222.180.150.138

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Chongqing Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Aug 4 11:21:56 debian-2gb-nbg1-2 kernel: \[18791382.528659\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=222.180.150.138 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=28580 PROTO=TCP SPT=43739 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0	2020-08-04 23:22:01
attackbotsspam	Unauthorized connection attempt detected from IP address 222.180.150.138 to port 1433 [J]	2020-01-28 23:30:21

Type

Details

Datetime

attackbots

Aug  4 11:21:56 debian-2gb-nbg1-2 kernel: \[18791382.528659\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=222.180.150.138 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=28580 PROTO=TCP SPT=43739 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0

2020-08-04 23:22:01

attackbotsspam

Unauthorized connection attempt detected from IP address 222.180.150.138 to port 1433 [J]

2020-01-28 23:30:21

Comments on same subnet:

IP	Type	Details	Datetime
222.180.150.130	attackspambots	Port 1433 Scan	2020-01-22 06:24:24

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 222.180.150.138
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56771
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;222.180.150.138.		IN	A

;; AUTHORITY SECTION:
.			358	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020012800 1800 900 604800 86400

;; Query time: 105 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Jan 28 23:30:12 CST 2020
;; MSG SIZE  rcvd: 119

Host info

Host 138.150.180.222.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 138.150.180.222.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
170.0.207.228	attack	20/8/3@08:19:27: FAIL: Alarm-Network address from=170.0.207.228 20/8/3@08:19:27: FAIL: Alarm-Network address from=170.0.207.228 ...	2020-08-04 03:37:40
45.14.150.130	attack	Aug 3 18:52:07 vpn01 sshd[31777]: Failed password for root from 45.14.150.130 port 34416 ssh2 ...	2020-08-04 03:41:12
49.204.228.185	attack	1596457176 - 08/03/2020 14:19:36 Host: 49.204.228.185/49.204.228.185 Port: 445 TCP Blocked	2020-08-04 03:34:14
79.137.80.110	attackspambots	2020-08-03T14:18:09.935070+02:00 sshd[2756]: Failed password for root from 79.137.80.110 port 47692 ssh2	2020-08-04 03:49:10
218.173.47.105	attackbots	1596457137 - 08/03/2020 14:18:57 Host: 218.173.47.105/218.173.47.105 Port: 445 TCP Blocked	2020-08-04 03:55:10
106.75.9.141	attack	Banned for a week because repeated abuses, for example SSH, but not only	2020-08-04 03:55:54
185.63.253.200	spam	Bokep	2020-08-04 03:34:34
58.102.31.36	attackspambots	Aug 3 19:31:15 localhost sshd[130938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.102.31.36 user=root Aug 3 19:31:17 localhost sshd[130938]: Failed password for root from 58.102.31.36 port 53770 ssh2 Aug 3 19:35:35 localhost sshd[743]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.102.31.36 user=root Aug 3 19:35:37 localhost sshd[743]: Failed password for root from 58.102.31.36 port 60272 ssh2 Aug 3 19:40:01 localhost sshd[1236]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.102.31.36 user=root Aug 3 19:40:03 localhost sshd[1236]: Failed password for root from 58.102.31.36 port 38506 ssh2 ...	2020-08-04 03:40:43
150.109.104.153	attackbots	Aug 3 15:34:22 fhem-rasp sshd[14483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.104.153 user=root Aug 3 15:34:24 fhem-rasp sshd[14483]: Failed password for root from 150.109.104.153 port 25960 ssh2 ...	2020-08-04 03:36:35
14.98.4.82	attackbotsspam	2020-08-03T07:12:42.303700hostname sshd[64213]: Failed password for root from 14.98.4.82 port 51380 ssh2 ...	2020-08-04 03:39:53
46.120.14.190	attackspam	SMTP/25/465/587 Probe, BadAuth, SPAM, Hack -	2020-08-04 03:24:04
191.13.117.132	attackbotsspam	Aug 3 20:04:49 reporting5 sshd[21295]: reveeclipse mapping checking getaddrinfo for 191-13-117-132.user.vivozap.com.br [191.13.117.132] failed - POSSIBLE BREAK-IN ATTEMPT! Aug 3 20:04:49 reporting5 sshd[21295]: User r.r from 191.13.117.132 not allowed because not listed in AllowUsers Aug 3 20:04:49 reporting5 sshd[21295]: Failed password for invalid user r.r from 191.13.117.132 port 57902 ssh2 Aug 3 20:17:46 reporting5 sshd[28034]: reveeclipse mapping checking getaddrinfo for 191-13-117-132.user.vivozap.com.br [191.13.117.132] failed - POSSIBLE BREAK-IN ATTEMPT! Aug 3 20:17:46 reporting5 sshd[28034]: User r.r from 191.13.117.132 not allowed because not listed in AllowUsers Aug 3 20:17:46 reporting5 sshd[28034]: Failed password for invalid user r.r from 191.13.117.132 port 47637 ssh2 Aug 3 20:24:22 reporting5 sshd[31536]: reveeclipse mapping checking getaddrinfo for 191-13-117-132.user.vivozap.com.br [191.13.117.132] failed - POSSIBLE BREAK-IN ATTEMPT! Aug 3 20:2........ -------------------------------	2020-08-04 03:47:53
172.69.68.198	attackspambots	Aug 3 14:18:55 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3f:fd:58:00:08:e3:ff:fd:90:08:00 SRC=172.69.68.198 DST=79.143.186.54 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=32926 DF PROTO=TCP SPT=26650 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 Aug 3 14:18:56 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3f:fd:58:00:08:e3:ff:fd:90:08:00 SRC=172.69.68.198 DST=79.143.186.54 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=32927 DF PROTO=TCP SPT=26650 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 Aug 3 14:18:58 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3f:fd:58:00:08:e3:ff:fd:90:08:00 SRC=172.69.68.198 DST=79.143.186.54 LEN=52 TOS=0x00 PREC=0x00 TTL=57 ID=32928 DF PROTO=TCP SPT=26650 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0	2020-08-04 03:53:12
134.209.146.64	attack	Aug 3 08:19:01 Tower sshd[38283]: Connection from 134.209.146.64 port 51518 on 192.168.10.220 port 22 rdomain "" Aug 3 08:19:03 Tower sshd[38283]: Failed password for root from 134.209.146.64 port 51518 ssh2 Aug 3 08:19:03 Tower sshd[38283]: Received disconnect from 134.209.146.64 port 51518:11: Bye Bye [preauth] Aug 3 08:19:03 Tower sshd[38283]: Disconnected from authenticating user root 134.209.146.64 port 51518 [preauth]	2020-08-04 03:35:47
106.124.139.161	attack	20 attempts against mh-ssh on echoip	2020-08-04 03:52:21

Recently Reported IPs

103.203.210.129	103.119.254.134	99.82.198.180	95.239.13.96
86.57.82.173	77.42.94.214	58.220.1.134	45.239.232.126
45.42.107.235	42.234.112.236	41.218.115.26	218.255.229.109
203.218.64.83	200.82.226.117	197.63.219.65	197.60.93.172
190.175.44.119	189.63.152.20	188.148.138.50	186.48.87.58