254.183.21	250.140.180.168