183.134.104.147

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Hangzhou Information Technology Co. Ltd

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	DATE:2020-05-26 10:11:27, IP:183.134.104.147, PORT:6379 REDIS brute force auth on honeypot server (epe-honey1-hq)	2020-05-26 18:42:08
attack	MH/MP Probe, Scan, Hack -	2020-03-13 23:02:27

Comments on same subnet:

IP	Type	Details	Datetime
183.134.104.173	attack	[portscan] tcp/143 [IMAP] [MySQL inject/portscan] tcp/3306 [portscan] tcp/3389 [MS RDP] [IPBX probe: SIP=tcp/5060] [portscan] tcp/993 [imaps] [scan/connect: 5 time(s)] in blocklist.de:'listed [unkn]' *(RWIN=8192)(10080947)	2020-10-09 02:25:31
183.134.104.172	attack	[MultiHost/MultiPort scan (8)] tcp/1433, tcp/21, tcp/22, tcp/23, tcp/465, tcp/554, tcp/993, udp/5353 [scan/connect: 8 time(s)] in blocklist.de:'listed [unkn]' *(RWIN=8192,-)(10080947)	2020-10-09 02:23:08
183.134.104.173	attackbots	[portscan] tcp/143 [IMAP] [MySQL inject/portscan] tcp/3306 [portscan] tcp/3389 [MS RDP] [IPBX probe: SIP=tcp/5060] [portscan] tcp/993 [imaps] [scan/connect: 5 time(s)] in blocklist.de:'listed [unkn]' *(RWIN=8192)(10080947)	2020-10-08 18:23:26
183.134.104.172	attackbotsspam	[MultiHost/MultiPort scan (8)] tcp/1433, tcp/21, tcp/22, tcp/23, tcp/465, tcp/554, tcp/993, udp/5353 [scan/connect: 8 time(s)] in blocklist.de:'listed [unkn]' *(RWIN=8192,-)(10080947)	2020-10-08 18:21:02
183.134.104.171	attackspambots	Icarus honeypot on github	2020-09-29 07:12:45
183.134.104.170	attackspambots	Icarus honeypot on github	2020-09-29 06:52:52
183.134.104.171	attackbotsspam	47808/udp 44818/udp 27017/udp... [2020-09-25]76pkt,36pt.(tcp),40pt.(udp)	2020-09-28 23:43:17
183.134.104.171	attack	47808/udp 44818/udp 27017/udp... [2020-09-25]76pkt,36pt.(tcp),40pt.(udp)	2020-09-28 15:45:55
183.134.104.148	attackbotsspam	Input Traffic from this IP, but critial abuseconfidencescore	2020-08-24 14:43:10
183.134.104.172	attackspam	proto=tcp . spt=13939 . dpt=25 . Found on CINS badguys (30)	2020-07-31 13:37:03
183.134.104.173	attackbots	Tried our host z.	2020-07-19 20:40:33
183.134.104.146	attack	port scans	2020-05-27 06:15:23
183.134.104.146	attackbots	MH/MP Probe, Scan, Hack -	2020-03-13 22:44:42
183.134.104.146	attackspam	Mar 10 20:57:41 vps339862 kernel: \[3089177.338991\] \[iptables\] PORT DENIED: IN=eth0 OUT= MAC=fa:16:3e:65:a1:f6:06:39:8f:aa:3b:a2:08:00 SRC=183.134.104.146 DST=51.254.206.43 LEN=88 TOS=0x00 PREC=0x00 TTL=109 ID=1084 DF PROTO=UDP SPT=52724 DPT=3128 LEN=68 Mar 10 20:58:21 vps339862 kernel: \[3089216.934899\] \[iptables\] PORT DENIED: IN=eth0 OUT= MAC=fa:16:3e:65:a1:f6:06:39:8f:aa:3b:a2:08:00 SRC=183.134.104.146 DST=51.254.206.43 LEN=88 TOS=0x00 PREC=0x00 TTL=109 ID=1111 DF PROTO=UDP SPT=10454 DPT=3260 LEN=68 Mar 10 20:59:01 vps339862 kernel: \[3089256.670731\] \[iptables\] PORT DENIED: IN=eth0 OUT= MAC=fa:16:3e:65:a1:f6:06:39:8f:aa:3b:a2:08:00 SRC=183.134.104.146 DST=51.254.206.43 LEN=88 TOS=0x00 PREC=0x00 TTL=112 ID=560 DF PROTO=UDP SPT=32635 DPT=3306 LEN=68 Mar 10 20:59:40 vps339862 kernel: \[3089296.344240\] \[iptables\] PORT DENIED: IN=eth0 OUT= MAC=fa:16:3e:65:a1:f6:06:39:8f:aa:3b:a2:08:00 SRC=183.134.104.146 DST=51.254.206.43 LEN=88 TOS=0x00 PREC=0x00 TTL=109 ID=4037 DF PROTO= ...	2020-03-11 05:46:10
183.134.104.172	attackspam	Unauthorised access (Feb 24) SRC=183.134.104.172 LEN=52 TTL=117 ID=9658 DF TCP DPT=21 WINDOW=8192 SYN	2020-02-25 03:12:39

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 183.134.104.147
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28167
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;183.134.104.147.		IN	A

;; AUTHORITY SECTION:
.			420	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020031300 1800 900 604800 86400

;; Query time: 100 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Mar 13 23:02:22 CST 2020
;; MSG SIZE  rcvd: 119

Host info

Host 147.104.134.183.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 147.104.134.183.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
61.245.170.249	attackspam	61.245.170.249 - - \[14/May/2020:05:20:54 -0700\] "POST /index.php/admin HTTP/1.1" 404 2040761.245.170.249 - - \[14/May/2020:05:20:54 -0700\] "POST /index.php/admin/sales_order/ HTTP/1.1" 404 2045961.245.170.249 - - \[14/May/2020:05:20:54 -0700\] "POST /index.php/admin/ HTTP/1.1" 404 20411 ...	2020-05-15 03:36:49
202.90.199.206	attackspambots	Invalid user test from 202.90.199.206 port 35294	2020-05-15 03:59:29
218.108.119.132	attack	May 14 16:44:40 XXX sshd[37399]: Invalid user developer from 218.108.119.132 port 60434	2020-05-15 03:52:11
221.2.144.76	attackspambots	Invalid user admin from 221.2.144.76 port 38468	2020-05-15 03:51:03
78.98.144.134	attack	May 14 20:09:11 piServer sshd[15288]: Failed password for root from 78.98.144.134 port 39536 ssh2 May 14 20:12:56 piServer sshd[15540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.98.144.134 May 14 20:12:57 piServer sshd[15540]: Failed password for invalid user ubuntu from 78.98.144.134 port 43814 ssh2 ...	2020-05-15 03:47:33
69.47.161.24	attack	Port Scan detected from 69.47.161.24 (US/United States/Ohio/Whitehall/d47-69-24-161.try.wideopenwest.com). 4 hits in the last 5 seconds	2020-05-15 04:01:04
193.112.247.104	attackspambots	(sshd) Failed SSH login from 193.112.247.104 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: May 14 20:33:02 amsweb01 sshd[4622]: Invalid user job from 193.112.247.104 port 33080 May 14 20:33:05 amsweb01 sshd[4622]: Failed password for invalid user job from 193.112.247.104 port 33080 ssh2 May 14 20:46:15 amsweb01 sshd[5614]: Invalid user sonia from 193.112.247.104 port 33410 May 14 20:46:17 amsweb01 sshd[5614]: Failed password for invalid user sonia from 193.112.247.104 port 33410 ssh2 May 14 20:56:26 amsweb01 sshd[6412]: Invalid user orauat from 193.112.247.104 port 53868	2020-05-15 03:40:50
51.178.50.244	attack	Invalid user sftp from 51.178.50.244 port 42158	2020-05-15 03:54:20
158.69.0.38	attackbotsspam	Invalid user chenxianjie from 158.69.0.38 port 58230	2020-05-15 03:58:52
219.217.204.103	attackspam	firewall-block, port(s): 23/tcp	2020-05-15 03:57:51
202.137.134.57	attackbots	Dovecot Invalid User Login Attempt.	2020-05-15 03:37:09
125.64.94.221	attackspambots	firewall-block, port(s): 9080/tcp	2020-05-15 03:42:43
111.229.104.94	attackspam	May 14 19:50:33 melroy-server sshd[4091]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.229.104.94 May 14 19:50:35 melroy-server sshd[4091]: Failed password for invalid user sheng from 111.229.104.94 port 52450 ssh2 ...	2020-05-15 03:36:27
5.255.96.44	attack	May 14 14:20:12 andromeda sshd\[1904\]: Invalid user qnap from 5.255.96.44 port 55932 May 14 14:20:12 andromeda sshd\[1904\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.255.96.44 May 14 14:20:15 andromeda sshd\[1904\]: Failed password for invalid user qnap from 5.255.96.44 port 55932 ssh2	2020-05-15 04:06:35
182.61.48.26	attack	10 attempts against mh_ha-misc-ban on bolt	2020-05-15 04:11:37

Recently Reported IPs

190.204.183.27	216.221.44.228	125.91.17.195	172.217.173.3
217.182.33.33	144.217.206.177	85.26.211.83	149.129.54.112
149.126.16.238	191.246.86.100	83.226.108.68	50.31.134.63
180.104.10.30	103.135.39.52	42.95.210.239	188.27.15.230
201.74.153.196	152.85.99.89	51.5.246.124	200.179.100.61