112.66.104.44 - IPInfo

Basic Info

City: Nada

Region: Hainan

Country: China

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
112.66.104.41	attack	The IP has triggered Cloudflare WAF. CF-Ray: 5410875db8eeeb29 \| WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: img.skk.moe \| User-Agent: Mozilla/4.054101423 Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 03:36:01

Type

Details

Datetime

112.66.104.41

attack

The IP has triggered Cloudflare WAF. CF-Ray: 5410875db8eeeb29 | WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 | WAF_Kind: firewall | CF_Action: drop | Country: CN | CF_IPClass: noRecord | Protocol: HTTP/1.1 | Method: GET | Host: img.skk.moe | User-Agent: Mozilla/4.054101423 Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) | CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-08 03:36:01

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 112.66.104.44
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8846
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;112.66.104.44.			IN	A

;; AUTHORITY SECTION:
.			257	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022040201 1800 900 604800 86400

;; Query time: 61 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Apr 03 08:55:04 CST 2022
;; MSG SIZE  rcvd: 106

Host info

Host 44.104.66.112.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 44.104.66.112.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
139.0.42.197	attackspambots	Registration form abuse	2019-10-08 03:34:49
193.31.24.113	attackbots	10/07/2019-21:54:05.298877 193.31.24.113 Protocol: 6 ET CHAT IRC PONG response	2019-10-08 03:56:40
145.239.87.109	attackbotsspam	vps1:pam-generic	2019-10-08 03:38:34
180.110.170.99	attack	Automatic report - Port Scan Attack	2019-10-08 03:50:12
94.125.61.225	attackbots	Oct 7 14:36:27 h2177944 kernel: \[3327891.061362\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=94.125.61.225 DST=85.214.117.9 LEN=40 TOS=0x08 PREC=0x20 TTL=58 ID=5840 DF PROTO=TCP SPT=49671 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 Oct 7 14:51:27 h2177944 kernel: \[3328791.497495\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=94.125.61.225 DST=85.214.117.9 LEN=40 TOS=0x08 PREC=0x20 TTL=61 ID=39032 DF PROTO=TCP SPT=64820 DPT=465 WINDOW=29200 RES=0x00 SYN URGP=0 Oct 7 15:10:32 h2177944 kernel: \[3329935.760445\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=94.125.61.225 DST=85.214.117.9 LEN=40 TOS=0x08 PREC=0x20 TTL=54 ID=50437 DF PROTO=TCP SPT=55299 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 Oct 7 15:11:26 h2177944 kernel: \[3329990.147351\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=94.125.61.225 DST=85.214.117.9 LEN=40 TOS=0x08 PREC=0x20 TTL=73 ID=59956 DF PROTO=TCP SPT=57170 DPT=465 WINDOW=29200 RES=0x00 SYN URGP=0 Oct 7 15:14:52 h2177944 kernel: \[3330196.068463\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=94.125.61.225 DST=85.214	2019-10-08 03:36:03
104.244.75.93	attackspambots	07.10.2019 19:05:37 Connection to port 8088 blocked by firewall	2019-10-08 03:10:45
222.186.175.217	attack	2019-10-07T19:27:36.268243hub.schaetter.us sshd\[5752\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.217 user=root 2019-10-07T19:27:38.204466hub.schaetter.us sshd\[5752\]: Failed password for root from 222.186.175.217 port 58582 ssh2 2019-10-07T19:27:42.207214hub.schaetter.us sshd\[5752\]: Failed password for root from 222.186.175.217 port 58582 ssh2 2019-10-07T19:27:46.423646hub.schaetter.us sshd\[5752\]: Failed password for root from 222.186.175.217 port 58582 ssh2 2019-10-07T19:27:50.188555hub.schaetter.us sshd\[5752\]: Failed password for root from 222.186.175.217 port 58582 ssh2 ...	2019-10-08 03:33:16
118.24.121.72	attackbotsspam	Oct 7 06:16:50 DNS-2 sshd[12209]: User r.r from 118.24.121.72 not allowed because not listed in AllowUsers Oct 7 06:16:50 DNS-2 sshd[12209]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.121.72 user=r.r Oct 7 06:16:52 DNS-2 sshd[12209]: Failed password for invalid user r.r from 118.24.121.72 port 35548 ssh2 Oct 7 06:16:52 DNS-2 sshd[12209]: Received disconnect from 118.24.121.72 port 35548:11: Bye Bye [preauth] Oct 7 06:16:52 DNS-2 sshd[12209]: Disconnected from 118.24.121.72 port 35548 [preauth] Oct 7 06:37:58 DNS-2 sshd[13717]: User r.r from 118.24.121.72 not allowed because not listed in AllowUsers Oct 7 06:37:58 DNS-2 sshd[13717]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.121.72 user=r.r Oct 7 06:38:00 DNS-2 sshd[13717]: Failed password for invalid user r.r from 118.24.121.72 port 46276 ssh2 Oct 7 06:38:01 DNS-2 sshd[13717]: Received disconnect from 118.2........ -------------------------------	2019-10-08 03:44:00
109.202.117.28	attackspambots	Oct 7 16:45:50 h2177944 kernel: \[3335652.798176\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=109.202.117.28 DST=85.214.117.9 LEN=40 TOS=0x08 PREC=0x20 TTL=56 ID=27530 DF PROTO=TCP SPT=55240 DPT=80 WINDOW=29200 RES=0x00 SYN URGP=0 Oct 7 16:51:05 h2177944 kernel: \[3335968.367191\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=109.202.117.28 DST=85.214.117.9 LEN=40 TOS=0x08 PREC=0x20 TTL=57 ID=60064 DF PROTO=TCP SPT=60203 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 Oct 7 16:52:43 h2177944 kernel: \[3336065.427156\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=109.202.117.28 DST=85.214.117.9 LEN=40 TOS=0x08 PREC=0x20 TTL=81 ID=54035 DF PROTO=TCP SPT=50512 DPT=443 WINDOW=29200 RES=0x00 SYN URGP=0 Oct 7 17:01:37 h2177944 kernel: \[3336599.668163\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=109.202.117.28 DST=85.214.117.9 LEN=40 TOS=0x08 PREC=0x20 TTL=81 ID=29143 DF PROTO=TCP SPT=53082 DPT=53 WINDOW=29200 RES=0x00 SYN URGP=0 Oct 7 17:11:25 h2177944 kernel: \[3337188.044508\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=109.202.117.28 DST=8	2019-10-08 03:35:28
203.95.223.15	attackbots	Automatic report - Port Scan Attack	2019-10-08 03:28:18
81.171.107.175	attackbotsspam	\[2019-10-07 15:29:02\] NOTICE\[1887\] chan_sip.c: Registration from '\' failed for '81.171.107.175:51231' - Wrong password \[2019-10-07 15:29:02\] SECURITY\[1898\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-10-07T15:29:02.257-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="5824",SessionID="0x7fc3ac76b1b8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.107.175/51231",Challenge="03e842d7",ReceivedChallenge="03e842d7",ReceivedHash="f9a0658a2730d57a3f9704b8cfe483ec" \[2019-10-07 15:34:03\] NOTICE\[1887\] chan_sip.c: Registration from '\' failed for '81.171.107.175:55637' - Wrong password \[2019-10-07 15:34:03\] SECURITY\[1898\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-10-07T15:34:03.295-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="6712",SessionID="0x7fc3ac5226d8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171	2019-10-08 03:37:21
111.230.246.149	attackbotsspam	Lines containing failures of 111.230.246.149 Oct 6 12:33:21 shared05 sshd[19983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.246.149 user=r.r Oct 6 12:33:24 shared05 sshd[19983]: Failed password for r.r from 111.230.246.149 port 44950 ssh2 Oct 6 12:33:24 shared05 sshd[19983]: Received disconnect from 111.230.246.149 port 44950:11: Bye Bye [preauth] Oct 6 12:33:24 shared05 sshd[19983]: Disconnected from authenticating user r.r 111.230.246.149 port 44950 [preauth] Oct 6 12:52:31 shared05 sshd[26352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.230.246.149 user=r.r Oct 6 12:52:32 shared05 sshd[26352]: Failed password for r.r from 111.230.246.149 port 53494 ssh2 Oct 6 12:52:33 shared05 sshd[26352]: Received disconnect from 111.230.246.149 port 53494:11: Bye Bye [preauth] Oct 6 12:52:33 shared05 sshd[26352]: Disconnected from authenticating user r.r 111.230.246.149 p........ ------------------------------	2019-10-08 03:15:58
165.22.144.206	attackbotsspam	Oct 7 14:01:02 legacy sshd[23467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.144.206 Oct 7 14:01:04 legacy sshd[23467]: Failed password for invalid user qwer@12 from 165.22.144.206 port 46816 ssh2 Oct 7 14:04:31 legacy sshd[23577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.144.206 ...	2019-10-08 03:37:04
222.186.173.119	attack	Oct 8 02:09:03 lcl-usvr-02 sshd[7587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.173.119 user=root Oct 8 02:09:06 lcl-usvr-02 sshd[7587]: Failed password for root from 222.186.173.119 port 17669 ssh2 ...	2019-10-08 03:13:26
218.8.75.88	attack	Oct712:49:25server4pure-ftpd:\(\?@222.44.41.131\)[WARNING]Authenticationfailedforuser[www]Oct713:36:24server4pure-ftpd:\(\?@218.8.75.88\)[WARNING]Authenticationfailedforuser[www]Oct713:16:36server4pure-ftpd:\(\?@121.141.88.195\)[WARNING]Authenticationfailedforuser[www]Oct712:49:32server4pure-ftpd:\(\?@222.44.41.131\)[WARNING]Authenticationfailedforuser[www]Oct713:35:41server4pure-ftpd:\(\?@218.8.75.88\)[WARNING]Authenticationfailedforuser[www]Oct713:16:54server4pure-ftpd:\(\?@121.141.88.195\)[WARNING]Authenticationfailedforuser[www]Oct713:35:02server4pure-ftpd:\(\?@218.8.75.88\)[WARNING]Authenticationfailedforuser[www]Oct713:17:04server4pure-ftpd:\(\?@121.141.88.195\)[WARNING]Authenticationfailedforuser[www]Oct713:34:44server4pure-ftpd:\(\?@218.8.75.88\)[WARNING]Authenticationfailedforuser[www]Oct713:34:32server4pure-ftpd:\(\?@218.8.75.88\)[WARNING]Authenticationfailedforuser[www]IPAddressesBlocked:222.44.41.131\(CN/China/-\)	2019-10-08 03:23:25

Recently Reported IPs

112.66.104.222	112.66.106.15	112.66.107.178	112.66.107.56
112.66.107.58	112.66.108.175	112.66.108.42	112.66.111.92
112.66.179.39	112.66.179.73	112.66.179.85	112.66.180.77
112.66.182.226	112.66.183.12	112.66.183.238	112.66.186.158
112.66.189.93	112.66.190.101	112.66.190.130	112.66.191.195