1.199.158.147 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Henan Telecom Corporation

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Unauthorized connection attempt detected from IP address 1.199.158.147 to port 139 [T]	2020-05-20 09:04:23

Comments on same subnet:

IP	Type	Details	Datetime
1.199.158.31	attack	Unauthorized connection attempt detected from IP address 1.199.158.31 to port 139 [T]	2020-05-20 09:05:26
1.199.158.90	attackspam	Unauthorized connection attempt detected from IP address 1.199.158.90 to port 139 [T]	2020-05-20 09:04:52

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 1.199.158.147
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38617
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;1.199.158.147.			IN	A

;; AUTHORITY SECTION:
.			487	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020051901 1800 900 604800 86400

;; Query time: 103 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed May 20 09:04:17 CST 2020
;; MSG SIZE  rcvd: 117

Host info

;; connection timed out; no servers could be reached

Nslookup info:

;; Got SERVFAIL reply from 183.60.82.98, trying next server
Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 147.158.199.1.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
164.132.192.5	attack	2019-11-14T22:37:14.918801abusebot-4.cloudsearch.cf sshd\[4539\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.ip-164-132-192.eu user=root	2019-11-15 07:35:22
77.40.61.142	attack	Logged: 14/11/2019 10:55:16 PM UTC AS12389 Rostelecom Port: 25 Protocol: tcp Service Name: smtp Description: Simple Mail Transfer	2019-11-15 07:43:40
112.255.239.95	attackbots	(Nov 15) LEN=40 TTL=49 ID=44065 TCP DPT=8080 WINDOW=14535 SYN (Nov 14) LEN=40 TTL=49 ID=47401 TCP DPT=8080 WINDOW=44398 SYN (Nov 14) LEN=40 TTL=49 ID=34976 TCP DPT=8080 WINDOW=14535 SYN (Nov 14) LEN=40 TTL=49 ID=24855 TCP DPT=8080 WINDOW=14535 SYN (Nov 13) LEN=40 TTL=49 ID=54634 TCP DPT=8080 WINDOW=44398 SYN (Nov 12) LEN=40 TTL=49 ID=60379 TCP DPT=8080 WINDOW=44398 SYN (Nov 12) LEN=40 TTL=49 ID=45563 TCP DPT=8080 WINDOW=44398 SYN (Nov 11) LEN=40 TTL=49 ID=21285 TCP DPT=8080 WINDOW=14535 SYN (Nov 11) LEN=40 TTL=49 ID=62708 TCP DPT=8080 WINDOW=14535 SYN (Nov 11) LEN=40 TTL=49 ID=52614 TCP DPT=8080 WINDOW=44398 SYN	2019-11-15 07:25:30
130.61.72.90	attackspam	Nov 15 01:36:03 server sshd\[11975\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.61.72.90 user=mail Nov 15 01:36:05 server sshd\[11975\]: Failed password for mail from 130.61.72.90 port 59324 ssh2 Nov 15 01:39:27 server sshd\[8894\]: Invalid user hung from 130.61.72.90 port 40066 Nov 15 01:39:27 server sshd\[8894\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.61.72.90 Nov 15 01:39:29 server sshd\[8894\]: Failed password for invalid user hung from 130.61.72.90 port 40066 ssh2	2019-11-15 07:47:30
36.112.137.55	attack	Nov 14 13:23:57 hpm sshd\[29380\]: Invalid user gerin from 36.112.137.55 Nov 14 13:23:57 hpm sshd\[29380\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.112.137.55 Nov 14 13:24:00 hpm sshd\[29380\]: Failed password for invalid user gerin from 36.112.137.55 port 54411 ssh2 Nov 14 13:28:19 hpm sshd\[29735\]: Invalid user macos from 36.112.137.55 Nov 14 13:28:19 hpm sshd\[29735\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.112.137.55	2019-11-15 07:40:32
104.175.32.206	attackbots	Nov 14 13:22:36 web1 sshd\[19992\]: Invalid user wren from 104.175.32.206 Nov 14 13:22:36 web1 sshd\[19992\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.175.32.206 Nov 14 13:22:38 web1 sshd\[19992\]: Failed password for invalid user wren from 104.175.32.206 port 41766 ssh2 Nov 14 13:26:25 web1 sshd\[20324\]: Invalid user brittaney from 104.175.32.206 Nov 14 13:26:25 web1 sshd\[20324\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.175.32.206	2019-11-15 07:40:16
124.156.117.111	attack	SSH-BruteForce	2019-11-15 07:39:59
36.155.115.95	attackspambots	Nov 15 00:51:00 vps691689 sshd[4950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.155.115.95 Nov 15 00:51:02 vps691689 sshd[4950]: Failed password for invalid user ftpuser from 36.155.115.95 port 59252 ssh2 ...	2019-11-15 07:59:26
51.158.113.194	attackbots	Nov 15 00:30:15 rotator sshd\[30602\]: Failed password for root from 51.158.113.194 port 37168 ssh2Nov 15 00:33:25 rotator sshd\[30952\]: Invalid user pfohl from 51.158.113.194Nov 15 00:33:27 rotator sshd\[30952\]: Failed password for invalid user pfohl from 51.158.113.194 port 44640 ssh2Nov 15 00:36:26 rotator sshd\[31736\]: Invalid user baheerathar from 51.158.113.194Nov 15 00:36:28 rotator sshd\[31736\]: Failed password for invalid user baheerathar from 51.158.113.194 port 52108 ssh2Nov 15 00:39:22 rotator sshd\[31777\]: Failed password for sshd from 51.158.113.194 port 59584 ssh2 ...	2019-11-15 08:05:43
185.209.0.32	attack	Unauthorized connection attempt from IP address 185.209.0.32 on Port 3306(MYSQL)	2019-11-15 08:01:36
188.138.41.213	attack	188.138.41.213 - - - [14/Nov/2019:23:20:32 +0000] "GET / HTTP/1.0" 404 162 "-" "masscan/1.0 (https://github.com/robertdavidgraham/masscan)" "-" "-"	2019-11-15 07:27:32
186.233.231.220	attack	Fail2Ban Ban Triggered	2019-11-15 07:26:30
142.93.160.56	attackspambots	6 failed attempt(s) in the last 24h	2019-11-15 07:41:31
207.154.206.212	attack	SSH invalid-user multiple login attempts	2019-11-15 07:41:15
77.247.111.4	attackspambots	(From fortunebiz@163.com) Giantlion Sensor supplies high quality current transducer, voltage transducer, power transducer,and frequency transducer that can measure current,voltage, power or frequency of your equipment and then generates standard signals 0-5V DC, 0-10V DC, 0-20mA DC,4-20mA DC,5KHz,10KHz,and RS-485.The signals can be used by PLC for industrial automation control. High precision,low prices. for details, please visit syncmeter.com or contact us by email sales@syncmeter.com, mobile (whatsapp)+8618675591479. Skype:brianew789 Please forward our information to your technicians or engineers for future use. Thank you for your time!	2019-11-15 08:00:17

Recently Reported IPs

1.196.141.79	1.196.140.103	1.196.140.54	1.192.103.151
1.192.103.52	1.192.103.13	1.192.103.11	1.192.101.179
178.162.216.70	1.192.101.58	1.192.101.8	223.205.223.37
223.165.131.97	221.225.111.149	220.248.34.206	183.157.175.50
180.176.176.21	171.12.138.59	171.4.70.26	162.243.144.19