112.115.139.21

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
112.115.139.26	attackspam	Unauthorized connection attempt detected from IP address 112.115.139.26 to port 8908 [T]	2020-05-20 11:30:14
112.115.139.108	attack	Unauthorized connection attempt detected from IP address 112.115.139.108 to port 8081	2019-12-31 06:51:06
112.115.139.118	attackbotsspam	The IP has triggered Cloudflare WAF. CF-Ray: 54153a6a9d57eb00 \| WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: img.skk.moe \| User-Agent: Mozilla/4.066686748 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 04:37:51

Type

Details

Datetime

112.115.139.26

attackspam

Unauthorized connection attempt detected from IP address 112.115.139.26 to port 8908 [T]

2020-05-20 11:30:14

112.115.139.108

attack

Unauthorized connection attempt detected from IP address 112.115.139.108 to port 8081

2019-12-31 06:51:06

112.115.139.118

attackbotsspam

The IP has triggered Cloudflare WAF. CF-Ray: 54153a6a9d57eb00 | WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 | WAF_Kind: firewall | CF_Action: drop | Country: CN | CF_IPClass: noRecord | Protocol: HTTP/1.1 | Method: GET | Host: img.skk.moe | User-Agent: Mozilla/4.066686748 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) | CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-08 04:37:51

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 112.115.139.21
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47557
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;112.115.139.21.			IN	A

;; AUTHORITY SECTION:
.			333	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022030302 1800 900 604800 86400

;; Query time: 26 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Mar 04 10:27:15 CST 2022
;; MSG SIZE  rcvd: 107

Host info

b';; connection timed out; no servers could be reached
'

Nslookup info:

server can't find 112.115.139.21.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
139.186.71.224	attackbots	Apr 21 03:56:26 : SSH login attempts with invalid user	2020-04-22 06:40:30
222.186.3.249	attackspam	Apr 22 00:35:40 plex sshd[6949]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.3.249 user=root Apr 22 00:35:42 plex sshd[6949]: Failed password for root from 222.186.3.249 port 42841 ssh2	2020-04-22 06:40:46
192.243.119.201	attackbotsspam	Invalid user ubuntu from 192.243.119.201 port 45382	2020-04-22 06:44:30
43.243.168.63	attack	" "	2020-04-22 06:47:04
192.99.34.42	attack	as always with OVH Don’t ever register domain names at ovh !!!!!!!!! All domain names registered at ovh are attacked /Wp-login.php /wp-admin.php	2020-04-22 06:18:52
101.91.238.160	attackspambots	Apr 21 14:09:59 server1 sshd\[8634\]: Invalid user oracle from 101.91.238.160 Apr 21 14:09:59 server1 sshd\[8634\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.238.160 Apr 21 14:10:01 server1 sshd\[8634\]: Failed password for invalid user oracle from 101.91.238.160 port 37866 ssh2 Apr 21 14:13:26 server1 sshd\[9661\]: Invalid user oracle from 101.91.238.160 Apr 21 14:13:26 server1 sshd\[9661\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.238.160 ...	2020-04-22 06:20:10
140.143.233.29	attack	Invalid user admin from 140.143.233.29 port 3080	2020-04-22 06:22:42
202.5.53.69	attack	Dovecot Invalid User Login Attempt.	2020-04-22 06:24:06
62.210.104.83	attackbots	62.210.104.83 - - [21/Apr/2020:22:48:41 +0300] "POST /wp-login.php HTTP/1.1" 200 2172 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-04-22 06:18:21
163.43.31.188	attackbotsspam	$f2bV_matches	2020-04-22 06:31:26
120.36.224.183	attackbots	Apr 21 22:42:31 vps647732 sshd[22036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.36.224.183 Apr 21 22:42:34 vps647732 sshd[22036]: Failed password for invalid user test1 from 120.36.224.183 port 25457 ssh2 ...	2020-04-22 06:10:26
69.163.163.220	attack	[Tue Apr 21 16:48:05.321989 2020] [:error] [pid 245543] [client 69.163.163.220:35392] [client 69.163.163.220] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ws24vmsma01.ufn.edu.br"] [uri "/xmlrpc.php"] [unique_id "Xp9N9XrIKQ0w-pLqFJ4SAgAAAAE"] ...	2020-04-22 06:44:03
144.217.70.190	attackbots	xmlrpc attack	2020-04-22 06:21:17
79.136.70.159	attackbots	Apr 21 03:35:13 : SSH login attempts with invalid user	2020-04-22 06:35:55
212.100.155.154	attack	Invalid user admin01 from 212.100.155.154 port 48054	2020-04-22 06:15:06

Recently Reported IPs

112.115.139.175	112.115.139.226	112.115.139.237	112.115.139.69
112.115.139.99	112.115.156.166	112.115.156.191	112.115.156.252
112.115.156.45	112.115.157.111	112.115.157.114	112.115.157.170
112.115.157.195	112.115.157.208	112.115.157.233	112.115.157.75
112.115.17.82	112.115.174.73	190.65.139.122	112.115.190.176