1.55.63.154 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Viet Nam

Internet Service Provider: FPT Telecom Company

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Unauthorised access (Sep 25) SRC=1.55.63.154 LEN=40 TTL=47 ID=42102 TCP DPT=8080 WINDOW=26262 SYN Unauthorised access (Sep 25) SRC=1.55.63.154 LEN=40 TTL=47 ID=48381 TCP DPT=8080 WINDOW=26758 SYN Unauthorised access (Sep 25) SRC=1.55.63.154 LEN=40 TTL=47 ID=58210 TCP DPT=8080 WINDOW=26262 SYN Unauthorised access (Sep 24) SRC=1.55.63.154 LEN=40 TTL=47 ID=24294 TCP DPT=8080 WINDOW=26262 SYN Unauthorised access (Sep 24) SRC=1.55.63.154 LEN=40 TTL=44 ID=4218 TCP DPT=8080 WINDOW=55846 SYN Unauthorised access (Sep 24) SRC=1.55.63.154 LEN=40 TTL=44 ID=35587 TCP DPT=8080 WINDOW=26758 SYN Unauthorised access (Sep 24) SRC=1.55.63.154 LEN=40 TTL=47 ID=40597 TCP DPT=8080 WINDOW=26262 SYN Unauthorised access (Sep 23) SRC=1.55.63.154 LEN=40 TTL=47 ID=3871 TCP DPT=8080 WINDOW=55846 SYN Unauthorised access (Sep 23) SRC=1.55.63.154 LEN=40 TTL=47 ID=53461 TCP DPT=8080 WINDOW=26758 SYN Unauthorised access (Sep 23) SRC=1.55.63.154 LEN=40 TTL=47 ID=27581 TCP DPT=8080 WINDOW=55846 SYN	2019-09-25 16:04:56

Type

Details

Datetime

attackbots

Unauthorised access (Sep 25) SRC=1.55.63.154 LEN=40 TTL=47 ID=42102 TCP DPT=8080 WINDOW=26262 SYN 
Unauthorised access (Sep 25) SRC=1.55.63.154 LEN=40 TTL=47 ID=48381 TCP DPT=8080 WINDOW=26758 SYN 
Unauthorised access (Sep 25) SRC=1.55.63.154 LEN=40 TTL=47 ID=58210 TCP DPT=8080 WINDOW=26262 SYN 
Unauthorised access (Sep 24) SRC=1.55.63.154 LEN=40 TTL=47 ID=24294 TCP DPT=8080 WINDOW=26262 SYN 
Unauthorised access (Sep 24) SRC=1.55.63.154 LEN=40 TTL=44 ID=4218 TCP DPT=8080 WINDOW=55846 SYN 
Unauthorised access (Sep 24) SRC=1.55.63.154 LEN=40 TTL=44 ID=35587 TCP DPT=8080 WINDOW=26758 SYN 
Unauthorised access (Sep 24) SRC=1.55.63.154 LEN=40 TTL=47 ID=40597 TCP DPT=8080 WINDOW=26262 SYN 
Unauthorised access (Sep 23) SRC=1.55.63.154 LEN=40 TTL=47 ID=3871 TCP DPT=8080 WINDOW=55846 SYN 
Unauthorised access (Sep 23) SRC=1.55.63.154 LEN=40 TTL=47 ID=53461 TCP DPT=8080 WINDOW=26758 SYN 
Unauthorised access (Sep 23) SRC=1.55.63.154 LEN=40 TTL=47 ID=27581 TCP DPT=8080 WINDOW=55846 SYN

2019-09-25 16:04:56

Comments on same subnet:

IP	Type	Details	Datetime
1.55.63.3	attackbotsspam	Attempt to attack host OS, exploiting network vulnerabilities, on 25-11-2019 06:20:24.	2019-11-25 21:41:28
1.55.63.17	attackspambots	Unauthorised access (Oct 14) SRC=1.55.63.17 LEN=40 TTL=52 ID=37224 TCP DPT=8080 WINDOW=59935 SYN Unauthorised access (Oct 14) SRC=1.55.63.17 LEN=40 TTL=52 ID=5660 TCP DPT=8080 WINDOW=48437 SYN Unauthorised access (Oct 14) SRC=1.55.63.17 LEN=40 TTL=52 ID=22092 TCP DPT=8080 WINDOW=48437 SYN Unauthorised access (Oct 14) SRC=1.55.63.17 LEN=40 TTL=52 ID=29458 TCP DPT=8080 WINDOW=25836 SYN Unauthorised access (Oct 14) SRC=1.55.63.17 LEN=40 TTL=52 ID=14610 TCP DPT=8080 WINDOW=48437 SYN Unauthorised access (Oct 14) SRC=1.55.63.17 LEN=40 TTL=52 ID=56307 TCP DPT=8080 WINDOW=1189 SYN	2019-10-15 07:16:48
1.55.63.17	attack	Unauthorised access (Oct 14) SRC=1.55.63.17 LEN=40 TTL=52 ID=14610 TCP DPT=8080 WINDOW=48437 SYN Unauthorised access (Oct 14) SRC=1.55.63.17 LEN=40 TTL=52 ID=56307 TCP DPT=8080 WINDOW=1189 SYN	2019-10-14 15:41:38
1.55.63.17	attackbots	Unauthorised access (Oct 12) SRC=1.55.63.17 LEN=40 TTL=52 ID=57390 TCP DPT=8080 WINDOW=1189 SYN Unauthorised access (Oct 12) SRC=1.55.63.17 LEN=40 TTL=52 ID=25899 TCP DPT=8080 WINDOW=59935 SYN Unauthorised access (Oct 12) SRC=1.55.63.17 LEN=40 TTL=52 ID=51293 TCP DPT=8080 WINDOW=25836 SYN Unauthorised access (Oct 12) SRC=1.55.63.17 LEN=40 TTL=52 ID=1622 TCP DPT=8080 WINDOW=48437 SYN Unauthorised access (Oct 12) SRC=1.55.63.17 LEN=40 TTL=52 ID=40523 TCP DPT=8080 WINDOW=25836 SYN Unauthorised access (Oct 12) SRC=1.55.63.17 LEN=40 TTL=52 ID=57092 TCP DPT=8080 WINDOW=48437 SYN Unauthorised access (Oct 12) SRC=1.55.63.17 LEN=40 TTL=52 ID=31894 TCP DPT=8080 WINDOW=48437 SYN Unauthorised access (Oct 11) SRC=1.55.63.17 LEN=40 TTL=52 ID=64777 TCP DPT=8080 WINDOW=48437 SYN Unauthorised access (Oct 11) SRC=1.55.63.17 LEN=40 TTL=47 ID=10441 TCP DPT=8080 WINDOW=25836 SYN Unauthorised access (Oct 11) SRC=1.55.63.17 LEN=40 TTL=47 ID=59806 TCP DPT=8080 WINDOW=1189 SYN	2019-10-13 04:00:25
1.55.63.249	attackspambots	Attempt to attack host OS, exploiting network vulnerabilities, on 02-10-2019 13:35:25.	2019-10-02 21:41:20

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 1.55.63.154
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 30332
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;1.55.63.154.			IN	A

;; AUTHORITY SECTION:
.			140	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019092500 1800 900 604800 86400

;; Query time: 99 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Sep 25 16:04:50 CST 2019
;; MSG SIZE  rcvd: 115

Host info

Host 154.63.55.1.in-addr.arpa not found: 2(SERVFAIL)

Nslookup info:

;; Got SERVFAIL reply from 183.60.83.19, trying next server
Server:		183.60.82.98
Address:	183.60.82.98#53

** server can't find 154.63.55.1.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
212.70.149.19	attackbots	Jul 14 12:54:30 srv01 postfix/smtpd\[11712\]: warning: unknown\[212.70.149.19\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 14 12:54:31 srv01 postfix/smtpd\[12007\]: warning: unknown\[212.70.149.19\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 14 12:54:35 srv01 postfix/smtpd\[11554\]: warning: unknown\[212.70.149.19\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 14 12:54:52 srv01 postfix/smtpd\[12007\]: warning: unknown\[212.70.149.19\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 14 12:54:53 srv01 postfix/smtpd\[11554\]: warning: unknown\[212.70.149.19\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-07-14 19:04:48
87.251.70.15	attackspam	Jul 14 12:51:03 debian-2gb-nbg1-2 kernel: \[16982432.935424\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=87.251.70.15 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=16274 PROTO=TCP SPT=8080 DPT=1185 WINDOW=1024 RES=0x00 SYN URGP=0	2020-07-14 18:52:58
185.175.93.23	attackspam	SmallBizIT.US 6 packets to tcp(5900,5901,5902,5904,5906,5909)	2020-07-14 18:42:54
91.121.164.188	attackspam	Jul 14 12:18:24 vps sshd[649607]: Failed password for invalid user ark from 91.121.164.188 port 55028 ssh2 Jul 14 12:21:19 vps sshd[665315]: Invalid user ts3 from 91.121.164.188 port 50606 Jul 14 12:21:19 vps sshd[665315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ns360710.ip-91-121-164.eu Jul 14 12:21:22 vps sshd[665315]: Failed password for invalid user ts3 from 91.121.164.188 port 50606 ssh2 Jul 14 12:24:15 vps sshd[676592]: Invalid user client from 91.121.164.188 port 46168 ...	2020-07-14 18:31:59
189.135.197.7	attackspam	Jul 14 06:48:33 nextcloud sshd\[19311\]: Invalid user fld from 189.135.197.7 Jul 14 06:48:33 nextcloud sshd\[19311\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.135.197.7 Jul 14 06:48:35 nextcloud sshd\[19311\]: Failed password for invalid user fld from 189.135.197.7 port 41296 ssh2	2020-07-14 18:53:40
125.212.154.102	attack	2020-07-13 22:34:13.177060-0500 localhost smtpd[19546]: NOQUEUE: reject: RCPT from unknown[125.212.154.102]: 554 5.7.1 Service unavailable; Client host [125.212.154.102] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/125.212.154.102; from= to= proto=ESMTP helo=<[125.212.154.102]>	2020-07-14 18:58:43
92.11.249.50	attackbotsspam	Port 22 Scan, PTR: None	2020-07-14 18:58:25
201.48.192.60	attack	Fail2Ban Ban Triggered	2020-07-14 18:33:42
51.83.33.202	attackspam	Jul 14 09:35:11 lukav-desktop sshd\[6211\]: Invalid user plex from 51.83.33.202 Jul 14 09:35:11 lukav-desktop sshd\[6211\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.33.202 Jul 14 09:35:13 lukav-desktop sshd\[6211\]: Failed password for invalid user plex from 51.83.33.202 port 48006 ssh2 Jul 14 09:41:23 lukav-desktop sshd\[6335\]: Invalid user wxm from 51.83.33.202 Jul 14 09:41:23 lukav-desktop sshd\[6335\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.33.202	2020-07-14 18:46:59
51.83.73.109	attackbots	Jul 14 08:53:51 ift sshd\[52920\]: Invalid user wind from 51.83.73.109Jul 14 08:53:53 ift sshd\[52920\]: Failed password for invalid user wind from 51.83.73.109 port 55208 ssh2Jul 14 08:56:40 ift sshd\[53461\]: Invalid user ubuntu from 51.83.73.109Jul 14 08:56:42 ift sshd\[53461\]: Failed password for invalid user ubuntu from 51.83.73.109 port 50866 ssh2Jul 14 08:59:31 ift sshd\[54066\]: Invalid user rey from 51.83.73.109 ...	2020-07-14 18:42:20
104.131.91.148	attackbotsspam	Automatic Fail2ban report - Trying login SSH	2020-07-14 19:00:20
176.31.163.192	attackspam	Jul 14 11:47:09 ns392434 sshd[32173]: Invalid user aaa from 176.31.163.192 port 52670 Jul 14 11:47:09 ns392434 sshd[32173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.163.192 Jul 14 11:47:09 ns392434 sshd[32173]: Invalid user aaa from 176.31.163.192 port 52670 Jul 14 11:47:12 ns392434 sshd[32173]: Failed password for invalid user aaa from 176.31.163.192 port 52670 ssh2 Jul 14 11:50:03 ns392434 sshd[32278]: Invalid user pc from 176.31.163.192 port 49962 Jul 14 11:50:03 ns392434 sshd[32278]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.163.192 Jul 14 11:50:03 ns392434 sshd[32278]: Invalid user pc from 176.31.163.192 port 49962 Jul 14 11:50:05 ns392434 sshd[32278]: Failed password for invalid user pc from 176.31.163.192 port 49962 ssh2 Jul 14 11:52:47 ns392434 sshd[32322]: Invalid user odoo from 176.31.163.192 port 46770	2020-07-14 18:32:27
222.106.61.59	attack	Unauthorized connection attempt detected from IP address 222.106.61.59 to port 22	2020-07-14 18:59:36
109.173.64.123	attackbots	Unauthorized access to SSH at 14/Jul/2020:03:48:07 +0000. Received: (SSH-2.0-libssh2_1.7.0)	2020-07-14 18:56:32
116.196.108.9	attackspambots	Jul 14 05:27:18 web01.agentur-b-2.de postfix/smtpd[967858]: lost connection after CONNECT from unknown[116.196.108.9] Jul 14 05:27:19 web01.agentur-b-2.de postfix/smtpd[950987]: lost connection after CONNECT from unknown[116.196.108.9] Jul 14 05:27:21 web01.agentur-b-2.de postfix/smtpd[949617]: warning: unknown[116.196.108.9]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 14 05:27:22 web01.agentur-b-2.de postfix/smtpd[969072]: warning: unknown[116.196.108.9]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 14 05:27:26 web01.agentur-b-2.de postfix/smtpd[968025]: warning: unknown[116.196.108.9]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 14 05:27:26 web01.agentur-b-2.de postfix/smtpd[967858]: warning: unknown[116.196.108.9]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2020-07-14 19:07:38

Recently Reported IPs

185.82.220.154	51.15.43.171	80.82.70.186	185.70.68.82
185.56.72.170	159.203.201.4	39.82.65.205	113.174.76.67
185.50.25.52	13.69.59.19	219.138.127.85	104.149.152.114
185.50.25.28	110.17.2.46	104.174.254.70	188.158.220.167
64.91.179.15	223.241.79.174	109.167.231.203	103.28.113.22