113.128.104.166

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Shandong Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	The IP has triggered Cloudflare WAF. CF-Ray: 541114a29a74e7f9 \| WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: ip.skk.moe \| User-Agent: Mozilla/4.074482891 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 05:44:45

Type

Details

Datetime

attack

The IP has triggered Cloudflare WAF. CF-Ray: 541114a29a74e7f9 | WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 | WAF_Kind: firewall | CF_Action: drop | Country: CN | CF_IPClass: noRecord | Protocol: HTTP/1.1 | Method: GET | Host: ip.skk.moe | User-Agent: Mozilla/4.074482891 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0 | CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-08 05:44:45

Comments on same subnet:

IP	Type	Details	Datetime
113.128.104.51	attack	Unauthorized connection attempt detected from IP address 113.128.104.51 to port 8118	2020-06-22 06:15:00
113.128.104.216	attackspam	Unauthorized connection attempt detected from IP address 113.128.104.216 to port 123	2020-06-13 07:52:15
113.128.104.123	attack	Fail2Ban Ban Triggered	2020-04-24 13:01:10
113.128.104.207	attack	113.128.104.207 - - \[27/Feb/2020:16:27:04 +0200\] "CONNECT www.ipip.net:443 HTTP/1.1" 403 202 "-" "PycURL/7.43.0 libcurl/7.47.0 GnuTLS/3.4.10 zlib/1.2.8 libidn/1.32 librtmp/2.3"	2020-02-27 23:33:39
113.128.104.219	attack	Fail2Ban Ban Triggered	2020-02-22 04:16:32
113.128.104.46	attack	Unauthorized connection attempt detected from IP address 113.128.104.46 to port 80	2020-02-16 02:11:34
113.128.104.238	attackspambots	The IP has triggered Cloudflare WAF. CF-Ray: 563f3129cef198e7 \| WAF_Rule_ID: a75424b44a1e4f27881d03344a122815 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: disqus.skk.moe \| User-Agent: Mozilla/5.062334851 Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2020-02-13 01:46:19
113.128.104.89	attack	Unauthorized connection attempt detected from IP address 113.128.104.89 to port 9999 [T]	2020-01-29 10:05:35
113.128.104.234	attackspam	Unauthorized connection attempt detected from IP address 113.128.104.234 to port 8123 [J]	2020-01-29 08:18:18
113.128.104.131	attackspambots	Unauthorized connection attempt detected from IP address 113.128.104.131 to port 1080 [J]	2020-01-29 02:17:51
113.128.104.158	attackspambots	Unauthorized connection attempt detected from IP address 113.128.104.158 to port 6666 [T]	2020-01-27 16:06:48
113.128.104.22	attackspambots	Unauthorized connection attempt detected from IP address 113.128.104.22 to port 8081 [J]	2020-01-27 00:48:55
113.128.104.228	attackspam	Unauthorized connection attempt detected from IP address 113.128.104.228 to port 8888 [J]	2020-01-22 08:57:44
113.128.104.3	attackbots	Unauthorized connection attempt detected from IP address 113.128.104.3 to port 999 [T]	2020-01-20 18:23:28
113.128.104.121	attackspambots	Unauthorized connection attempt detected from IP address 113.128.104.121 to port 9000 [T]	2020-01-19 16:33:02

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 113.128.104.166
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2364
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;113.128.104.166.		IN	A

;; AUTHORITY SECTION:
.			320	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019120701 1800 900 604800 86400

;; Query time: 93 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Dec 08 05:44:40 CST 2019
;; MSG SIZE  rcvd: 119

Host info

Host 166.104.128.113.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 166.104.128.113.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
109.226.213.125	attackbotsspam	email spam	2019-12-11 22:18:48
153.99.80.114	attack	Honeypot attack, port: 23, PTR: PTR record not found	2019-12-11 21:46:16
211.195.117.212	attackspam	Invalid user admin from 211.195.117.212 port 26818	2019-12-11 22:18:24
172.245.208.190	attackspambots	Unauthorized access detected from banned ip	2019-12-11 21:56:53
159.65.30.66	attack	Dec 11 13:34:26 MK-Soft-VM7 sshd[25170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.30.66 Dec 11 13:34:28 MK-Soft-VM7 sshd[25170]: Failed password for invalid user guest from 159.65.30.66 port 34166 ssh2 ...	2019-12-11 21:34:12
45.141.84.41	attack	RDP Bruteforce	2019-12-11 21:44:11
143.0.52.117	attack	Dec 11 14:42:07 mail sshd[10829]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117 Dec 11 14:42:09 mail sshd[10829]: Failed password for invalid user pass from 143.0.52.117 port 52365 ssh2 Dec 11 14:48:49 mail sshd[12244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=143.0.52.117	2019-12-11 21:57:17
157.230.247.239	attack	Dec 11 14:56:50 lnxded64 sshd[3315]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.247.239 Dec 11 14:56:52 lnxded64 sshd[3315]: Failed password for invalid user rsync from 157.230.247.239 port 48118 ssh2 Dec 11 15:03:21 lnxded64 sshd[5486]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.247.239	2019-12-11 22:06:56
185.176.27.2	attack	Dec 11 16:33:43 debian-2gb-vpn-nbg1-1 kernel: [449605.467697] [UFW BLOCK] IN=eth0 OUT= MAC=96:00:00:38:96:44:d2:74:7f:6e:37:e3:08:00 SRC=185.176.27.2 DST=78.46.192.101 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=19063 PROTO=TCP SPT=42533 DPT=3051 WINDOW=1024 RES=0x00 SYN URGP=0	2019-12-11 22:17:01
206.81.24.126	attack	Invalid user burd from 206.81.24.126 port 40202	2019-12-11 21:59:00
36.73.125.58	attackbots	Honeypot attack, port: 445, PTR: PTR record not found	2019-12-11 21:43:07
185.143.223.129	attackbotsspam	2019-12-11T15:04:44.490966+01:00 lumpi kernel: [1363028.479405] INPUT:DROP:SPAMHAUS_EDROP:IN=eth0 OUT= MAC=52:54:a2:01:a5:04:d2:74:7f:6e:37:e3:08:00 SRC=185.143.223.129 DST=78.46.199.189 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=63988 PROTO=TCP SPT=59271 DPT=11534 WINDOW=1024 RES=0x00 SYN URGP=0 ...	2019-12-11 22:08:10
172.81.250.106	attack	Invalid user backup from 172.81.250.106 port 51902	2019-12-11 22:20:07
2.152.111.49	attack	Invalid user andre from 2.152.111.49 port 51880	2019-12-11 22:01:44
60.250.206.209	attackbots	Dec 11 03:57:29 php1 sshd\[20565\]: Invalid user haldaemon from 60.250.206.209 Dec 11 03:57:29 php1 sshd\[20565\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=60-250-206-209.hinet-ip.hinet.net Dec 11 03:57:30 php1 sshd\[20565\]: Failed password for invalid user haldaemon from 60.250.206.209 port 33764 ssh2 Dec 11 04:04:10 php1 sshd\[21389\]: Invalid user gerecke from 60.250.206.209 Dec 11 04:04:10 php1 sshd\[21389\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=60-250-206-209.hinet-ip.hinet.net	2019-12-11 22:07:36

Recently Reported IPs

2408:8648:1300:40:574b:ed0b:50a8:8bf1	2408:8648:1300:40:4ed2:ea8a:3666:9349	35.221.159.46	34.92.215.128
27.224.137.157	27.224.137.0	27.224.136.156	27.224.136.65
27.211.58.185	27.184.93.210	1.202.114.139	1.202.112.234
222.79.48.132	220.181.108.75	211.97.23.65	208.70.31.93
175.184.165.212	171.34.178.14	124.88.113.247	123.160.173.136