112.225.139.232

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: China Unicom Shandong Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Automatic report - Port Scan Attack	2020-10-01 05:43:52
attack	Automatic report - Port Scan Attack	2020-09-30 22:02:12
attackspam	Automatic report - Port Scan Attack	2020-09-30 14:34:30

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 112.225.139.232
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51521
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;112.225.139.232.		IN	A

;; AUTHORITY SECTION:
.			565	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020092901 1800 900 604800 86400

;; Query time: 104 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Sep 30 14:34:25 CST 2020
;; MSG SIZE  rcvd: 119

Host info

Host 232.139.225.112.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 232.139.225.112.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
188.16.0.118	attack	Jan 11 21:37:15 ahost sshd[28652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.16.0.118 user=r.r Jan 11 21:37:17 ahost sshd[28652]: Failed password for r.r from 188.16.0.118 port 56293 ssh2 Jan 11 21:37:19 ahost sshd[28652]: Failed password for r.r from 188.16.0.118 port 56293 ssh2 Jan 11 21:37:20 ahost sshd[28652]: Failed password for r.r from 188.16.0.118 port 56293 ssh2 Jan 11 21:37:23 ahost sshd[28652]: Failed password for r.r from 188.16.0.118 port 56293 ssh2 Jan 11 21:37:24 ahost sshd[28652]: Failed password for r.r from 188.16.0.118 port 56293 ssh2 Jan 11 21:37:27 ahost sshd[28652]: Failed password for r.r from 188.16.0.118 port 56293 ssh2 Jan 11 21:37:27 ahost sshd[28652]: error: maximum authentication attempts exceeded for r.r from 188.16.0.118 port 56293 ssh2 [preauth] Jan 11 21:37:27 ahost sshd[28652]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.16.0.118 user=r.r Jan 11 21........ ------------------------------	2020-01-12 08:46:35
78.186.42.244	attackbots	" "	2020-01-12 08:45:17
77.110.63.57	attackbots	Unauthorized connection attempt detected from IP address 77.110.63.57 to port 23	2020-01-12 08:55:12
140.143.206.106	attackbotsspam	$f2bV_matches	2020-01-12 09:00:32
180.250.69.213	attack	Jan 12 01:52:58 sso sshd[29769]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.250.69.213 Jan 12 01:53:00 sso sshd[29769]: Failed password for invalid user yoko from 180.250.69.213 port 51198 ssh2 ...	2020-01-12 08:59:42
138.99.216.171	attackbots	Attempts against SMTP/SSMTP	2020-01-12 13:01:10
49.88.112.63	attackspam	Jan 12 01:52:12 markkoudstaal sshd[31228]: Failed password for root from 49.88.112.63 port 31423 ssh2 Jan 12 01:52:15 markkoudstaal sshd[31228]: Failed password for root from 49.88.112.63 port 31423 ssh2 Jan 12 01:52:18 markkoudstaal sshd[31228]: Failed password for root from 49.88.112.63 port 31423 ssh2 Jan 12 01:52:21 markkoudstaal sshd[31228]: Failed password for root from 49.88.112.63 port 31423 ssh2	2020-01-12 08:56:57
198.23.137.17	attack	Unauthorized connection attempt detected from IP address 198.23.137.17 to port 3389 [T]	2020-01-12 08:52:27
27.73.226.159	attack	Jan 11 21:48:16 mxgate1 postfix/postscreen[7136]: CONNECT from [27.73.226.159]:38874 to [176.31.12.44]:25 Jan 11 21:48:16 mxgate1 postfix/dnsblog[7138]: addr 27.73.226.159 listed by domain cbl.abuseat.org as 127.0.0.2 Jan 11 21:48:16 mxgate1 postfix/dnsblog[7158]: addr 27.73.226.159 listed by domain zen.spamhaus.org as 127.0.0.3 Jan 11 21:48:16 mxgate1 postfix/dnsblog[7158]: addr 27.73.226.159 listed by domain zen.spamhaus.org as 127.0.0.11 Jan 11 21:48:16 mxgate1 postfix/dnsblog[7158]: addr 27.73.226.159 listed by domain zen.spamhaus.org as 127.0.0.4 Jan 11 21:48:16 mxgate1 postfix/dnsblog[7139]: addr 27.73.226.159 listed by domain bl.spamcop.net as 127.0.0.2 Jan 11 21:48:17 mxgate1 postfix/dnsblog[7137]: addr 27.73.226.159 listed by domain b.barracudacentral.org as 127.0.0.2 Jan 11 21:48:22 mxgate1 postfix/postscreen[7136]: DNSBL rank 5 for [27.73.226.159]:38874 Jan 11 21:48:22 mxgate1 postfix/tlsproxy[7193]: CONNECT from [27.73.226.159]:38874 Jan x@x Jan 11 21:48:25 ........ -------------------------------	2020-01-12 08:52:13
152.136.101.65	attackspambots	Jan 12 00:43:28 ns37 sshd[26062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.101.65	2020-01-12 08:44:54
14.186.136.220	attackbotsspam	Jan 11 21:57:50 pl3server sshd[14397]: Address 14.186.136.220 maps to static.vnpt.vn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Jan 11 21:57:50 pl3server sshd[14397]: Invalid user admin from 14.186.136.220 Jan 11 21:57:50 pl3server sshd[14397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.186.136.220 Jan 11 21:57:52 pl3server sshd[14397]: Failed password for invalid user admin from 14.186.136.220 port 42379 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=14.186.136.220	2020-01-12 09:01:27
42.117.20.104	attackbotsspam	Jan 11 22:03:46 h2177944 kernel: \[1975101.936700\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=42.117.20.104 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=36321 PROTO=TCP SPT=25136 DPT=23 WINDOW=28704 RES=0x00 SYN URGP=0 Jan 11 22:03:46 h2177944 kernel: \[1975101.936713\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=42.117.20.104 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=36321 PROTO=TCP SPT=25136 DPT=23 WINDOW=28704 RES=0x00 SYN URGP=0 Jan 11 22:03:47 h2177944 kernel: \[1975102.835370\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=42.117.20.104 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=36321 PROTO=TCP SPT=25136 DPT=23 WINDOW=28704 RES=0x00 SYN URGP=0 Jan 11 22:03:47 h2177944 kernel: \[1975102.835384\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=42.117.20.104 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=53 ID=36321 PROTO=TCP SPT=25136 DPT=23 WINDOW=28704 RES=0x00 SYN URGP=0 Jan 11 22:03:47 h2177944 kernel: \[1975102.840241\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=42.117.20.104 DST=85.214.117.9 LEN=40	2020-01-12 08:35:33
66.249.64.110	attackbotsspam	A bad request	2020-01-12 08:40:34
191.185.84.213	attack	Invalid user bgh from 191.185.84.213 port 48581	2020-01-12 08:35:01
114.239.107.46	attackspambots	ET WEB_SPECIFIC_APPS ECSHOP user.php SQL INJECTION via Referer	2020-01-12 08:52:56

Recently Reported IPs

122.233.227.225	78.56.181.30	2a0c:3b80:5b00:162::12c7	67.33.39.213
60.215.165.254	106.12.117.75	42.194.193.50	157.245.81.56
178.62.100.17	218.255.245.10	43.198.119.227	165.157.184.64
105.48.11.53	104.248.161.73	181.69.209.224	243.39.117.187
220.5.237.27	200.66.249.129	211.203.156.232	199.82.2.95