113.128.104.155

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Shandong Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	The IP has triggered Cloudflare WAF. CF-Ray: 5415208d8e5be4f2 \| WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: disqus.skk.moe \| User-Agent: Mozilla/4.049897920 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 01:08:24

Type

Details

Datetime

attackbotsspam

The IP has triggered Cloudflare WAF. CF-Ray: 5415208d8e5be4f2 | WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 | WAF_Kind: firewall | CF_Action: drop | Country: CN | CF_IPClass: noRecord | Protocol: HTTP/1.1 | Method: GET | Host: disqus.skk.moe | User-Agent: Mozilla/4.049897920 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) | CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-08 01:08:24

Comments on same subnet:

IP	Type	Details	Datetime
113.128.104.51	attack	Unauthorized connection attempt detected from IP address 113.128.104.51 to port 8118	2020-06-22 06:15:00
113.128.104.216	attackspam	Unauthorized connection attempt detected from IP address 113.128.104.216 to port 123	2020-06-13 07:52:15
113.128.104.123	attack	Fail2Ban Ban Triggered	2020-04-24 13:01:10
113.128.104.207	attack	113.128.104.207 - - \[27/Feb/2020:16:27:04 +0200\] "CONNECT www.ipip.net:443 HTTP/1.1" 403 202 "-" "PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3"	2020-02-27 23:33:39
113.128.104.219	attack	Fail2Ban Ban Triggered	2020-02-22 04:16:32
113.128.104.46	attack	Unauthorized connection attempt detected from IP address 113.128.104.46 to port 80	2020-02-16 02:11:34
113.128.104.238	attackspambots	The IP has triggered Cloudflare WAF. CF-Ray: 563f3129cef198e7 \| WAF_Rule_ID: a75424b44a1e4f27881d03344a122815 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: disqus.skk.moe \| User-Agent: Mozilla/5.062334851 Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2020-02-13 01:46:19
113.128.104.89	attack	Unauthorized connection attempt detected from IP address 113.128.104.89 to port 9999 [T]	2020-01-29 10:05:35
113.128.104.234	attackspam	Unauthorized connection attempt detected from IP address 113.128.104.234 to port 8123 [J]	2020-01-29 08:18:18
113.128.104.131	attackspambots	Unauthorized connection attempt detected from IP address 113.128.104.131 to port 1080 [J]	2020-01-29 02:17:51
113.128.104.158	attackspambots	Unauthorized connection attempt detected from IP address 113.128.104.158 to port 6666 [T]	2020-01-27 16:06:48
113.128.104.22	attackspambots	Unauthorized connection attempt detected from IP address 113.128.104.22 to port 8081 [J]	2020-01-27 00:48:55
113.128.104.228	attackspam	Unauthorized connection attempt detected from IP address 113.128.104.228 to port 8888 [J]	2020-01-22 08:57:44
113.128.104.3	attackbots	Unauthorized connection attempt detected from IP address 113.128.104.3 to port 999 [T]	2020-01-20 18:23:28
113.128.104.121	attackspambots	Unauthorized connection attempt detected from IP address 113.128.104.121 to port 9000 [T]	2020-01-19 16:33:02

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 113.128.104.155
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53775
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;113.128.104.155.		IN	A

;; AUTHORITY SECTION:
.			332	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019120700 1800 900 604800 86400

;; Query time: 129 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Dec 08 01:08:16 CST 2019
;; MSG SIZE  rcvd: 119

Host info

Host 155.104.128.113.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 155.104.128.113.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
100.0.197.18	attack	Aug 2 14:03:18 theomazars sshd[6974]: Invalid user sysadmin from 100.0.197.18 port 49016	2020-08-03 04:09:00
152.32.253.118	attackbots	Aug 1 15:32:54 svapp01 sshd[20265]: User r.r from 152.32.253.118 not allowed because not listed in AllowUsers Aug 1 15:32:54 svapp01 sshd[20265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.253.118 user=r.r Aug 1 15:32:56 svapp01 sshd[20265]: Failed password for invalid user r.r from 152.32.253.118 port 40236 ssh2 Aug 1 15:32:56 svapp01 sshd[20265]: Received disconnect from 152.32.253.118: 11: Bye Bye [preauth] Aug 1 15:37:51 svapp01 sshd[21619]: User r.r from 152.32.253.118 not allowed because not listed in AllowUsers Aug 1 15:37:51 svapp01 sshd[21619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.253.118 user=r.r Aug 1 15:37:53 svapp01 sshd[21619]: Failed password for invalid user r.r from 152.32.253.118 port 49684 ssh2 Aug 1 15:37:54 svapp01 sshd[21619]: Received disconnect from 152.32.253.118: 11: Bye Bye [preauth] Aug 1 15:40:16 svapp01 sshd[22737]: User ........ -------------------------------	2020-08-03 04:23:00
170.106.9.125	attackbotsspam	Aug 3 00:25:34 gw1 sshd[18761]: Failed password for root from 170.106.9.125 port 34366 ssh2 ...	2020-08-03 04:26:52
112.85.42.178	attack	Aug 2 22:43:34 santamaria sshd\[30129\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root Aug 2 22:43:35 santamaria sshd\[30129\]: Failed password for root from 112.85.42.178 port 19677 ssh2 Aug 2 22:43:52 santamaria sshd\[30133\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.178 user=root ...	2020-08-03 04:44:09
221.229.196.55	attackbots	Aug 2 22:00:03 server sshd[10815]: Failed password for root from 221.229.196.55 port 34136 ssh2 Aug 2 22:22:27 server sshd[13135]: Failed password for root from 221.229.196.55 port 44250 ssh2 Aug 2 22:25:30 server sshd[20585]: Failed password for root from 221.229.196.55 port 60842 ssh2	2020-08-03 04:40:53
184.105.247.250	attackbots	Port scan denied	2020-08-03 04:22:40
51.89.149.241	attack	Aug 2 13:03:18 gospond sshd[8831]: Failed password for root from 51.89.149.241 port 57004 ssh2 Aug 2 13:03:16 gospond sshd[8831]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.89.149.241 user=root Aug 2 13:03:18 gospond sshd[8831]: Failed password for root from 51.89.149.241 port 57004 ssh2 ...	2020-08-03 04:10:25
223.112.190.70	attack	"GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" 404 "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 404 "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404	2020-08-03 04:37:03
212.64.66.28	attackbots	Trolling for resource vulnerabilities	2020-08-03 04:10:49
192.95.30.137	attack	The IP has triggered Cloudflare WAF. CF-Ray: 5bc887ae2a1fca6f \| WAF_Rule_ID: 2e3ead4eb71148f0b1a3556e8da29348 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CA \| CF_IPClass: unknown \| Protocol: HTTP/1.1 \| Method: GET \| Host: cdn.wevg.org \| User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 \| CF_DC: YUL. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2020-08-03 04:18:58
123.207.215.110	attackspam	Probing for vulnerable services	2020-08-03 04:15:11
185.226.145.156	attack	Registration form abuse	2020-08-03 04:19:24
159.89.172.219	attack	windhundgang.de 159.89.172.219 [02/Aug/2020:22:25:39 +0200] "POST /wp-login.php HTTP/1.1" 200 8455 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" windhundgang.de 159.89.172.219 [02/Aug/2020:22:25:41 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4186 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-03 04:29:40
112.64.33.38	attackspambots	Aug 2 22:02:10 serwer sshd\[20593\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.64.33.38 user=root Aug 2 22:02:11 serwer sshd\[20593\]: Failed password for root from 112.64.33.38 port 56195 ssh2 Aug 2 22:10:04 serwer sshd\[21594\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.64.33.38 user=root ...	2020-08-03 04:13:32
217.136.88.211	attack	$f2bV_matches	2020-08-03 04:33:27

Recently Reported IPs

60.13.7.44	212.58.245.5	250.251.88.24	58.50.120.11
179.84.70.40	49.7.3.245	240e:58:2:200:100::c2	2408:8648:1300:40:787c:7954:546f:f43f
2408:8648:1300:40:4569:c195:5535:ab79	2400:dd0d:2000:0:29da:5f0d:fcc:1d49	56.12.133.14	34.82.3.66
27.224.137.98	3.112.171.116	223.166.75.60	223.166.74.143
222.94.163.135	221.213.75.207	221.13.12.188	220.250.62.202