JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 36.111.148.157

36.111.148.157 was found in our database!

This IP was reported 1,694 times. Confidence of Abuse is 75%: ?

75%

ISP	CHINANET Zhejiang province network
Usage Type	Data Center/Web Hosting/Transit
ASN	AS23724
Domain Name	hz.zj.cn
Country	🇨🇳 China
City	Beijing, Beijing

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 36.111.148.157

Whois 36.111.148.157

IP Abuse Reports for 36.111.148.157:

This IP address has been reported a total of 1,694 times from 586 distinct sources. 36.111.148.157 was first reported on January 10th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇳 evicky2002	2026-05-25 06:00:00 (1 week ago)	Confirmed malicious by STILWaters CTI platform (score=100, sources=1)	Hacking Brute-Force SSH
🇧🇷 ICS Labs	2026-05-21 14:38:40 (2 weeks ago)	ICS Labs identified 36.111.148.157 as a malicious indicator from threat intelligence.	Hacking
🇨🇭 YF	2026-05-20 23:49:34 (2 weeks ago)	Pays blacklisté (CN)	Brute-Force Web App Attack
🇨🇦 QSC-Sentinel	2026-05-20 22:28:46 (2 weeks ago)	Banned by fail2ban jail sshd on etlab-research	Brute-Force SSH
🇫🇷 Fasetech	2026-05-11 13:07:09 (3 weeks ago)	SecLedge detected suspicious activity. Score: 129.96. Sensor: T-Pot.	Brute-Force Web App Attack
🇫🇷 Fasetech	2026-05-08 07:45:56 (4 weeks ago)	SecLedge detected suspicious activity. Score: 129.96. Sensor: T-Pot.	Brute-Force Web App Attack
🇫🇷 Fasetech	2026-05-05 08:00:49 (1 month ago)	SecLedge detected suspicious activity. Score: 129.96. Sensor: T-Pot.	Brute-Force Web App Attack
🇫🇷 Fasetech	2026-05-01 14:46:09 (1 month ago)	SecLedge detected suspicious activity. Score: 129.96. Sensor: T-Pot.	Brute-Force Web App Attack
🇫🇷 Fasetech	2026-04-24 08:47:12 (1 month ago)	SecLedge detected suspicious activity. Score: 129.96. Sensor: T-Pot.	Brute-Force Web App Attack
🇧🇷 helix	2026-04-24 06:36:56 (1 month ago)	Automated report: SSH brute force detected. This IP exceeded the allowed number of failed login atte ... show more Automated report: SSH brute force detected. This IP exceeded the allowed number of failed login attempts (3 attempts). show less	Brute-Force SSH
🇳🇱 n8thingn3ss	2026-04-24 01:42:53 (1 month ago)	Banned by Fail2ban, heh	Brute-Force SSH
🇧🇷 helix	2026-04-23 06:19:25 (1 month ago)	Automated report: SSH brute force detected. This IP exceeded the allowed number of failed login atte ... show more Automated report: SSH brute force detected. This IP exceeded the allowed number of failed login attempts (3 attempts). show less	Brute-Force SSH
Anonymous	2026-04-22 08:06:06 (1 month ago)	2026-04-22T09:39:35.218732+02:00 webtest sshd[73633]: Failed password for invalid user root from 36. ... show more 2026-04-22T09:39:35.218732+02:00 webtest sshd[73633]: Failed password for invalid user root from 36.111.148.157 port 49054 ssh2 2026-04-22T09:59:57.535805+02:00 webtest sshd[74394]: User root from 36.111.148.157 not allowed because not listed in AllowUsers 2026-04-22T09:59:57.537374+02:00 webtest sshd[74394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.111.148.157 user=root 2026-04-22T09:59:59.774937+02:00 webtest sshd[74394]: Failed password for invalid user root from 36.111.148.157 port 57756 ssh2 2026-04-22T10:06:06.393635+02:00 webtest sshd[74534]: User root from 36.111.148.157 not allowed because not listed in AllowUsers ... show less	Brute-Force SSH
🇩🇪 wlt-blocker	2026-04-21 22:49:24 (1 month ago)	Attempts to access SSH server with wrong credentials	SSH
🇩🇪 CDiehl	2026-04-21 22:34:32 (1 month ago)	Apr 22 00:34:29 centrum sshd-session[31553]: Disconnected from authenticating user root 36.111.148.1 ... show more Apr 22 00:34:29 centrum sshd-session[31553]: Disconnected from authenticating user root 36.111.148.157 port 48782 [preauth] Apr 22 00:34:31 centrum sshd-session[31578]: Disconnected from authenticating user root 36.111.148.157 port 48796 [preauth] ... show less	Brute-Force SSH

Showing 1 to 15 of 1694 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 147.185.132.92

🇨🇳 113.225.32.16

🇮🇩 103.41.247.76

🇺🇸 97.225.79.191

🇺🇸 73.209.89.4

🇱🇻 217.60.3.128

🇦🇷 186.148.224.183

🇲🇳 103.50.205.131

🇮🇹 83.224.168.48

🇫🇷 51.159.110.167

🇳🇱 45.148.10.183

🇨🇳 14.103.117.75

🇺🇸 172.234.218.22

🇱🇹 81.30.98.49

🇨🇳 58.47.46.33

🇺🇸 50.116.72.139

🇸🇬 47.84.111.160

🇳🇱 45.148.10.157

🇬🇧 35.203.210.110

🇺🇸 18.226.230.77