IP address: 194.147.140.106

Host rating:

2.0

out of 45 votes

Last update: 2021-03-02

Host details

Unknown
Switzerland
Unknown
Unknown
See comments

Reported breaches

  • Port scan
Report breach

Whois record

The publicly-available Whois record found at whois.ripe.net server.

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '194.147.140.0 - 194.147.140.255'

% Abuse contact for '194.147.140.0 - 194.147.140.255' is '[email protected]'

inetnum:        194.147.140.0 - 194.147.140.255
abuse-c:        ACRO38251-RIPE
netname:        IR-PSM-20191122
country:        NL
org:            ORG-LMIP1-RIPE
admin-c:        AS44897-RIPE
tech-c:         AS44897-RIPE
status:         ALLOCATED PA
mnt-by:         mnt-ir-psm-1
mnt-by:         RIPE-NCC-HM-MNT
created:        2019-11-22T14:29:08Z
last-modified:  2021-01-12T19:25:53Z
source:         RIPE

% Information related to '194.147.140.0/24AS202425'

route:          194.147.140.0/24
origin:         AS202425
mnt-by:         DeDServer
created:        2021-01-10T09:42:46Z
last-modified:  2021-01-10T09:42:46Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.99 (WAGYU)


User comments

45 security incident(s) reported by users

BHD Honeypot
Port scan
2021-03-02

In the last 24h, the attacker (194.147.140.106) attempted to scan 105 ports.
The following ports have been scanned: 5036/tcp, 5102/tcp (Oracle OMS non-secure), 5126/tcp, 5062/tcp (Localisation access), 5100/tcp (Socalia service mux), 5182/tcp, 5071/tcp (PowerSchool), 5084/tcp (EPCglobal Low-Level Reader Protocol), 5136/tcp, 5167/tcp (SCTE104 Connection), 5150/tcp (Ascend Tunnel Management Protocol), 5133/tcp (Policy Commander), 5023/tcp (Htuil Server for PLD2), 5160/tcp, 5087/tcp, 5181/tcp, 5083/tcp (Qpur File Protocol), 5091/tcp, 5104/tcp, 5039/tcp, 5061/tcp (SIP-TLS), 5009/tcp (Microsoft Windows Filesystem), 5161/tcp (SNMP over SSH Transport Model), 5063/tcp (centrify secure RPC), 5049/tcp (iVocalize Web Conference), 5170/tcp, 5093/tcp (Sentinel LM), 5011/tcp (TelepathAttack), 5016/tcp, 5090/tcp, 5145/tcp (RMONITOR SECURE), 5006/tcp (wsm server), 5001/tcp (commplex-link), 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 5149/tcp, 5098/tcp, 5000/tcp (commplex-main), 5099/tcp (SentLM Srv2Srv), 5055/tcp (UNOT), 5198/tcp, 5194/tcp (CipherPoint Config Service), 5190/tcp (America-Online), 5197/tcp, 5073/tcp (Advantage Group Port Mgr), 5094/tcp (HART-IP), 5021/tcp (zenginkyo-2), 5089/tcp, 5054/tcp (RLM administrative interface), 5053/tcp (RLM License Server), 5046/tcp, 5032/tcp, 5189/tcp, 5110/tcp, 5065/tcp (Channel Access 2), 5038/tcp, 5051/tcp (ITA Agent), 5162/tcp (SNMP Notification over SSH Transport Model), 5096/tcp, 5141/tcp, 5199/tcp, 5002/tcp (radio free ethernet), 5045/tcp (Open Settlement Protocol), 5117/tcp (GradeCam Image Processing), 5028/tcp (Quiqum Virtual Relais), 5108/tcp, 5029/tcp (Infobright Database Server), 5177/tcp, 5139/tcp, 5137/tcp (MyCTS server port), 5097/tcp, 5127/tcp, 5158/tcp, 5192/tcp (AmericaOnline2), 5081/tcp (SDL - Ent Trans Server), 5132/tcp, 5169/tcp, 5041/tcp, 5064/tcp (Channel Access 1), 5186/tcp, 5012/tcp (NetOnTap Service), 5080/tcp (OnScreen Data Collection Service), 5129/tcp, 5135/tcp (ERP-Scale), 5172/tcp, 5113/tcp, 5109/tcp, 5075/tcp, 5131/tcp.
      
BHD Honeypot
Port scan
2021-03-02

Port scan from IP: 194.147.140.106 detected by psad.
BHD Honeypot
Port scan
2021-03-01

In the last 24h, the attacker (194.147.140.106) attempted to scan 145 ports.
The following ports have been scanned: 5148/tcp, 5060/tcp (SIP), 5102/tcp (Oracle OMS non-secure), 5126/tcp, 5183/tcp, 5062/tcp (Localisation access), 5195/tcp, 5100/tcp (Socalia service mux), 5013/tcp (FileMaker, Inc. - Proprietary transport), 5057/tcp (Intecom Pointspan 2), 5168/tcp (SCTE30 Connection), 5136/tcp, 5008/tcp (Synapsis EDGE), 5072/tcp (Anything In Anything), 5059/tcp (SIP Directory Services), 5167/tcp (SCTE104 Connection), 5150/tcp (Ascend Tunnel Management Protocol), 5114/tcp (Enterprise Vault Services), 5133/tcp (Policy Commander), 5023/tcp (Htuil Server for PLD2), 5160/tcp, 5087/tcp, 5193/tcp (AmericaOnline3), 5058/tcp, 5010/tcp (TelepathStart), 5119/tcp, 5083/tcp (Qpur File Protocol), 5152/tcp (ESRI SDE Instance Discovery), 5015/tcp (FileMaker, Inc. - Web publishing), 5067/tcp (Authentx Service), 5017/tcp, 5161/tcp (SNMP over SSH Transport Model), 5138/tcp, 5170/tcp, 5185/tcp, 5142/tcp, 5011/tcp (TelepathAttack), 5090/tcp, 5187/tcp, 5176/tcp, 5164/tcp (Virtual Protocol Adapter), 5179/tcp, 5111/tcp (TAEP AS service), 5157/tcp (Mediat Remote Object Exchange), 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 5166/tcp (WinPCS Service Connection), 5149/tcp, 5026/tcp (Storix I/O daemon (data)), 5098/tcp, 5088/tcp, 5198/tcp, 5120/tcp, 5153/tcp (ToruX Game Server), 5122/tcp, 5190/tcp (America-Online), 5184/tcp, 5197/tcp, 5073/tcp (Advantage Group Port Mgr), 5154/tcp (BZFlag game server), 5021/tcp (zenginkyo-2), 5089/tcp, 5054/tcp (RLM administrative interface), 5046/tcp, 5189/tcp, 5110/tcp, 5079/tcp, 5180/tcp, 5065/tcp (Channel Access 2), 5035/tcp, 5051/tcp (ITA Agent), 5096/tcp, 5125/tcp, 5199/tcp, 5037/tcp, 5045/tcp (Open Settlement Protocol), 5068/tcp (Bitforest Data Service), 5029/tcp (Infobright Database Server), 5177/tcp, 5128/tcp, 5034/tcp, 5139/tcp, 5103/tcp (Actifio C2C), 5134/tcp (PP ActivationServer), 5024/tcp (SCPI-TELNET), 5044/tcp (LXI Event Service), 5095/tcp, 5158/tcp, 5052/tcp (ITA Manager), 5004/tcp (RTP media data [RFC 3551][RFC 4571]), 5074/tcp (ALES Query), 5144/tcp, 5163/tcp (Shadow Backup), 5192/tcp (AmericaOnline2), 5085/tcp (EPCglobal Encrypted LLRP), 5081/tcp (SDL - Ent Trans Server), 5171/tcp, 5169/tcp, 5077/tcp, 5118/tcp, 5186/tcp, 5080/tcp (OnScreen Data Collection Service), 5129/tcp, 5112/tcp (PeerMe Msg Cmd Service), 5031/tcp, 5082/tcp (Qpur Communication Protocol), 5042/tcp (asnaacceler8db), 5113/tcp, 5131/tcp, 5130/tcp, 5047/tcp, 5007/tcp (wsm server ssl).
      
BHD Honeypot
Port scan
2021-02-28

In the last 24h, the attacker (194.147.140.106) attempted to scan 66 ports.
The following ports have been scanned: 5148/tcp, 5188/tcp, 5043/tcp (ShopWorX Administration), 5062/tcp (Localisation access), 5066/tcp (STANAG-5066-SUBNET-INTF), 5116/tcp, 5086/tcp (Aprigo Collection Service), 5059/tcp (SIP Directory Services), 5167/tcp (SCTE104 Connection), 5150/tcp (Ascend Tunnel Management Protocol), 5196/tcp, 5133/tcp (Policy Commander), 5106/tcp, 5119/tcp, 5152/tcp (ESRI SDE Instance Discovery), 5003/tcp (FileMaker, Inc. - Proprietary transport), 5015/tcp (FileMaker, Inc. - Web publishing), 5061/tcp (SIP-TLS), 5138/tcp, 5147/tcp, 5170/tcp, 5142/tcp, 5156/tcp (Russian Online Game), 5006/tcp (wsm server), 5050/tcp (multimedia conference control tool), 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 5166/tcp (WinPCS Service Connection), 5149/tcp, 5055/tcp (UNOT), 5120/tcp, 5194/tcp (CipherPoint Config Service), 5197/tcp, 5094/tcp (HART-IP), 5154/tcp (BZFlag game server), 5140/tcp, 5053/tcp (RLM License Server), 5032/tcp, 5079/tcp, 5069/tcp (I/Net 2000-NPR), 5141/tcp, 5155/tcp (Oracle asControl Agent), 5125/tcp, 5178/tcp, 5177/tcp, 5128/tcp, 5127/tcp, 5158/tcp, 5004/tcp (RTP media data [RFC 3551][RFC 4571]), 5163/tcp (Shadow Backup), 5081/tcp (SDL - Ent Trans Server), 5132/tcp, 5105/tcp, 5129/tcp, 5135/tcp (ERP-Scale), 5019/tcp, 5113/tcp.
      
BHD Honeypot
Port scan
2021-02-27

In the last 24h, the attacker (194.147.140.106) attempted to scan 55 ports.
The following ports have been scanned: 5148/tcp, 5043/tcp (ShopWorX Administration), 5182/tcp, 5066/tcp (STANAG-5066-SUBNET-INTF), 5084/tcp (EPCglobal Low-Level Reader Protocol), 5086/tcp (Aprigo Collection Service), 5136/tcp, 5018/tcp, 5104/tcp, 5159/tcp, 5067/tcp (Authentx Service), 5076/tcp, 5147/tcp, 5142/tcp, 5011/tcp (TelepathAttack), 5176/tcp, 5156/tcp (Russian Online Game), 5145/tcp (RMONITOR SECURE), 5005/tcp (RTP control protocol [RFC 3551][RFC 4571]), 5070/tcp (VersaTrans Server Agent Service), 5149/tcp, 5088/tcp, 5120/tcp, 5153/tcp (ToruX Game Server), 5094/tcp (HART-IP), 5027/tcp (Storix I/O daemon (stat)), 5065/tcp (Channel Access 2), 5051/tcp (ITA Agent), 5014/tcp, 5096/tcp, 5141/tcp, 5155/tcp (Oracle asControl Agent), 5002/tcp (radio free ethernet), 5028/tcp (Quiqum Virtual Relais), 5068/tcp (Bitforest Data Service), 5108/tcp, 5139/tcp, 5024/tcp (SCPI-TELNET), 5137/tcp (MyCTS server port), 5052/tcp (ITA Manager), 5025/tcp (SCPI-RAW), 5144/tcp, 5163/tcp (Shadow Backup), 5077/tcp, 5064/tcp (Channel Access 1), 5118/tcp, 5080/tcp (OnScreen Data Collection Service), 5031/tcp, 5042/tcp (asnaacceler8db), 5033/tcp.
      
BHD Honeypot
Port scan
2021-02-26

In the last 24h, the attacker (194.147.140.106) attempted to scan 146 ports.
The following ports have been scanned: 5953/tcp, 5998/tcp, 5951/tcp, 5977/tcp, 5993/tcp, 5912/tcp (Flight Information Services), 5933/tcp, 5981/tcp, 5939/tcp, 5915/tcp, 5969/tcp (mppolicy-mgr), 5934/tcp, 5976/tcp, 5911/tcp (Controller Pilot Data Link Communication), 5999/tcp (CVSup), 5927/tcp, 5902/tcp, 5952/tcp, 5968/tcp (mppolicy-v5), 5910/tcp (Context Management), 5996/tcp, 5914/tcp, 5923/tcp, 5936/tcp, 5972/tcp, 5916/tcp, 5970/tcp, 5924/tcp, 5932/tcp, 5908/tcp, 5917/tcp, 5918/tcp, 5942/tcp, 5956/tcp, 5965/tcp, 5946/tcp, 5922/tcp, 5997/tcp, 5995/tcp, 5961/tcp, 5991/tcp (NUXSL), 5973/tcp, 5903/tcp, 5988/tcp (WBEM CIM-XML (HTTP)), 5905/tcp, 5945/tcp, 5930/tcp, 5971/tcp, 5989/tcp (WBEM CIM-XML (HTTPS)), 5994/tcp, 5954/tcp, 5963/tcp (Indy Application Server), 5959/tcp, 5958/tcp, 5925/tcp, 5938/tcp, 5982/tcp, 5992/tcp (Consul InSight Security), 5990/tcp (WBEM Export HTTPS), 5949/tcp, 5948/tcp, 5975/tcp, 5900/tcp (Remote Framebuffer), 5913/tcp (Automatic Dependent Surveillance), 5935/tcp, 5904/tcp, 5943/tcp, 5901/tcp, 5907/tcp, 5979/tcp, 5955/tcp, 5909/tcp, 5947/tcp, 5950/tcp, 5926/tcp, 5940/tcp, 5919/tcp, 5928/tcp, 5921/tcp, 5964/tcp, 5974/tcp, 5931/tcp, 5978/tcp, 5937/tcp.
      
BHD Honeypot
Port scan
2021-02-25

In the last 24h, the attacker (194.147.140.106) attempted to scan 115 ports.
The following ports have been scanned: 5998/tcp, 5951/tcp, 5993/tcp, 5912/tcp (Flight Information Services), 5933/tcp, 5980/tcp, 5915/tcp, 5976/tcp, 5911/tcp (Controller Pilot Data Link Communication), 5999/tcp (CVSup), 5927/tcp, 5902/tcp, 5952/tcp, 5968/tcp (mppolicy-v5), 5910/tcp (Context Management), 5996/tcp, 5914/tcp, 5936/tcp, 5941/tcp, 5967/tcp, 5972/tcp, 5970/tcp, 5924/tcp, 5932/tcp, 5908/tcp, 5983/tcp, 5965/tcp, 5946/tcp, 5922/tcp, 5997/tcp, 5995/tcp, 5961/tcp, 5991/tcp (NUXSL), 5973/tcp, 5903/tcp, 5984/tcp (CouchDB), 5966/tcp, 5988/tcp (WBEM CIM-XML (HTTP)), 5905/tcp, 5945/tcp, 5962/tcp, 5930/tcp, 5971/tcp, 5989/tcp (WBEM CIM-XML (HTTPS)), 5994/tcp, 5986/tcp (WBEM WS-Management HTTP over TLS/SSL), 5963/tcp (Indy Application Server), 5959/tcp, 5958/tcp, 5982/tcp, 5992/tcp (Consul InSight Security), 5990/tcp (WBEM Export HTTPS), 5949/tcp, 5948/tcp, 5975/tcp, 5913/tcp (Automatic Dependent Surveillance), 5987/tcp (WBEM RMI), 5943/tcp, 5901/tcp, 5979/tcp, 5955/tcp, 5909/tcp, 5950/tcp, 5926/tcp, 5919/tcp, 5960/tcp, 5957/tcp, 5964/tcp, 5974/tcp, 5906/tcp, 5978/tcp.
      
BHD Honeypot
Port scan
2021-02-25

Port scan from IP: 194.147.140.106 detected by psad.
BHD Honeypot
Port scan
2021-02-24

In the last 24h, the attacker (194.147.140.106) attempted to scan 172 ports.
The following ports have been scanned: 5881/tcp, 5852/tcp, 5899/tcp, 5879/tcp, 5886/tcp, 5830/tcp, 5858/tcp, 5884/tcp, 5808/tcp, 5860/tcp, 5854/tcp, 5889/tcp, 5859/tcp (WHEREHOO), 5894/tcp, 5822/tcp, 5896/tcp, 5878/tcp, 5815/tcp, 5857/tcp, 5840/tcp, 5876/tcp, 5872/tcp, 5898/tcp, 5866/tcp, 5831/tcp, 5812/tcp, 5803/tcp, 5800/tcp, 5844/tcp, 5853/tcp, 5895/tcp, 5841/tcp, 5802/tcp, 5825/tcp, 5888/tcp, 5834/tcp, 5883/tcp, 5823/tcp, 5875/tcp, 5961/tcp, 5839/tcp, 5819/tcp, 5804/tcp, 5801/tcp, 5869/tcp, 5892/tcp, 5861/tcp, 5885/tcp, 5816/tcp, 5849/tcp, 5897/tcp, 5817/tcp, 5865/tcp, 5877/tcp, 5874/tcp, 5836/tcp, 5824/tcp, 5948/tcp, 5814/tcp (Support Automation), 5820/tcp, 5818/tcp, 5813/tcp (ICMPD), 5856/tcp, 5826/tcp, 5847/tcp, 5806/tcp, 5882/tcp, 5805/tcp, 5842/tcp, 5935/tcp, 5868/tcp, 5851/tcp, 5827/tcp, 5979/tcp, 5864/tcp, 5809/tcp, 5833/tcp, 5890/tcp, 5821/tcp, 5810/tcp, 5919/tcp, 5832/tcp, 5863/tcp (PlanetPress Suite Messeng), 5837/tcp, 5871/tcp, 5838/tcp, 5855/tcp, 5848/tcp, 5807/tcp, 5893/tcp, 5835/tcp.
      
BHD Honeypot
Port scan
2021-02-23

In the last 24h, the attacker (194.147.140.106) attempted to scan 141 ports.
The following ports have been scanned: 5881/tcp, 5852/tcp, 5899/tcp, 5828/tcp, 5879/tcp, 5886/tcp, 5830/tcp, 5891/tcp, 5858/tcp, 5884/tcp, 5808/tcp, 5854/tcp, 5889/tcp, 5894/tcp, 5822/tcp, 5896/tcp, 5878/tcp, 5815/tcp, 5840/tcp, 5872/tcp, 5898/tcp, 5831/tcp, 5812/tcp, 5803/tcp, 5800/tcp, 5844/tcp, 5895/tcp, 5843/tcp, 5841/tcp, 5802/tcp, 5887/tcp, 5825/tcp, 5888/tcp, 5834/tcp, 5829/tcp, 5850/tcp, 5883/tcp, 5823/tcp, 5839/tcp, 5801/tcp, 5880/tcp, 5869/tcp, 5892/tcp, 5861/tcp, 5885/tcp, 5816/tcp, 5811/tcp, 5873/tcp, 5849/tcp, 5862/tcp, 5897/tcp, 5817/tcp, 5877/tcp, 5870/tcp, 5874/tcp, 5836/tcp, 5814/tcp (Support Automation), 5820/tcp, 5813/tcp (ICMPD), 5856/tcp, 5826/tcp, 5847/tcp, 5867/tcp, 5805/tcp, 5842/tcp, 5868/tcp, 5851/tcp, 5827/tcp, 5864/tcp, 5809/tcp, 5833/tcp, 5810/tcp, 5832/tcp, 5837/tcp, 5871/tcp, 5838/tcp, 5855/tcp, 5848/tcp, 5807/tcp, 5893/tcp, 5835/tcp.
      
BHD Honeypot
Port scan
2021-02-21

In the last 24h, the attacker (194.147.140.106) attempted to scan 88 ports.
The following ports have been scanned: 5798/tcp, 5703/tcp, 5711/tcp, 5778/tcp, 5745/tcp (fcopy-server), 5795/tcp, 5721/tcp (Desktop Passthru Service), 5749/tcp, 5790/tcp, 5761/tcp, 5758/tcp, 5792/tcp, 5732/tcp, 5738/tcp, 5722/tcp (Microsoft DFS Replication Service), 5701/tcp, 5724/tcp (Operations Manager - SDK Service), 5794/tcp, 5720/tcp (MS-Licensing), 5728/tcp (Dist. I/O Comm. Service Data and Control), 5769/tcp (x509solutions Internal CA), 5797/tcp, 5772/tcp, 5777/tcp (DALI Port), 5764/tcp, 5748/tcp (Wildbits Tunalyzer), 5739/tcp, 5782/tcp (3PAR Management Service), 5774/tcp, 5781/tcp (3PAR Event Reporting Service), 5776/tcp, 5786/tcp, 5755/tcp (OpenMail Desk Gateway server), 5741/tcp (IDA Discover Port 1), 5717/tcp (proshare conf notify), 5730/tcp (Steltor's calendar access), 5799/tcp, 5753/tcp, 5767/tcp (OpenMail Suer Agent Layer (Secure)), 5762/tcp, 5709/tcp, 5736/tcp, 5705/tcp, 5757/tcp (OpenMail X.500 Directory Server), 5771/tcp (NetAgent), 5737/tcp, 5726/tcp (Microsoft Lifecycle Manager Secure Token Service), 5750/tcp (Bladelogic Agent Service), 5718/tcp (DPM Communication Server), 5759/tcp, 5791/tcp, 5746/tcp (fcopys-server), 5796/tcp, 5766/tcp (OpenMail NewMail Server), 5742/tcp (IDA Discover Port 2), 5768/tcp (OpenMail CMTS Server), 5760/tcp, 5780/tcp (Visual Tag System RPC), 5775/tcp, 5716/tcp (proshare conf request), 5714/tcp (proshare conf video), 5729/tcp (Openmail User Agent Layer).
      
BHD Honeypot
Port scan
2021-02-20

In the last 24h, the attacker (194.147.140.106) attempted to scan 84 ports.
The following ports have been scanned: 5719/tcp (DPM Agent Coordinator), 5734/tcp, 5711/tcp, 5733/tcp, 5770/tcp (x509solutions Secure Data), 5745/tcp (fcopy-server), 5795/tcp, 5721/tcp (Desktop Passthru Service), 5749/tcp, 5756/tcp, 5744/tcp (Watchdoc Server), 5790/tcp, 5761/tcp, 5754/tcp, 5727/tcp (ASG Event Notification Framework), 5732/tcp, 5735/tcp, 5738/tcp, 5706/tcp, 5722/tcp (Microsoft DFS Replication Service), 5794/tcp, 5728/tcp (Dist. I/O Comm. Service Data and Control), 5797/tcp, 5772/tcp, 5777/tcp (DALI Port), 5725/tcp (Microsoft Identity Lifecycle Manager), 5748/tcp (Wildbits Tunalyzer), 5747/tcp (Wildbits Tunatic), 5782/tcp (3PAR Management Service), 5774/tcp, 5776/tcp, 5713/tcp (proshare conf audio), 5731/tcp, 5785/tcp (3PAR Inform Remote Copy), 5741/tcp (IDA Discover Port 1), 5717/tcp (proshare conf notify), 5730/tcp (Steltor's calendar access), 5799/tcp, 5753/tcp, 5715/tcp (proshare conf data), 5762/tcp, 5709/tcp, 5787/tcp, 5757/tcp (OpenMail X.500 Directory Server), 5763/tcp, 5783/tcp (3PAR Management Service with SSL), 5737/tcp, 5726/tcp (Microsoft Lifecycle Manager Secure Token Service), 5750/tcp (Bladelogic Agent Service), 5788/tcp, 5718/tcp (DPM Communication Server), 5704/tcp, 5789/tcp, 5723/tcp (Operations Manager - Health Service), 5700/tcp, 5760/tcp, 5780/tcp (Visual Tag System RPC), 5773/tcp, 5714/tcp (proshare conf video), 5765/tcp, 5729/tcp (Openmail User Agent Layer), 5702/tcp.
      
BHD Honeypot
Port scan
2021-02-20

Port scan from IP: 194.147.140.106 detected by psad.
BHD Honeypot
Port scan
2021-02-19

In the last 24h, the attacker (194.147.140.106) attempted to scan 129 ports.
The following ports have been scanned: 5529/tcp, 5614/tcp, 5563/tcp, 5642/tcp, 5539/tcp, 5545/tcp, 5698/tcp, 5576/tcp, 5602/tcp (A1-MSC), 5695/tcp, 5650/tcp, 5514/tcp, 5525/tcp, 5659/tcp, 5575/tcp (Oracle Access Protocol), 5573/tcp (SAS Domain Management Messaging Protocol), 5522/tcp, 5565/tcp, 5605/tcp (A4-SDUNode), 5655/tcp, 5598/tcp (MCT Market Data Feed), 5601/tcp (Enterprise Security Agent), 5620/tcp, 5590/tcp, 5560/tcp, 5592/tcp, 5607/tcp, 5627/tcp (Node Initiated Network Association Forma), 5637/tcp, 5527/tcp, 5521/tcp, 5661/tcp, 5561/tcp, 5554/tcp (SGI ESP HTTP), 5617/tcp, 5688/tcp (GGZ Gaming Zone), 5696/tcp, 5628/tcp (HTrust API), 5508/tcp, 5684/tcp, 5651/tcp, 5624/tcp, 5636/tcp (SFMdb - SFM DB server), 5552/tcp, 5610/tcp, 5639/tcp, 5608/tcp, 5673/tcp (JACL Message Server), 5538/tcp, 5585/tcp (BeInSync-sync), 5693/tcp, 5542/tcp, 5594/tcp, 5544/tcp, 5654/tcp, 5543/tcp, 5609/tcp, 5645/tcp, 5557/tcp (Sandlab FARENET), 5564/tcp, 5558/tcp, 5566/tcp (Westec Connect), 5596/tcp, 5611/tcp, 5595/tcp, 5548/tcp, 5574/tcp (SAS IO Forwarding), 5588/tcp, 5550/tcp, 5653/tcp, 5641/tcp, 5553/tcp (SGI Eventmond Port), 5582/tcp (T-Mobile SMS Protocol Message 3), 5640/tcp, 5635/tcp (SFM Authentication Subsystem), 5687/tcp, 5675/tcp (V5UA application port), 5562/tcp, 5632/tcp (pcANYWHEREstat), 5535/tcp, 5646/tcp, 5626/tcp, 5652/tcp, 5671/tcp (amqp protocol over TLS/SSL), 5536/tcp, 5500/tcp (fcp-addr-srvr1), 5559/tcp, 5530/tcp, 5506/tcp (Amcom Mobile Connect), 5612/tcp, 5662/tcp, 5615/tcp, 5507/tcp, 5586/tcp, 5697/tcp, 5532/tcp, 5644/tcp.
      
BHD Honeypot
Port scan
2021-02-18

In the last 24h, the attacker (194.147.140.106) attempted to scan 94 ports.
The following ports have been scanned: 5529/tcp, 5516/tcp, 5563/tcp, 5606/tcp, 5597/tcp (inin secure messaging), 5613/tcp, 5525/tcp, 5659/tcp, 5575/tcp (Oracle Access Protocol), 5631/tcp (pcANYWHEREdata), 5573/tcp (SAS Domain Management Messaging Protocol), 5599/tcp (Enterprise Security Remote Install), 5522/tcp, 5540/tcp, 5584/tcp (BeInSync-Web), 5512/tcp, 5686/tcp, 5590/tcp, 5592/tcp, 5657/tcp, 5622/tcp, 5661/tcp, 5510/tcp, 5688/tcp (GGZ Gaming Zone), 5628/tcp (HTrust API), 5504/tcp (fcp-cics-gw1), 5502/tcp (fcp-srvr-inst1), 5618/tcp, 5580/tcp (T-Mobile SMS Protocol Message 0), 5503/tcp (fcp-srvr-inst2), 5682/tcp, 5541/tcp, 5610/tcp, 5680/tcp (Auriga Router Service), 5648/tcp, 5639/tcp, 5673/tcp (JACL Message Server), 5538/tcp, 5669/tcp, 5654/tcp, 5603/tcp (A1-BS), 5609/tcp, 5677/tcp (Quest Central DB2 Launchr), 5583/tcp (T-Mobile SMS Protocol Message 2), 5600/tcp (Enterprise Security Manager), 5611/tcp, 5595/tcp, 5574/tcp (SAS IO Forwarding), 5588/tcp, 5551/tcp, 5641/tcp, 5569/tcp, 5553/tcp (SGI Eventmond Port), 5629/tcp (Symantec Storage Foundation for Database), 5534/tcp, 5593/tcp, 5675/tcp (V5UA application port), 5562/tcp, 5535/tcp, 5572/tcp, 5626/tcp, 5681/tcp (Net-coneX Control Protocol), 5537/tcp, 5671/tcp (amqp protocol over TLS/SSL), 5536/tcp, 5692/tcp, 5633/tcp (BE Operations Request Listener), 5530/tcp, 5619/tcp, 5647/tcp, 5662/tcp, 5532/tcp.
      
BHD Honeypot
Port scan
2021-02-17

In the last 24h, the attacker (194.147.140.106) attempted to scan 102 ports.
The following ports have been scanned: 5672/tcp (AMQP), 5513/tcp, 5529/tcp, 5517/tcp, 5614/tcp, 5642/tcp, 5549/tcp, 5602/tcp (A1-MSC), 5695/tcp, 5670/tcp, 5514/tcp, 5613/tcp, 5638/tcp, 5631/tcp (pcANYWHEREdata), 5540/tcp, 5512/tcp, 5620/tcp, 5686/tcp, 5524/tcp, 5592/tcp, 5505/tcp (Checkout Database), 5521/tcp, 5661/tcp, 5561/tcp, 5656/tcp, 5510/tcp, 5526/tcp, 5617/tcp, 5628/tcp (HTrust API), 5504/tcp (fcp-cics-gw1), 5684/tcp, 5502/tcp (fcp-srvr-inst1), 5618/tcp, 5541/tcp, 5639/tcp, 5538/tcp, 5693/tcp, 5594/tcp, 5544/tcp, 5654/tcp, 5603/tcp (A1-BS), 5645/tcp, 5591/tcp, 5583/tcp (T-Mobile SMS Protocol Message 2), 5600/tcp (Enterprise Security Manager), 5666/tcp, 5649/tcp, 5630/tcp (PreciseCommunication), 5674/tcp (HyperSCSI Port), 5658/tcp, 5694/tcp, 5668/tcp, 5653/tcp, 5641/tcp, 5629/tcp (Symantec Storage Foundation for Database), 5660/tcp, 5534/tcp, 5519/tcp, 5520/tcp, 5687/tcp, 5577/tcp, 5632/tcp (pcANYWHEREstat), 5676/tcp (RA Administration), 5685/tcp, 5626/tcp, 5681/tcp (Net-coneX Control Protocol), 5537/tcp, 5671/tcp (amqp protocol over TLS/SSL), 5692/tcp, 5679/tcp (Direct Cable Connect Manager), 5500/tcp (fcp-addr-srvr1), 5690/tcp, 5612/tcp, 5662/tcp, 5615/tcp, 5507/tcp, 5523/tcp, 5697/tcp, 5532/tcp, 5547/tcp, 5644/tcp.
      
BHD Honeypot
Port scan
2021-02-16

In the last 24h, the attacker (194.147.140.106) attempted to scan 25 ports.
The following ports have been scanned: 5672/tcp (AMQP), 5513/tcp, 5614/tcp, 5545/tcp, 5678/tcp (Remote Replication Agent Connection), 5576/tcp, 5663/tcp, 5655/tcp, 5621/tcp, 5684/tcp, 5624/tcp, 5636/tcp (SFMdb - SFM DB server), 5503/tcp (fcp-srvr-inst2), 5541/tcp, 5680/tcp (Auriga Router Service), 5542/tcp, 5654/tcp, 5674/tcp (HyperSCSI Port), 5658/tcp, 5520/tcp, 5581/tcp (T-Mobile SMS Protocol Message 1), 5691/tcp, 5528/tcp, 5690/tcp, 5697/tcp.
      
BHD Honeypot
Port scan
2021-02-15

In the last 24h, the attacker (194.147.140.106) attempted to scan 5 ports.
The following ports have been scanned: 5623/tcp, 5663/tcp, 5580/tcp (T-Mobile SMS Protocol Message 0), 5593/tcp, 5535/tcp.
      
BHD Honeypot
Port scan
2021-02-15

Port scan from IP: 194.147.140.106 detected by psad.
BHD Honeypot
Port scan
2021-02-10

In the last 24h, the attacker (194.147.140.106) attempted to scan 115 ports.
The following ports have been scanned: 5421/tcp (Net Support 2), 5495/tcp, 5314/tcp (opalis-rbt-ipc), 5329/tcp, 5402/tcp (OmniCast MFTP), 5470/tcp, 5431/tcp (PARK AGENT), 5405/tcp (NetSupport), 5491/tcp, 5353/tcp (Multicast DNS), 5346/tcp, 5390/tcp, 5326/tcp, 5469/tcp, 5320/tcp (Webservices-based Zn interface of BSF), 5357/tcp (Web Services for Devices), 5414/tcp (StatusD), 5323/tcp, 5493/tcp, 5345/tcp, 5473/tcp, 5333/tcp, 5342/tcp, 5417/tcp (SNS Agent), 5489/tcp, 5367/tcp, 5398/tcp (Elektron Administration), 5301/tcp (HA cluster general services), 5481/tcp, 5439/tcp, 5404/tcp (HPOMS-DPS-LSTN), 5427/tcp (SCO-PEER-TTA), 5446/tcp, 5457/tcp, 5452/tcp, 5374/tcp, 5347/tcp, 5381/tcp, 5424/tcp (Beyond Remote), 5394/tcp, 5454/tcp (APC 5454), 5350/tcp (NAT-PMP Status Announcements), 5445/tcp, 5447/tcp, 5449/tcp, 5317/tcp, 5462/tcp (TTL Publisher), 5403/tcp (HPOMS-CI-LSTN), 5327/tcp, 5479/tcp, 5308/tcp (CFengine), 5325/tcp, 5466/tcp, 5396/tcp, 5467/tcp, 5369/tcp, 5498/tcp, 5302/tcp (HA cluster configuration), 5313/tcp (Real-time & Reliable Data), 5485/tcp, 5434/tcp (SGI Array Services Daemon), 5400/tcp (Excerpt Search), 5335/tcp, 5496/tcp, 5476/tcp, 5487/tcp, 5494/tcp, 5356/tcp (Microsoft Small Business), 5440/tcp, 5475/tcp, 5391/tcp, 5397/tcp (StressTester(tm) Injector), 5312/tcp (Permabit Client-Server), 5310/tcp (Outlaws), 5383/tcp, 5389/tcp, 5441/tcp, 5456/tcp (APC 5456), 5338/tcp, 5486/tcp, 5361/tcp (Secure Protocol for Windows SideShow), 5459/tcp, 5426/tcp (DEVBASIC), 5336/tcp, 5348/tcp, 5380/tcp, 5444/tcp, 5471/tcp, 5382/tcp, 5408/tcp (Foresyte-Sec), 5300/tcp (HA cluster heartbeat), 5330/tcp.
      

Blacklist

Near real-time, easy to use data feed containing IPs reported on our website.

Bronze

$3

Updated daily

Learn More

Silver

$15

Updated every hour

Learn More

Gold

$30

Updated every 10 minutes

Learn More

Remarks

Black hat directory contains this IP address, because Internet users reported it as an address making unsolicited, nagging requests. We make every effort to ensure that the information contained in the Black hat directory are correct and up to date. The database is developed and updated by Internet users and moderators.

If you have any reliable information regarding malicious activity originating from this IP address, please share it with others and fill in the 'Report breach' form. It is prohibited from adding personally identifiable information.

Below breach categories are used in the database:

  • Denial of service attack - this attack is accomplished by flooding the target with massive amount of requests in order to overload the targeted system
  • Brute force attack - this category encompasses attempts to login to machine by trying many passwords and usernames
  • Backdoor attack - this category represents bypassing authentication by hidden programs or services to obtain remote access to a computer or trojan activity
  • Port scan - represents attackers identifying running services on the targeted machine by probing a server for open ports
  • Malicious bot - this category encompasses all bots performing unsolicited requests or ignoring robots.txt file
  • Anonymous proxy - public proxies like Tor, I2P relays or anonymous VPNs are often used by attacker to hide his identity
  • Web attack - attempts to exploit web application security flaws
  • CMS attack - attempts to exploit CMS vulnerability
  • App vulnerability attack - attempts to exploit other applications vulnerability
  • Web spam - encompasses all kind of HTTP spamming
  • Email spam - encompasses all kind of E-mail spamming
  • Dodgy activity - this category encompasses superfluous, dodgy requests

Emerging threats

The most commonly reported IP addresses in the last 24 hours

Report breach!

Rate host 194.147.140.106