211.159.160.214

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Tencent Cloud Computing (Beijing) Co. Ltd.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Jul 8 05:53:27 rb06 sshd[8477]: Failed password for invalid user user from 211.159.160.214 port 33880 ssh2 Jul 8 05:53:27 rb06 sshd[8477]: Received disconnect from 211.159.160.214: 11: Bye Bye [preauth] Jul 8 05:55:39 rb06 sshd[3044]: Failed password for invalid user ghostname from 211.159.160.214 port 53424 ssh2 Jul 8 05:55:39 rb06 sshd[3044]: Received disconnect from 211.159.160.214: 11: Bye Bye [preauth] Jul 8 05:57:29 rb06 sshd[7678]: Failed password for invalid user nagios from 211.159.160.214 port 42520 ssh2 Jul 8 05:57:29 rb06 sshd[7678]: Received disconnect from 211.159.160.214: 11: Bye Bye [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=211.159.160.214	2019-07-15 13:44:05

Type

Details

Datetime

attackspam

Jul  8 05:53:27 rb06 sshd[8477]: Failed password for invalid user user from 211.159.160.214 port 33880 ssh2
Jul  8 05:53:27 rb06 sshd[8477]: Received disconnect from 211.159.160.214: 11: Bye Bye [preauth]
Jul  8 05:55:39 rb06 sshd[3044]: Failed password for invalid user ghostname from 211.159.160.214 port 53424 ssh2
Jul  8 05:55:39 rb06 sshd[3044]: Received disconnect from 211.159.160.214: 11: Bye Bye [preauth]
Jul  8 05:57:29 rb06 sshd[7678]: Failed password for invalid user nagios from 211.159.160.214 port 42520 ssh2
Jul  8 05:57:29 rb06 sshd[7678]: Received disconnect from 211.159.160.214: 11: Bye Bye [preauth]


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=211.159.160.214

2019-07-15 13:44:05

Comments on same subnet:

IP	Type	Details	Datetime
211.159.160.20	attack	Unauthorized connection attempt detected from IP address 211.159.160.20 to port 1433 [J]	2020-02-04 02:52:17

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 211.159.160.214
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27673
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;211.159.160.214.		IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019071500 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Mon Jul 15 13:43:59 CST 2019
;; MSG SIZE  rcvd: 119

Host info

Host 214.160.159.211.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 214.160.159.211.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
201.174.46.234	attackbotsspam	Nov 21 07:21:26 legacy sshd[20101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.174.46.234 Nov 21 07:21:28 legacy sshd[20101]: Failed password for invalid user ts3 from 201.174.46.234 port 33744 ssh2 Nov 21 07:26:48 legacy sshd[20207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.174.46.234 ...	2019-11-21 17:22:46
179.191.65.122	attackspam	Nov 21 08:44:50 tuxlinux sshd[5298]: Invalid user guest from 179.191.65.122 port 53338 Nov 21 08:44:50 tuxlinux sshd[5298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.191.65.122 Nov 21 08:44:50 tuxlinux sshd[5298]: Invalid user guest from 179.191.65.122 port 53338 Nov 21 08:44:50 tuxlinux sshd[5298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.191.65.122 Nov 21 08:44:50 tuxlinux sshd[5298]: Invalid user guest from 179.191.65.122 port 53338 Nov 21 08:44:50 tuxlinux sshd[5298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.191.65.122 Nov 21 08:44:52 tuxlinux sshd[5298]: Failed password for invalid user guest from 179.191.65.122 port 53338 ssh2 ...	2019-11-21 17:25:50
176.67.202.13	attackbotsspam	Nov 21 09:10:28 server sshd\[18067\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.67.202.13 user=root Nov 21 09:10:30 server sshd\[18067\]: Failed password for root from 176.67.202.13 port 34188 ssh2 Nov 21 09:26:42 server sshd\[21797\]: Invalid user squid from 176.67.202.13 Nov 21 09:26:42 server sshd\[21797\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.67.202.13 Nov 21 09:26:44 server sshd\[21797\]: Failed password for invalid user squid from 176.67.202.13 port 53195 ssh2 ...	2019-11-21 17:24:30
95.19.153.67	attackbots	Lines containing failures of 95.19.153.67 Nov 19 12:19:45 server01 postfix/smtpd[21682]: connect from 67.153.19.95.dynamic.jazztel.es[95.19.153.67] Nov x@x Nov x@x Nov 19 12:19:46 server01 postfix/policy-spf[21686]: : Policy action=550 Please see hxxp://www.openspf.org/Why?s=mfrom;id=837%40iberhardware.com;ip=95.19.153.67;r=server01.2800km.de Nov x@x Nov 19 12:19:46 server01 postfix/smtpd[21682]: lost connection after DATA from 67.153.19.95.dynamic.jazztel.es[95.19.153.67] Nov 19 12:19:46 server01 postfix/smtpd[21682]: disconnect from 67.153.19.95.dynamic.jazztel.es[95.19.153.67] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=95.19.153.67	2019-11-21 16:52:11
69.127.182.116	attackspam	Honeypot attack, port: 23, PTR: ool-457fb674.dyn.optonline.net.	2019-11-21 17:04:37
41.93.48.73	attackbots	Nov 21 11:26:59 gw1 sshd[580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.93.48.73 Nov 21 11:27:01 gw1 sshd[580]: Failed password for invalid user tarant from 41.93.48.73 port 47258 ssh2 ...	2019-11-21 17:11:31
199.66.90.147	attackspam	Nov 21 10:59:13 tuotantolaitos sshd[17382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=199.66.90.147 Nov 21 10:59:14 tuotantolaitos sshd[17382]: Failed password for invalid user net from 199.66.90.147 port 5385 ssh2 ...	2019-11-21 17:07:26
209.45.76.201	attackspam	Nov 19 12:32:29 mxgate1 postfix/postscreen[2415]: CONNECT from [209.45.76.201]:20830 to [176.31.12.44]:25 Nov 19 12:32:29 mxgate1 postfix/dnsblog[2418]: addr 209.45.76.201 listed by domain zen.spamhaus.org as 127.0.0.3 Nov 19 12:32:29 mxgate1 postfix/dnsblog[2418]: addr 209.45.76.201 listed by domain zen.spamhaus.org as 127.0.0.4 Nov 19 12:32:29 mxgate1 postfix/dnsblog[2417]: addr 209.45.76.201 listed by domain cbl.abuseat.org as 127.0.0.2 Nov 19 12:32:29 mxgate1 postfix/dnsblog[2419]: addr 209.45.76.201 listed by domain b.barracudacentral.org as 127.0.0.2 Nov 19 12:32:35 mxgate1 postfix/postscreen[2415]: DNSBL rank 4 for [209.45.76.201]:20830 Nov x@x Nov 19 12:32:36 mxgate1 postfix/postscreen[2415]: HANGUP after 1.1 from [209.45.76.201]:20830 in tests after SMTP handshake Nov 19 12:32:36 mxgate1 postfix/postscreen[2415]: DISCONNECT [209.45.76.201]:20830 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=209.45.76.201	2019-11-21 17:21:10
104.131.83.45	attackspambots	Tried sshing with brute force.	2019-11-21 16:51:45
14.49.38.114	attackspambots	Nov 20 23:09:08 web9 sshd\[27609\]: Invalid user vollen from 14.49.38.114 Nov 20 23:09:08 web9 sshd\[27609\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.49.38.114 Nov 20 23:09:10 web9 sshd\[27609\]: Failed password for invalid user vollen from 14.49.38.114 port 56636 ssh2 Nov 20 23:13:20 web9 sshd\[28366\]: Invalid user nothing from 14.49.38.114 Nov 20 23:13:20 web9 sshd\[28366\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.49.38.114	2019-11-21 17:17:42
104.244.79.222	attackbotsspam	detected by Fail2Ban	2019-11-21 17:00:11
51.91.212.81	attackspambots	11/21/2019-02:29:31.091537 51.91.212.81 Protocol: 6 ET CINS Active Threat Intelligence Poor Reputation IP group 52	2019-11-21 17:22:05
92.118.37.86	attack	92.118.37.86 was recorded 121 times by 33 hosts attempting to connect to the following ports: 729,772,455,626,643,549,513,581,652,471,635,932,154,517,811,146,153,616,829,934,709,688,493,202,533,919,832,639,39,530,497,22,32,707,498,714,118,336,120,898,148,520,226,446,793,857,742,285,179,482,753,798,748,130,521,731,423,204,529,818,705,702,69,222,96,779,665,165,244,163,880,406,211,730,928,41,641,739,229,314,830,636,67,883,352,711,469,403,195,774,296,315,214,94,419,926,354,998,710,248,480,478,24,143,38,152,587,209,751,861. Incident counter (4h, 24h, all-time): 121, 762, 10591	2019-11-21 17:18:51
125.34.95.75	attack	Nov2107:42:21server2pure-ftpd:\(\?@125.34.95.75\)[WARNING]Authenticationfailedforuser[morgenstern-swiss]Nov2107:42:26server2pure-ftpd:\(\?@125.34.95.75\)[WARNING]Authenticationfailedforuser[www]Nov2107:42:33server2pure-ftpd:\(\?@125.34.95.75\)[WARNING]Authenticationfailedforuser[www]Nov2107:42:39server2pure-ftpd:\(\?@125.34.95.75\)[WARNING]Authenticationfailedforuser[www]Nov2107:42:45server2pure-ftpd:\(\?@125.34.95.75\)[WARNING]Authenticationfailedforuser[www]	2019-11-21 17:09:20
192.198.9.253	attack	Automatic report - Port Scan Attack	2019-11-21 16:53:13

Recently Reported IPs

181.192.75.235	198.238.56.153	177.57.66.134	84.201.134.30
77.248.76.32	213.149.191.65	223.244.97.211	213.182.93.172
133.41.92.217	94.255.24.74	194.28.221.28	105.64.232.89
10.114.88.132	167.240.149.242	27.81.204.37	114.233.226.93
250.81.134.164	198.246.186.237	201.116.188.158	159.83.174.128