121.239.48.147

Basic Info

City: Suzhou

Region: Jiangsu

Country: China

Internet Service Provider: ChinaNet Jiangsu Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Brute force blocker - service: proftpd1 - aantal: 41 - Mon Jun 4 02:15:17 2018	2020-04-30 18:35:51
attack	Brute force blocker - service: proftpd1 - aantal: 41 - Mon Jun 4 02:15:17 2018	2020-02-24 05:40:10

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 121.239.48.147
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63734
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;121.239.48.147.			IN	A

;; AUTHORITY SECTION:
.			539	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020022301 1800 900 604800 86400

;; Query time: 75 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Feb 24 05:40:05 CST 2020
;; MSG SIZE  rcvd: 118

Host info

Host 147.48.239.121.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 147.48.239.121.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
51.75.125.222	attackbotsspam	Unauthorized connection attempt detected from IP address 51.75.125.222 to port 2220 [J]	2020-02-05 01:04:53
139.180.137.38	attackbots	2020-02-01 15:30:38 SMTP protocol synchronization error \(input sent without waiting for greeting\): rejected connection from H=\[139.180.137.38\]:63683 I=\[193.107.88.166\]:25 input="CONNECT 35.170.216.115:443 HTTP/" 2020-02-01 15:30:38 SMTP protocol synchronization error \(input sent without waiting for greeting\): rejected connection from H=\[139.180.137.38\]:63707 I=\[193.107.88.166\]:25 input="\004\001\001�\#��s" 2020-02-01 15:30:38 SMTP protocol synchronization error \(input sent without waiting for greeting\): rejected connection from H=\[139.180.137.38\]:63728 I=\[193.107.88.166\]:25 input="\005\001" ...	2020-02-05 01:09:06
162.243.10.55	attack	fraudulent SSH attempt	2020-02-05 00:56:10
222.186.175.150	attackspam	2020-2-4 5:54:46 PM: failed ssh attempt	2020-02-05 00:55:37
138.219.218.136	attack	2019-03-11 15:55:14 H=\(\[138.219.218.136\]\) \[138.219.218.136\]:32756 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed 2019-03-11 15:55:25 H=\(\[138.219.218.136\]\) \[138.219.218.136\]:32856 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed 2019-03-11 15:55:33 H=\(\[138.219.218.136\]\) \[138.219.218.136\]:32938 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed 2019-04-09 21:18:49 H=\(\[138.219.218.136\]\) \[138.219.218.136\]:10948 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed 2019-04-09 21:19:19 H=\(\[138.219.218.136\]\) \[138.219.218.136\]:11152 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed 2019-04-09 21:19:41 H=\(\[138.219.218.136\]\) \[138.219.218.136\]:11310 I=\[193.107.88.166\]:25 F=\ r ...	2020-02-05 01:18:20
134.73.7.251	attack	2019-05-04 11:50:42 1hMrJa-0004pL-BD SMTP connection from downtown.sandyfadadu.com \(downtown.ryupex.icu\) \[134.73.7.251\]:49242 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-05-04 11:50:42 1hMrJa-0004pM-H5 SMTP connection from downtown.sandyfadadu.com \(downtown.ryupex.icu\) \[134.73.7.251\]:51161 I=\[193.107.90.29\]:25 closed by DROP in ACL 2019-05-04 11:51:23 1hMrKF-0004pv-AR SMTP connection from downtown.sandyfadadu.com \(downtown.ryupex.icu\) \[134.73.7.251\]:55617 I=\[193.107.88.166\]:25 closed by DROP in ACL ...	2020-02-05 01:39:10
139.194.20.239	attackbotsspam	2019-07-07 19:15:33 1hkAl8-00063y-7m SMTP connection from \(fm-dyn-139-194-20-239.fast.net.id\) \[139.194.20.239\]:43362 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-07-07 19:15:56 1hkAlX-00064X-7D SMTP connection from \(fm-dyn-139-194-20-239.fast.net.id\) \[139.194.20.239\]:43560 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-07-07 19:16:09 1hkAlk-00064r-RQ SMTP connection from \(fm-dyn-139-194-20-239.fast.net.id\) \[139.194.20.239\]:43667 I=\[193.107.88.166\]:25 closed by DROP in ACL ...	2020-02-05 00:59:58
94.1.114.58	attack	Feb 4 14:50:45 grey postfix/smtpd\[26854\]: NOQUEUE: reject: RCPT from unknown\[94.1.114.58\]: 554 5.7.1 Service unavailable\; Client host \[94.1.114.58\] blocked using truncate.gbudb.net\; http://www.gbudb.com/truncate/ \[94.1.114.58\]\; from=\ to=\ proto=ESMTP helo=\<5e01723a.bb.sky.com\> ...	2020-02-05 01:04:29
49.88.112.116	attackspambots	Feb 4 18:29:37 localhost sshd\[5310\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.116 user=root Feb 4 18:29:38 localhost sshd\[5310\]: Failed password for root from 49.88.112.116 port 30239 ssh2 Feb 4 18:29:40 localhost sshd\[5310\]: Failed password for root from 49.88.112.116 port 30239 ssh2	2020-02-05 01:37:46
66.220.149.15	attackspambots	[Tue Feb 04 20:50:11.983466 2020] [:error] [pid 2034:tid 140558491895552] [client 66.220.149.15:40430] [client 66.220.149.15] ModSecurity: Access denied with code 403 (phase 2). Found 3 byte(s) in REQUEST_URI outside range: 32-36,38-126. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1304"] [id "920272"] [msg "Invalid character in request (outside of printable chars below ascii 127)"] [data "REQUEST_URI=/images/Klimatologi/Analisis/02-Analisis_Dasarian/Dinamika/2020/01_Januari_2020/Das-III/Analisis_Dinamika_Atmosfer\\xe2\\x80\\x93Laut_Dan_Prediksi_Curah_Hujan_Update_Dasarian_III_Januari_2020.jpg"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/EVASION"] [tag "paranoia-level/3"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/images/Klimatologi/Analisis/02-Analisis_Dasarian/Dinamika/ ...	2020-02-05 01:39:46
103.90.32.58	attack	DATE:2020-02-04 14:49:17, IP:103.90.32.58, PORT:telnet Telnet brute force auth on honeypot server (epe-honey1-hq)	2020-02-05 01:37:06
222.186.42.136	attackspambots	Feb 4 18:19:38 legacy sshd[30518]: Failed password for root from 222.186.42.136 port 22931 ssh2 Feb 4 18:19:39 legacy sshd[30518]: Failed password for root from 222.186.42.136 port 22931 ssh2 Feb 4 18:19:42 legacy sshd[30518]: Failed password for root from 222.186.42.136 port 22931 ssh2 ...	2020-02-05 01:26:02
176.36.155.236	attack	Unauthorized connection attempt detected from IP address 176.36.155.236 to port 2220 [J]	2020-02-05 01:27:04
139.194.8.146	attackspam	2019-10-24 05:26:46 1iNTlu-0003fd-0X SMTP connection from \(fm-dyn-139-194-8-146.fast.net.id\) \[139.194.8.146\]:49551 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-10-24 05:27:02 1iNTm9-0003fx-At SMTP connection from \(fm-dyn-139-194-8-146.fast.net.id\) \[139.194.8.146\]:49695 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-10-24 05:27:09 1iNTmG-0003gd-DT SMTP connection from \(fm-dyn-139-194-8-146.fast.net.id\) \[139.194.8.146\]:49769 I=\[193.107.88.166\]:25 closed by DROP in ACL ...	2020-02-05 00:54:35
138.201.14.212	attack	02/04/2020-14:50:53.606186 138.201.14.212 Protocol: 6 SURICATA TLS invalid record/traffic	2020-02-05 00:52:58

Recently Reported IPs

73.200.52.73	97.220.183.35	180.159.235.217	125.209.106.39
114.219.124.78	101.87.185.254	158.64.4.202	68.13.234.253
180.149.246.240	228.46.167.188	169.83.227.125	2.164.71.156
125.118.148.109	14.202.108.97	125.118.75.167	151.19.252.66
223.54.118.148	117.0.204.108	134.149.132.245	131.224.34.4