110.18.2.134 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
110.18.248.53	attack	Telnet/23 MH Probe, Scan, BF, Hack -	2020-08-11 14:42:24
110.18.248.53	attackbots	Unauthorised access (Aug 9) SRC=110.18.248.53 LEN=40 TTL=47 ID=2102 TCP DPT=8080 WINDOW=33507 SYN Unauthorised access (Aug 9) SRC=110.18.248.53 LEN=40 TTL=47 ID=40170 TCP DPT=8080 WINDOW=18186 SYN Unauthorised access (Aug 9) SRC=110.18.248.53 LEN=40 TTL=47 ID=13671 TCP DPT=8080 WINDOW=33507 SYN	2020-08-10 04:29:36
110.18.2.137	attackspam	2020-06-01 15:19:30.571077-0500 localhost sshd[99377]: Failed password for root from 110.18.2.137 port 49326 ssh2	2020-06-02 05:09:39
110.18.248.15	attack	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-29 21:11:10
110.18.243.70	attack	2019-10-28T11:54:30.113335abusebot-3.cloudsearch.cf sshd\[23232\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.18.243.70 user=root	2019-10-28 19:57:15
110.18.243.70	attack	2019-10-28T06:39:27.481334abusebot-3.cloudsearch.cf sshd\[22116\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.18.243.70 user=root	2019-10-28 14:55:50
110.18.243.70	attackbotsspam	2019-10-26T23:48:45.453909enmeeting.mahidol.ac.th sshd\[24649\]: User root from 110.18.243.70 not allowed because not listed in AllowUsers 2019-10-26T23:48:45.575821enmeeting.mahidol.ac.th sshd\[24649\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.18.243.70 user=root 2019-10-26T23:48:47.494132enmeeting.mahidol.ac.th sshd\[24649\]: Failed password for invalid user root from 110.18.243.70 port 48363 ssh2 ...	2019-10-27 01:00:51
110.18.243.70	attackbotsspam	2019-10-26T04:55:38.241267abusebot-3.cloudsearch.cf sshd\[10624\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.18.243.70 user=root	2019-10-26 13:15:18
110.18.243.70	attackspambots	2019-10-25T23:05:43.804439enmeeting.mahidol.ac.th sshd\[13860\]: User root from 110.18.243.70 not allowed because not listed in AllowUsers 2019-10-25T23:05:43.931870enmeeting.mahidol.ac.th sshd\[13860\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.18.243.70 user=root 2019-10-25T23:05:45.840482enmeeting.mahidol.ac.th sshd\[13860\]: Failed password for invalid user root from 110.18.243.70 port 34975 ssh2 ...	2019-10-26 00:20:38
110.18.243.70	attackbots	2019-10-25T03:25:12.795561enmeeting.mahidol.ac.th sshd\[23224\]: User root from 110.18.243.70 not allowed because not listed in AllowUsers 2019-10-25T03:25:12.916605enmeeting.mahidol.ac.th sshd\[23224\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.18.243.70 user=root 2019-10-25T03:25:14.628404enmeeting.mahidol.ac.th sshd\[23224\]: Failed password for invalid user root from 110.18.243.70 port 46641 ssh2 ...	2019-10-25 04:30:09
110.18.243.70	attack	2019-10-24T10:55:59.524727enmeeting.mahidol.ac.th sshd\[8138\]: User root from 110.18.243.70 not allowed because not listed in AllowUsers 2019-10-24T10:55:59.651670enmeeting.mahidol.ac.th sshd\[8138\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.18.243.70 user=root 2019-10-24T10:56:01.897498enmeeting.mahidol.ac.th sshd\[8138\]: Failed password for invalid user root from 110.18.243.70 port 42310 ssh2 ...	2019-10-24 12:03:24
110.18.243.70	attackbotsspam	2019-10-06T21:05:44.309387abusebot-4.cloudsearch.cf sshd\[13547\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.18.243.70 user=root	2019-10-07 05:50:01
110.18.209.106	attackspam	[portscan] tcp/23 [TELNET] *(RWIN=4709)(06240931)	2019-06-25 04:57:29

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 110.18.2.134
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65241
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;110.18.2.134.			IN	A

;; AUTHORITY SECTION:
.			462	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022030301 1800 900 604800 86400

;; Query time: 67 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Mar 04 05:24:45 CST 2022
;; MSG SIZE  rcvd: 105

Host info

Host 134.2.18.110.in-addr.arpa not found: 2(SERVFAIL)

Nslookup info:

server can't find 110.18.2.134.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
103.225.208.231	attack	[Thu Feb 20 12:38:43.128987 2020] [:error] [pid 9457:tid 140470364251904] [client 103.225.208.231:39107] [client 103.225.208.231] ModSecurity: Access denied with code 403 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/RESPONSE-950-DATA-LEAKAGES.conf"] [line "118"] [id "950100"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/maritim/1240-prakiraan-pasang-surut-kalianget"] [unique_id "Xk4bYlX0lbHJKD@WRdWaNwAAAAE"], referer: https://www.google.com/ ...	2020-02-20 21:24:34
122.117.64.4	attack	Honeypot attack, port: 81, PTR: 122-117-64-4.HINET-IP.hinet.net.	2020-02-20 20:52:49
1.171.167.30	attackbotsspam	Honeypot attack, port: 445, PTR: 1-171-167-30.dynamic-ip.hinet.net.	2020-02-20 21:01:04
51.79.44.52	attackbots	suspicious action Thu, 20 Feb 2020 09:45:12 -0300	2020-02-20 20:58:25
14.136.245.194	attackspam	Feb 20 11:34:43 s1 sshd\[32396\]: Invalid user gitlab-runner from 14.136.245.194 port 45185 Feb 20 11:34:43 s1 sshd\[32396\]: Failed password for invalid user gitlab-runner from 14.136.245.194 port 45185 ssh2 Feb 20 11:36:44 s1 sshd\[2818\]: Invalid user HTTP from 14.136.245.194 port 5793 Feb 20 11:36:44 s1 sshd\[2818\]: Failed password for invalid user HTTP from 14.136.245.194 port 5793 ssh2 Feb 20 11:38:43 s1 sshd\[4792\]: Invalid user rabbitmq from 14.136.245.194 port 58561 Feb 20 11:38:43 s1 sshd\[4792\]: Failed password for invalid user rabbitmq from 14.136.245.194 port 58561 ssh2 ...	2020-02-20 20:44:48
27.74.244.66	attackbots	Unauthorized connection attempt from IP address 27.74.244.66 on Port 445(SMB)	2020-02-20 21:25:02
179.49.34.50	attackspam	$f2bV_matches	2020-02-20 20:51:01
27.100.236.168	attack	Honeypot attack, port: 81, PTR: PTR record not found	2020-02-20 20:50:30
77.138.144.3	attackbotsspam	Telnet Server BruteForce Attack	2020-02-20 21:19:04
45.133.99.2	attackspambots	Feb 20 13:44:32 relay postfix/smtpd\[11645\]: warning: unknown\[45.133.99.2\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Feb 20 13:44:55 relay postfix/smtpd\[5557\]: warning: unknown\[45.133.99.2\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Feb 20 13:44:55 relay postfix/smtpd\[4416\]: warning: unknown\[45.133.99.2\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Feb 20 13:45:19 relay postfix/smtpd\[11645\]: warning: unknown\[45.133.99.2\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Feb 20 13:55:57 relay postfix/smtpd\[15880\]: warning: unknown\[45.133.99.2\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-02-20 21:04:17
81.214.126.162	attackspam	DATE:2020-02-20 05:47:07, IP:81.214.126.162, PORT:telnet Telnet brute force auth on honeypot server (epe-honey1-hq)	2020-02-20 20:44:26
103.81.211.23	attack	Honeypot attack, port: 81, PTR: PTR record not found	2020-02-20 21:08:53
5.135.253.172	attackspambots	scans 2 times in preceeding hours on the ports (in chronological order) 11775 11776	2020-02-20 21:06:39
49.88.112.72	attackspam	SSH bruteforce	2020-02-20 21:21:49
91.217.109.196	attackspambots	Honeypot attack, port: 81, PTR: PTR record not found	2020-02-20 21:16:51

Recently Reported IPs

110.18.2.133	110.18.2.136	110.18.2.138	110.18.2.14
110.18.2.140	110.18.2.142	110.18.2.225	110.18.33.241
110.18.45.237	110.186.90.225	110.187.130.192	110.187.151.18
110.187.213.210	110.187.216.116	110.187.216.132	110.187.216.189
110.187.216.19	110.187.216.227	110.187.216.233	110.187.217.132