220.134.209.21

Basic Info

City: unknown

Region: unknown

Country: Taiwan, China

Internet Service Provider: Chunghwa Telecom Co. Ltd.

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	SSH login attempts.	2020-08-23 03:10:55

Comments on same subnet:

IP	Type	Details	Datetime
220.134.209.126	attackspam	Aug 29 23:57:56 dallas01 sshd[22960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.209.126 Aug 29 23:57:57 dallas01 sshd[22960]: Failed password for invalid user nico from 220.134.209.126 port 37548 ssh2 Aug 30 00:02:38 dallas01 sshd[24653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.209.126 Aug 30 00:02:40 dallas01 sshd[24653]: Failed password for invalid user ppb from 220.134.209.126 port 27188 ssh2	2019-10-08 23:31:30
220.134.209.97	attack	firewall-block, port(s): 34567/tcp	2019-10-01 03:24:32
220.134.209.126	attack	Invalid user t from 220.134.209.126 port 38382	2019-08-25 09:27:38
220.134.209.126	attackspam	Aug 21 12:10:33 h2177944 sshd\[22156\]: Invalid user klind from 220.134.209.126 port 17644 Aug 21 12:10:33 h2177944 sshd\[22156\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.209.126 Aug 21 12:10:34 h2177944 sshd\[22156\]: Failed password for invalid user klind from 220.134.209.126 port 17644 ssh2 Aug 21 12:15:09 h2177944 sshd\[22239\]: Invalid user usuario from 220.134.209.126 port 62796 Aug 21 12:15:09 h2177944 sshd\[22239\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.209.126 ...	2019-08-21 19:01:12
220.134.209.126	attack	Aug 20 10:49:05 vps200512 sshd\[10070\]: Invalid user spyware from 220.134.209.126 Aug 20 10:49:05 vps200512 sshd\[10070\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.209.126 Aug 20 10:49:07 vps200512 sshd\[10070\]: Failed password for invalid user spyware from 220.134.209.126 port 48630 ssh2 Aug 20 10:53:49 vps200512 sshd\[10159\]: Invalid user dorina from 220.134.209.126 Aug 20 10:53:49 vps200512 sshd\[10159\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.134.209.126	2019-08-20 23:09:19
220.134.209.126	attackspam	Jul 29 00:58:02 uapps sshd[23819]: User r.r from 220-134-209-126.hinet-ip.hinet.net not allowed because not listed in AllowUsers Jul 29 00:58:02 uapps sshd[23819]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220-134-209-126.hinet-ip.hinet.net user=r.r Jul 29 00:58:05 uapps sshd[23819]: Failed password for invalid user r.r from 220.134.209.126 port 63122 ssh2 Jul 29 00:58:05 uapps sshd[23819]: Received disconnect from 220.134.209.126: 11: Bye Bye [preauth] Jul 29 04:35:59 uapps sshd[6662]: User r.r from 220-134-209-126.hinet-ip.hinet.net not allowed because not listed in AllowUsers Jul 29 04:35:59 uapps sshd[6662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220-134-209-126.hinet-ip.hinet.net user=r.r Jul 29 04:36:01 uapps sshd[6662]: Failed password for invalid user r.r from 220.134.209.126 port 55970 ssh2 Jul 29 04:36:01 uapps sshd[6662]: Received disconnect from 220.134.209.126: ........ -------------------------------	2019-08-01 15:23:41

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 220.134.209.21
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26417
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;220.134.209.21.			IN	A

;; AUTHORITY SECTION:
.			352	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020082200 1800 900 604800 86400

;; Query time: 79 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Aug 23 03:10:50 CST 2020
;; MSG SIZE  rcvd: 118

Host info

21.209.134.220.in-addr.arpa domain name pointer 220-134-209-21.HINET-IP.hinet.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
21.209.134.220.in-addr.arpa	name = 220-134-209-21.HINET-IP.hinet.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
185.39.11.32	attackspam	TCP (SYN) 185.39.11.32:54225 -> port 57732, len 44	2020-09-16 14:16:59
189.175.74.198	attackbots	Unauthorized connection attempt from IP address 189.175.74.198 on Port 445(SMB)	2020-09-16 14:41:11
106.13.47.6	attackbots	ssh brute force	2020-09-16 14:33:55
94.102.51.28	attackbotsspam	Sep 16 07:53:53 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3e:4a:cc:28:99:3a:4d:23:91:08:00 SRC=94.102.51.28 DST=173.212.244.83 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=61204 PROTO=TCP SPT=51127 DPT=9280 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 16 07:54:03 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3e:4a:cc:28:99:3a:4d:23:91:08:00 SRC=94.102.51.28 DST=173.212.244.83 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=43963 PROTO=TCP SPT=51127 DPT=57407 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 16 08:03:13 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3e:4a:cc:28:99:3a:4d:23:91:08:00 SRC=94.102.51.28 DST=173.212.244.83 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=51278 PROTO=TCP SPT=51127 DPT=3794 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 16 08:04:26 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3e:4a:cc:28:99:3a:4d:23:91:08:00 SRC=94.102.51.28 DST=173.212.244.83 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=18475 PROTO=TCP SPT=51127 DPT=36671 WINDOW=1024 RES=0x00 SYN URGP=0 Sep 16 08:07:05 *hidde ...	2020-09-16 14:21:16
196.52.43.54	attackspambots	Port scanning [2 denied]	2020-09-16 14:14:37
203.128.84.60	attackbotsspam	Unauthorized connection attempt from IP address 203.128.84.60 on Port 445(SMB)	2020-09-16 14:14:20
168.62.59.142	spam	Received: from cmp ([168.62.59.74]) by mrelayeu.kundenserver.de (mreue010 [212.227.15.167]) with ESMTPSA (Nemesis) id 1MF3U0-1kGBy40Hvc-00FVgp for ; Wed, 16 Sep 2020 08:33:36 +0200 Date: Tue, 15 Sep 2020 21:33:34 -0900 To: brascom@info.com.ph	2020-09-16 15:11:38
134.209.57.3	attackbots	2020-09-16T01:08:36.1587691495-001 sshd[43919]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.57.3 user=root 2020-09-16T01:08:37.7959481495-001 sshd[43919]: Failed password for root from 134.209.57.3 port 57974 ssh2 2020-09-16T01:12:52.1092581495-001 sshd[44120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.57.3 user=root 2020-09-16T01:12:54.5591831495-001 sshd[44120]: Failed password for root from 134.209.57.3 port 42250 ssh2 2020-09-16T01:17:01.9618281495-001 sshd[44286]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.57.3 user=root 2020-09-16T01:17:03.2579031495-001 sshd[44286]: Failed password for root from 134.209.57.3 port 54748 ssh2 ...	2020-09-16 14:35:37
104.140.188.22	attack	SSH login attempts.	2020-09-16 14:42:44
201.182.228.63	attack	Automatic report - Port Scan Attack	2020-09-16 14:22:47
12.165.80.213	attackspambots	Repeated RDP login failures. Last user: Mike	2020-09-16 15:09:36
78.128.113.120	attackbots	Sep 16 08:15:36 relay postfix/smtpd\[30023\]: warning: unknown\[78.128.113.120\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 16 08:15:54 relay postfix/smtpd\[30032\]: warning: unknown\[78.128.113.120\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 16 08:16:10 relay postfix/smtpd\[1534\]: warning: unknown\[78.128.113.120\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 16 08:17:08 relay postfix/smtpd\[1534\]: warning: unknown\[78.128.113.120\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 16 08:17:26 relay postfix/smtpd\[30032\]: warning: unknown\[78.128.113.120\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-09-16 14:25:56
185.202.1.124	attackbots	2020-09-16T02:27:59Z - RDP login failed multiple times. (185.202.1.124)	2020-09-16 14:50:11
13.76.252.236	attack	Sep 16 08:09:07 piServer sshd[20338]: Failed password for root from 13.76.252.236 port 50120 ssh2 Sep 16 08:18:07 piServer sshd[21581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.76.252.236 Sep 16 08:18:09 piServer sshd[21581]: Failed password for invalid user ahrens from 13.76.252.236 port 35236 ssh2 ...	2020-09-16 14:21:48
217.23.2.182	attack	Cowrie Honeypot: 10 unauthorised SSH/Telnet login attempts between 2020-09-16T03:27:56Z and 2020-09-16T04:46:35Z	2020-09-16 14:23:57

Recently Reported IPs

46.24.59.39	178.176.77.204	218.250.225.136	187.214.3.5
178.22.168.109	218.250.209.201	104.144.17.137	69.58.6.188
218.250.189.201	45.57.138.250	23.250.53.69	103.104.182.198
218.102.239.248	217.74.210.118	55.222.134.41	160.222.100.27
131.30.164.148	217.24.66.199	129.85.58.118	2.95.80.190