116.239.104.2 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Shanghai Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	SSH invalid-user multiple login try	2019-08-31 04:24:35

Comments on same subnet:

IP	Type	Details	Datetime
116.239.104.216	attackbotsspam	2019-12-19 22:55:58 H=(ylmf-pc) [116.239.104.216]:59371 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc 2019-12-19 22:56:03 H=(ylmf-pc) [116.239.104.216]:57782 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc 2019-12-19 22:56:06 H=(ylmf-pc) [116.239.104.216]:56262 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc ...	2019-12-20 13:46:13
116.239.104.143	attack	Nov 29 09:45:36 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143] Nov 29 09:45:37 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.104.143] Nov 29 09:45:37 eola postfix/smtpd[17528]: disconnect from unknown[116.239.104.143] ehlo=1 auth=0/1 commands=1/2 Nov 29 09:45:37 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143] Nov 29 09:45:38 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.104.143] Nov 29 09:45:38 eola postfix/smtpd[17528]: disconnect from unknown[116.239.104.143] ehlo=1 auth=0/1 commands=1/2 Nov 29 09:45:41 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143] Nov 29 09:45:43 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.104.143] Nov 29 09:45:43 eola postfix/smtpd[17528]: disconnect from unknown[116.239.104.143] ehlo=1 auth=0/1 commands=1/2 Nov 29 09:45:43 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143] Nov 29 09:46:41 eola ........ -------------------------------	2019-11-30 01:31:14

Type

Details

Datetime

116.239.104.216

attackbotsspam

2019-12-19 22:55:58 H=(ylmf-pc) [116.239.104.216]:59371 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc
2019-12-19 22:56:03 H=(ylmf-pc) [116.239.104.216]:57782 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc
2019-12-19 22:56:06 H=(ylmf-pc) [116.239.104.216]:56262 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc
...

2019-12-20 13:46:13

116.239.104.143

attack

Nov 29 09:45:36 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143]
Nov 29 09:45:37 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.104.143]
Nov 29 09:45:37 eola postfix/smtpd[17528]: disconnect from unknown[116.239.104.143] ehlo=1 auth=0/1 commands=1/2
Nov 29 09:45:37 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143]
Nov 29 09:45:38 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.104.143]
Nov 29 09:45:38 eola postfix/smtpd[17528]: disconnect from unknown[116.239.104.143] ehlo=1 auth=0/1 commands=1/2
Nov 29 09:45:41 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143]
Nov 29 09:45:43 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.104.143]
Nov 29 09:45:43 eola postfix/smtpd[17528]: disconnect from unknown[116.239.104.143] ehlo=1 auth=0/1 commands=1/2
Nov 29 09:45:43 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143]
Nov 29 09:46:41 eola ........
-------------------------------

2019-11-30 01:31:14

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 116.239.104.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26992
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;116.239.104.2.			IN	A

;; AUTHORITY SECTION:
.			1976	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019083001 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Aug 31 04:24:29 CST 2019
;; MSG SIZE  rcvd: 117

Host info

Host 2.104.239.116.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 2.104.239.116.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
54.37.129.235	attackbots	Oct 5 17:43:05 php1 sshd\[27751\]: Invalid user Admin333 from 54.37.129.235 Oct 5 17:43:05 php1 sshd\[27751\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.129.235 Oct 5 17:43:07 php1 sshd\[27751\]: Failed password for invalid user Admin333 from 54.37.129.235 port 43914 ssh2 Oct 5 17:46:47 php1 sshd\[28031\]: Invalid user za1xs2cd3 from 54.37.129.235 Oct 5 17:46:47 php1 sshd\[28031\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.129.235	2019-10-06 17:41:07
192.227.252.16	attack	Oct 6 08:08:43 mail sshd[7775]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.252.16 user=root Oct 6 08:08:45 mail sshd[7775]: Failed password for root from 192.227.252.16 port 37216 ssh2 Oct 6 08:24:24 mail sshd[9837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.252.16 user=root Oct 6 08:24:26 mail sshd[9837]: Failed password for root from 192.227.252.16 port 53374 ssh2 Oct 6 08:28:47 mail sshd[10345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.227.252.16 user=root Oct 6 08:28:49 mail sshd[10345]: Failed password for root from 192.227.252.16 port 35786 ssh2 ...	2019-10-06 17:44:02
164.132.145.70	attackbots	SSH/22 MH Probe, BF, Hack -	2019-10-06 17:37:17
193.112.127.155	attackspambots	Oct 5 20:43:23 sachi sshd\[29564\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.127.155 user=root Oct 5 20:43:25 sachi sshd\[29564\]: Failed password for root from 193.112.127.155 port 42388 ssh2 Oct 5 20:48:22 sachi sshd\[30011\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.127.155 user=root Oct 5 20:48:23 sachi sshd\[30011\]: Failed password for root from 193.112.127.155 port 49174 ssh2 Oct 5 20:53:18 sachi sshd\[30458\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.127.155 user=root	2019-10-06 17:22:58
103.210.73.80	attackbots	Unauthorised access (Oct 6) SRC=103.210.73.80 LEN=40 TTL=243 ID=55882 TCP DPT=139 WINDOW=1024 SYN	2019-10-06 17:19:54
203.195.181.236	attack	19/10/5@23:47:16: FAIL: Alarm-Intrusion address from=203.195.181.236 ...	2019-10-06 17:24:56
109.207.56.70	attackspam	port scan and connect, tcp 8080 (http-proxy)	2019-10-06 17:15:46
139.59.13.51	attack	Oct 6 06:15:08 vps sshd[16836]: Failed password for root from 139.59.13.51 port 23866 ssh2 Oct 6 06:26:49 vps sshd[17439]: Failed password for root from 139.59.13.51 port 54460 ssh2 ...	2019-10-06 17:24:24
72.43.141.7	attackspambots	Sep 16 14:01:24 vtv3 sshd\[23536\]: Invalid user user from 72.43.141.7 port 16203 Sep 16 14:01:24 vtv3 sshd\[23536\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.43.141.7 Sep 16 14:01:26 vtv3 sshd\[23536\]: Failed password for invalid user user from 72.43.141.7 port 16203 ssh2 Sep 16 14:07:14 vtv3 sshd\[26257\]: Invalid user admin from 72.43.141.7 port 5681 Sep 16 14:07:14 vtv3 sshd\[26257\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.43.141.7 Sep 16 14:18:16 vtv3 sshd\[32001\]: Invalid user mdmc from 72.43.141.7 port 29801 Sep 16 14:18:16 vtv3 sshd\[32001\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=72.43.141.7 Sep 16 14:18:18 vtv3 sshd\[32001\]: Failed password for invalid user mdmc from 72.43.141.7 port 29801 ssh2 Sep 16 14:23:45 vtv3 sshd\[2321\]: Invalid user nf from 72.43.141.7 port 44516 Sep 16 14:23:45 vtv3 sshd\[2321\]: pam_unix\(sshd:auth\): authentica	2019-10-06 17:19:06
185.176.27.14	attackbots	10/06/2019-05:07:15.506925 185.176.27.14 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-10-06 17:32:35
61.177.172.158	attackspam	2019-10-06T03:45:59.968978hub.schaetter.us sshd\[13153\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.158 user=root 2019-10-06T03:46:01.968938hub.schaetter.us sshd\[13153\]: Failed password for root from 61.177.172.158 port 22935 ssh2 2019-10-06T03:46:04.291697hub.schaetter.us sshd\[13153\]: Failed password for root from 61.177.172.158 port 22935 ssh2 2019-10-06T03:46:06.203194hub.schaetter.us sshd\[13153\]: Failed password for root from 61.177.172.158 port 22935 ssh2 2019-10-06T03:46:39.562760hub.schaetter.us sshd\[13161\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.158 user=root ...	2019-10-06 17:45:06
123.18.206.15	attackbots	2019-10-06T02:53:14.0141621495-001 sshd\[36831\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.18.206.15 user=root 2019-10-06T02:53:15.9155051495-001 sshd\[36831\]: Failed password for root from 123.18.206.15 port 54646 ssh2 2019-10-06T02:57:48.6617001495-001 sshd\[37141\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.18.206.15 user=root 2019-10-06T02:57:51.3172951495-001 sshd\[37141\]: Failed password for root from 123.18.206.15 port 46160 ssh2 2019-10-06T03:02:28.7927901495-001 sshd\[37492\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.18.206.15 user=root 2019-10-06T03:02:30.8861561495-001 sshd\[37492\]: Failed password for root from 123.18.206.15 port 37682 ssh2 ...	2019-10-06 17:31:46
195.68.206.250	attack	10/06/2019-10:48:05.030258 195.68.206.250 Protocol: 6 ET CHAT IRC PING command	2019-10-06 17:47:10
103.56.113.201	attack	Oct 6 10:56:13 MK-Soft-VM6 sshd[11568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.56.113.201 Oct 6 10:56:15 MK-Soft-VM6 sshd[11568]: Failed password for invalid user 7YGV6TFC from 103.56.113.201 port 45565 ssh2 ...	2019-10-06 17:17:52
182.72.0.250	attackspambots	Oct 6 08:47:00 www2 sshd\[49634\]: Failed password for root from 182.72.0.250 port 43064 ssh2Oct 6 08:51:55 www2 sshd\[50136\]: Failed password for root from 182.72.0.250 port 56666 ssh2Oct 6 08:56:51 www2 sshd\[50682\]: Failed password for root from 182.72.0.250 port 42050 ssh2 ...	2019-10-06 17:31:17

Recently Reported IPs

77.68.11.31	212.107.127.126	222.89.100.46	183.150.237.241
52.174.37.10	212.147.183.30	138.94.189.168	78.252.87.91
172.135.242.170	163.225.136.208	205.247.126.213	231.59.143.213
250.213.161.14	217.245.189.207	250.145.5.62	50.129.38.1
60.8.145.50	20.247.226.65	58.33.32.181	5.72.116.248