189.124.134.104

Basic Info

City: Natal

Region: Rio Grande do Norte

Country: Brazil

Internet Service Provider: Cabo Servicos de Telecomunicacoes Ltda

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Jul 17 06:00:56 scw-focused-cartwright sshd[456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.124.134.104 Jul 17 06:00:57 scw-focused-cartwright sshd[456]: Failed password for invalid user nix from 189.124.134.104 port 48767 ssh2	2020-07-17 19:11:24
attack	Jul 17 01:58:19 ns382633 sshd\[30457\]: Invalid user test from 189.124.134.104 port 34445 Jul 17 01:58:19 ns382633 sshd\[30457\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.124.134.104 Jul 17 01:58:21 ns382633 sshd\[30457\]: Failed password for invalid user test from 189.124.134.104 port 34445 ssh2 Jul 17 02:10:28 ns382633 sshd\[644\]: Invalid user system from 189.124.134.104 port 57686 Jul 17 02:10:28 ns382633 sshd\[644\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.124.134.104	2020-07-17 08:10:36

Type

Details

Datetime

attackbots

Jul 17 06:00:56 scw-focused-cartwright sshd[456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.124.134.104
Jul 17 06:00:57 scw-focused-cartwright sshd[456]: Failed password for invalid user nix from 189.124.134.104 port 48767 ssh2

2020-07-17 19:11:24

attack

Jul 17 01:58:19 ns382633 sshd\[30457\]: Invalid user test from 189.124.134.104 port 34445
Jul 17 01:58:19 ns382633 sshd\[30457\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.124.134.104
Jul 17 01:58:21 ns382633 sshd\[30457\]: Failed password for invalid user test from 189.124.134.104 port 34445 ssh2
Jul 17 02:10:28 ns382633 sshd\[644\]: Invalid user system from 189.124.134.104 port 57686
Jul 17 02:10:28 ns382633 sshd\[644\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.124.134.104

2020-07-17 08:10:36

Comments on same subnet:

IP	Type	Details	Datetime
189.124.134.92	attack	Unauthorized connection attempt from IP address 189.124.134.92 on Port 445(SMB)	2019-11-23 02:17:46
189.124.134.58	attack	2019-10-28T20:11:15.073289abusebot-7.cloudsearch.cf sshd\[6110\]: Invalid user system from 189.124.134.58 port 9590	2019-10-29 04:53:57
189.124.134.58	attackbotsspam	Lines containing failures of 189.124.134.58 Oct 25 14:02:13 mailserver sshd[18166]: Did not receive identification string from 189.124.134.58 port 21226 Oct 25 14:03:55 mailserver sshd[18217]: Invalid user admin1 from 189.124.134.58 port 26657 Oct 25 14:04:13 mailserver sshd[18217]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.124.134.58 Oct 25 14:04:15 mailserver sshd[18217]: Failed password for invalid user admin1 from 189.124.134.58 port 26657 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=189.124.134.58	2019-10-25 21:14:58
189.124.134.49	attackbotsspam	ssh failed login	2019-06-24 04:00:51

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 189.124.134.104
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12724
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;189.124.134.104.		IN	A

;; AUTHORITY SECTION:
.			360	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020071604 1800 900 604800 86400

;; Query time: 118 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Jul 17 08:10:33 CST 2020
;; MSG SIZE  rcvd: 119

Host info

104.134.124.189.in-addr.arpa domain name pointer 189-124-134-104.corp.cabotelecom.com.br.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
104.134.124.189.in-addr.arpa	name = 189-124-134-104.corp.cabotelecom.com.br.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
192.200.207.131	attackspambots	May 14 20:50:22 124388 sshd[25561]: Failed password for root from 192.200.207.131 port 59672 ssh2 May 14 20:55:23 124388 sshd[25582]: Invalid user lithia from 192.200.207.131 port 39532 May 14 20:55:23 124388 sshd[25582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.200.207.131 May 14 20:55:23 124388 sshd[25582]: Invalid user lithia from 192.200.207.131 port 39532 May 14 20:55:24 124388 sshd[25582]: Failed password for invalid user lithia from 192.200.207.131 port 39532 ssh2	2020-05-15 06:14:14
104.248.164.123	attackspam	Invalid user user from 104.248.164.123 port 42278	2020-05-15 06:33:45
152.67.7.117	attackbots	Invalid user teran from 152.67.7.117 port 52868	2020-05-15 06:23:31
185.173.35.1	attack	Port scan: Attack repeated for 24 hours	2020-05-15 06:24:21
179.93.149.17	attackbotsspam	SSH Invalid Login	2020-05-15 06:20:31
60.215.47.106	attack	60.215.47.106 - - [27/Mar/2020:10:48:30 +0100] "GET /plus/carbuyaction.php HTTP/1.1" 404 13077 ...	2020-05-15 06:10:59
5.145.174.49	attackspambots	xmlrpc attack	2020-05-15 06:06:22
140.143.56.61	attackspambots	May 15 00:10:26 electroncash sshd[48534]: Invalid user leng from 140.143.56.61 port 48460 May 15 00:10:26 electroncash sshd[48534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.56.61 May 15 00:10:26 electroncash sshd[48534]: Invalid user leng from 140.143.56.61 port 48460 May 15 00:10:27 electroncash sshd[48534]: Failed password for invalid user leng from 140.143.56.61 port 48460 ssh2 May 15 00:14:32 electroncash sshd[49657]: Invalid user nnn from 140.143.56.61 port 38184 ...	2020-05-15 06:34:46
54.36.77.233	attack	[Thu May 14 18:36:43.285432 2020] [:error] [pid 185897] [client 54.36.77.233:59194] [client 54.36.77.233] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "127.0.0.1"] [uri "/cgi-bin/ViewLog.asp"] [unique_id "Xr256kYM-MpM8O47hf7vigAAAAM"] ...	2020-05-15 06:12:54
222.186.180.41	attack	May 15 00:31:42 ns381471 sshd[12711]: Failed password for root from 222.186.180.41 port 56026 ssh2 May 15 00:31:54 ns381471 sshd[12711]: error: maximum authentication attempts exceeded for root from 222.186.180.41 port 56026 ssh2 [preauth]	2020-05-15 06:38:35
139.99.40.130	attackspambots	Invalid user harry from 139.99.40.130 port 45466	2020-05-15 06:30:52
195.3.146.111	attackspam	firewall-block, port(s): 1122/tcp, 4200/tcp, 5151/tcp, 5432/tcp, 9995/tcp	2020-05-15 06:16:47
62.234.78.62	attack	SSH Invalid Login	2020-05-15 06:01:17
129.211.185.246	attackspam	Invalid user barret from 129.211.185.246 port 38972	2020-05-15 06:28:14
192.99.172.138	attack	Fail2Ban Ban Triggered HTTP Exploit Attempt	2020-05-15 06:14:49

Recently Reported IPs

101.0.105.98	158.154.53.200	162.206.225.220	93.99.135.246
145.37.117.10	208.223.187.218	139.58.223.226	200.55.36.236
24.100.103.185	2.6.124.136	111.89.255.28	67.93.188.166
209.97.170.131	179.137.105.91	12.255.130.202	157.48.73.157
82.5.221.209	99.71.56.40	115.137.159.180	173.240.40.97