This IP address has been reported a total of
35
times from
25 distinct
sources.
134.209.158.213 was first reported on
, and the most recent report was
.
Old Reports:
The most recent abuse report for this IP address is from
. It is possible that this IP is no longer involved in abusive activities.
Unwanted traffic detected by honeypot on March 15, 2026: port scans (1 port 22 scan), and brute forc ...
show moreUnwanted traffic detected by honeypot on March 15, 2026: port scans (1 port 22 scan), and brute force and hacking attacks (1 over ssh).
show less
SSH honeypot attack from IP using default creds root/123456. Go-based SSH client conducted reconnais ...
show moreSSH honeypot attack from IP using default creds root/123456. Go-based SSH client conducted reconnaissance across two sessions (~2 min). Session 1: attempted chattr -i on bash/zsh rc files to remove immutable flags, bypassing file protections for persistence prep. Session 2: system recon - reset PATH to standard paths, gathered uname output (kernel/arch/hostname), extracted uptime from /proc/uptime. Error suppression throughout indicates automated tooling. Attack sequence: disable protections, gather telemetry, establish persistence via shell rc modification. No malware dl, lateral movement, or port forwarding observed. Attacker demonstrated Linux defensive mechanism knowledge, targeting rc files for persistence/payload exec. SSH service exposed accepting weak creds.
show less
2026-03-15T09:49:17.157325+00:00 naomi sshd[113485]: Connection closed by authenticating user root 1 ...
show more2026-03-15T09:49:17.157325+00:00 naomi sshd[113485]: Connection closed by authenticating user root 134.209.158.213 port 35842 [preauth]
2026-03-15T09:50:17.316263+00:00 naomi sshd[113491]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.158.213 user=root
2026-03-15T09:50:19.854971+00:00 naomi sshd[113491]: Failed password for root from 134.209.158.213 port 43470 ssh2
...
show less
2026-03-02T10:47:11.828692+00:00 ubuntu-s-1vcpu-1gb-lon1-01 sshd[17193]: Invalid user test from 134. ...
show more2026-03-02T10:47:11.828692+00:00 ubuntu-s-1vcpu-1gb-lon1-01 sshd[17193]: Invalid user test from 134.209.158.213 port 58274
2026-03-02T10:47:11.974760+00:00 ubuntu-s-1vcpu-1gb-lon1-01 sshd[17193]: Connection closed by invalid user test 134.209.158.213 port 58274 [preauth]
...
show less
2026-03-02T10:32:02.006374+00:00 ubuntu-s-1vcpu-1gb-lon1-01 sshd[16961]: Invalid user guest from 134 ...
show more2026-03-02T10:32:02.006374+00:00 ubuntu-s-1vcpu-1gb-lon1-01 sshd[16961]: Invalid user guest from 134.209.158.213 port 48924
2026-03-02T10:32:02.344173+00:00 ubuntu-s-1vcpu-1gb-lon1-01 sshd[16961]: Connection closed by invalid user guest 134.209.158.213 port 48924 [preauth]
...
show less
2026-03-02T10:16:41.685029+00:00 ubuntu-s-1vcpu-1gb-lon1-01 sshd[16658]: Invalid user user from 134. ...
show more2026-03-02T10:16:41.685029+00:00 ubuntu-s-1vcpu-1gb-lon1-01 sshd[16658]: Invalid user user from 134.209.158.213 port 41950
2026-03-02T10:16:41.911059+00:00 ubuntu-s-1vcpu-1gb-lon1-01 sshd[16658]: Connection closed by invalid user user 134.209.158.213 port 41950 [preauth]
...
show less
Mar 2 18:01:30 ser162528253480 sshd[140584]: pam_unix(sshd:auth): authentication failure; logname= ...
show moreMar 2 18:01:30 ser162528253480 sshd[140584]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.158.213
Mar 2 18:01:31 ser162528253480 sshd[140584]: Failed password for invalid user user from 134.209.158.213 port 58436 ssh2
Mar 2 18:02:01 ser162528253480 sshd[140632]: Invalid user user from 134.209.158.213 port 48022
...
show less
Brute-Force
SSH
Showing 1 to
15
of 35 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ