116.239.104.2 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Shanghai Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	SSH invalid-user multiple login try	2019-08-31 04:24:35

Comments on same subnet:

IP	Type	Details	Datetime
116.239.104.216	attackbotsspam	2019-12-19 22:55:58 H=(ylmf-pc) [116.239.104.216]:59371 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc 2019-12-19 22:56:03 H=(ylmf-pc) [116.239.104.216]:57782 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc 2019-12-19 22:56:06 H=(ylmf-pc) [116.239.104.216]:56262 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc ...	2019-12-20 13:46:13
116.239.104.143	attack	Nov 29 09:45:36 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143] Nov 29 09:45:37 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.104.143] Nov 29 09:45:37 eola postfix/smtpd[17528]: disconnect from unknown[116.239.104.143] ehlo=1 auth=0/1 commands=1/2 Nov 29 09:45:37 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143] Nov 29 09:45:38 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.104.143] Nov 29 09:45:38 eola postfix/smtpd[17528]: disconnect from unknown[116.239.104.143] ehlo=1 auth=0/1 commands=1/2 Nov 29 09:45:41 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143] Nov 29 09:45:43 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.104.143] Nov 29 09:45:43 eola postfix/smtpd[17528]: disconnect from unknown[116.239.104.143] ehlo=1 auth=0/1 commands=1/2 Nov 29 09:45:43 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143] Nov 29 09:46:41 eola ........ -------------------------------	2019-11-30 01:31:14

Type

Details

Datetime

116.239.104.216

attackbotsspam

2019-12-19 22:55:58 H=(ylmf-pc) [116.239.104.216]:59371 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc
2019-12-19 22:56:03 H=(ylmf-pc) [116.239.104.216]:57782 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc
2019-12-19 22:56:06 H=(ylmf-pc) [116.239.104.216]:56262 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc
...

2019-12-20 13:46:13

116.239.104.143

attack

Nov 29 09:45:36 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143]
Nov 29 09:45:37 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.104.143]
Nov 29 09:45:37 eola postfix/smtpd[17528]: disconnect from unknown[116.239.104.143] ehlo=1 auth=0/1 commands=1/2
Nov 29 09:45:37 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143]
Nov 29 09:45:38 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.104.143]
Nov 29 09:45:38 eola postfix/smtpd[17528]: disconnect from unknown[116.239.104.143] ehlo=1 auth=0/1 commands=1/2
Nov 29 09:45:41 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143]
Nov 29 09:45:43 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.104.143]
Nov 29 09:45:43 eola postfix/smtpd[17528]: disconnect from unknown[116.239.104.143] ehlo=1 auth=0/1 commands=1/2
Nov 29 09:45:43 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143]
Nov 29 09:46:41 eola ........
-------------------------------

2019-11-30 01:31:14

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 116.239.104.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26992
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;116.239.104.2.			IN	A

;; AUTHORITY SECTION:
.			1976	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019083001 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Aug 31 04:24:29 CST 2019
;; MSG SIZE  rcvd: 117

Host info

Host 2.104.239.116.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 2.104.239.116.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
200.89.154.99	attackbots	Invalid user wangq from 200.89.154.99 port 47540	2020-05-23 12:05:15
139.198.191.86	attack	Invalid user postgre from 139.198.191.86 port 35559	2020-05-23 12:15:02
49.247.134.133	attackbots	Invalid user mlg from 49.247.134.133 port 47566	2020-05-23 12:30:40
200.88.175.0	attack	Invalid user ubnt from 200.88.175.0 port 62844	2020-05-23 12:42:48
37.187.106.104	attackbots	Invalid user gsu from 37.187.106.104 port 48222	2020-05-23 12:32:52
182.61.175.219	attackbots	Invalid user qsu from 182.61.175.219 port 58036	2020-05-23 12:09:44
122.152.215.115	attackspam	20 attempts against mh-ssh on cloud	2020-05-23 12:18:56
207.154.193.178	attackspambots	Invalid user dtg from 207.154.193.178 port 47862	2020-05-23 12:03:54
198.199.83.174	attack	$f2bV_matches	2020-05-23 12:43:04
165.22.121.41	attack	May 23 09:02:19 gw1 sshd[17400]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.121.41 May 23 09:02:21 gw1 sshd[17400]: Failed password for invalid user add from 165.22.121.41 port 49172 ssh2 ...	2020-05-23 12:13:52
101.108.184.226	attackbots	Invalid user admin from 101.108.184.226 port 59511	2020-05-23 12:26:40
185.153.197.103	attackspam	firewall-block, port(s): 3390/tcp	2020-05-23 12:08:34
106.12.176.188	attack	Invalid user awr from 106.12.176.188 port 43634	2020-05-23 12:24:18
180.166.117.254	attack	Invalid user row from 180.166.117.254 port 62956	2020-05-23 12:10:59
40.113.153.70	attack	Invalid user zex from 40.113.153.70 port 54966	2020-05-23 12:32:29

Recently Reported IPs

77.68.11.31	212.107.127.126	222.89.100.46	183.150.237.241
52.174.37.10	212.147.183.30	138.94.189.168	78.252.87.91
172.135.242.170	163.225.136.208	205.247.126.213	231.59.143.213
250.213.161.14	217.245.189.207	250.145.5.62	50.129.38.1
60.8.145.50	20.247.226.65	58.33.32.181	5.72.116.248