116.239.104.31

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Shanghai Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
116.239.104.216	attackbotsspam	2019-12-19 22:55:58 H=(ylmf-pc) [116.239.104.216]:59371 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc 2019-12-19 22:56:03 H=(ylmf-pc) [116.239.104.216]:57782 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc 2019-12-19 22:56:06 H=(ylmf-pc) [116.239.104.216]:56262 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc ...	2019-12-20 13:46:13
116.239.104.143	attack	Nov 29 09:45:36 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143] Nov 29 09:45:37 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.104.143] Nov 29 09:45:37 eola postfix/smtpd[17528]: disconnect from unknown[116.239.104.143] ehlo=1 auth=0/1 commands=1/2 Nov 29 09:45:37 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143] Nov 29 09:45:38 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.104.143] Nov 29 09:45:38 eola postfix/smtpd[17528]: disconnect from unknown[116.239.104.143] ehlo=1 auth=0/1 commands=1/2 Nov 29 09:45:41 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143] Nov 29 09:45:43 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.104.143] Nov 29 09:45:43 eola postfix/smtpd[17528]: disconnect from unknown[116.239.104.143] ehlo=1 auth=0/1 commands=1/2 Nov 29 09:45:43 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143] Nov 29 09:46:41 eola ........ -------------------------------	2019-11-30 01:31:14
116.239.104.2	attack	SSH invalid-user multiple login try	2019-08-31 04:24:35

Type

Details

Datetime

116.239.104.216

attackbotsspam

2019-12-19 22:55:58 H=(ylmf-pc) [116.239.104.216]:59371 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc
2019-12-19 22:56:03 H=(ylmf-pc) [116.239.104.216]:57782 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc
2019-12-19 22:56:06 H=(ylmf-pc) [116.239.104.216]:56262 I=[192.147.25.65]:25 rejected EHLO or HELO ylmf-pc: CHECK_HELO: ylmf-pc
...

2019-12-20 13:46:13

116.239.104.143

attack

Nov 29 09:45:36 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143]
Nov 29 09:45:37 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.104.143]
Nov 29 09:45:37 eola postfix/smtpd[17528]: disconnect from unknown[116.239.104.143] ehlo=1 auth=0/1 commands=1/2
Nov 29 09:45:37 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143]
Nov 29 09:45:38 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.104.143]
Nov 29 09:45:38 eola postfix/smtpd[17528]: disconnect from unknown[116.239.104.143] ehlo=1 auth=0/1 commands=1/2
Nov 29 09:45:41 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143]
Nov 29 09:45:43 eola postfix/smtpd[17528]: lost connection after AUTH from unknown[116.239.104.143]
Nov 29 09:45:43 eola postfix/smtpd[17528]: disconnect from unknown[116.239.104.143] ehlo=1 auth=0/1 commands=1/2
Nov 29 09:45:43 eola postfix/smtpd[17528]: connect from unknown[116.239.104.143]
Nov 29 09:46:41 eola ........
-------------------------------

2019-11-30 01:31:14

116.239.104.2

attack

SSH invalid-user multiple login try

2019-08-31 04:24:35

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 116.239.104.31
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27507
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;116.239.104.31.			IN	A

;; AUTHORITY SECTION:
.			145	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019121001 1800 900 604800 86400

;; Query time: 244 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Dec 11 01:42:20 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 31.104.239.116.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 31.104.239.116.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
122.228.19.80	attackbots	122.228.19.80 was recorded 84 times by 22 hosts attempting to connect to the following ports: 37,9000,9295,119,1604,1400,3299,8081,8090,50070,110,21,32400,2628,8010,69,6697,2152,4343,28017,3000,79,8004,789,6000,389,84,995,3268,12000,1025,8888,2123,37778,27036,4786,8069,5985,520,9999,4899,8086,4040,82,3050,5683,27016,9100,179,3351,11211,17,9200,1194,40000,1022,7779,27015,8140,17185,8060,2181,8005,5038,7,2379,64738,8088,1311,1080,4800,9080. Incident counter (4h, 24h, all-time): 84, 513, 20324	2019-12-18 16:33:31
106.12.15.235	attack	Dec 18 07:29:06 nextcloud sshd\[28520\]: Invalid user calends from 106.12.15.235 Dec 18 07:29:06 nextcloud sshd\[28520\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.15.235 Dec 18 07:29:08 nextcloud sshd\[28520\]: Failed password for invalid user calends from 106.12.15.235 port 60732 ssh2 ...	2019-12-18 16:31:03
218.92.0.165	attack	Dec 18 08:22:57 zeus sshd[26760]: Failed password for root from 218.92.0.165 port 10986 ssh2 Dec 18 08:23:01 zeus sshd[26760]: Failed password for root from 218.92.0.165 port 10986 ssh2 Dec 18 08:23:06 zeus sshd[26760]: Failed password for root from 218.92.0.165 port 10986 ssh2 Dec 18 08:23:11 zeus sshd[26760]: Failed password for root from 218.92.0.165 port 10986 ssh2 Dec 18 08:23:15 zeus sshd[26760]: Failed password for root from 218.92.0.165 port 10986 ssh2	2019-12-18 16:29:28
105.235.137.229	attackspam	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/105.235.137.229/ DZ - 1H : (1) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : DZ NAME ASN : ASN33779 IP : 105.235.137.229 CIDR : 105.235.137.0/24 PREFIX COUNT : 28 UNIQUE IP COUNT : 9216 ATTACKS DETECTED ASN33779 : 1H - 1 3H - 1 6H - 1 12H - 1 24H - 1 DateTime : 2019-12-18 07:29:16 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-12-18 16:21:14
210.183.61.148	attack	Lines containing failures of 210.183.61.148 Dec 18 05:20:09 zabbix sshd[4121]: Invalid user dpp from 210.183.61.148 port 33062 Dec 18 05:20:09 zabbix sshd[4121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.183.61.148 Dec 18 05:20:11 zabbix sshd[4121]: Failed password for invalid user dpp from 210.183.61.148 port 33062 ssh2 Dec 18 05:20:11 zabbix sshd[4121]: Received disconnect from 210.183.61.148 port 33062:11: Bye Bye [preauth] Dec 18 05:20:11 zabbix sshd[4121]: Disconnected from invalid user dpp 210.183.61.148 port 33062 [preauth] Dec 18 05:31:05 zabbix sshd[5194]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.183.61.148 user=r.r Dec 18 05:31:07 zabbix sshd[5194]: Failed password for r.r from 210.183.61.148 port 47952 ssh2 Dec 18 05:31:08 zabbix sshd[5194]: Received disconnect from 210.183.61.148 port 47952:11: Bye Bye [preauth] Dec 18 05:31:08 zabbix sshd[5194]: Disconnected........ ------------------------------	2019-12-18 16:30:30
182.253.163.102	attackspambots	Honeypot attack, port: 445, PTR: PTR record not found	2019-12-18 16:24:01
202.83.17.223	attack	Dec 18 07:41:28 markkoudstaal sshd[22708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.17.223 Dec 18 07:41:29 markkoudstaal sshd[22708]: Failed password for invalid user tresa from 202.83.17.223 port 47024 ssh2 Dec 18 07:47:31 markkoudstaal sshd[23357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.83.17.223	2019-12-18 16:42:50
186.183.165.85	attackspambots	Dec 18 08:11:13 game-panel sshd[21601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.183.165.85 Dec 18 08:11:15 game-panel sshd[21601]: Failed password for invalid user obama from 186.183.165.85 port 41010 ssh2 Dec 18 08:17:06 game-panel sshd[21858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.183.165.85	2019-12-18 16:34:24
27.105.103.3	attackspambots	Dec 17 22:38:07 eddieflores sshd\[21962\]: Invalid user meijer from 27.105.103.3 Dec 17 22:38:07 eddieflores sshd\[21962\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.105.103.3 Dec 17 22:38:09 eddieflores sshd\[21962\]: Failed password for invalid user meijer from 27.105.103.3 port 55058 ssh2 Dec 17 22:44:40 eddieflores sshd\[22671\]: Invalid user passin from 27.105.103.3 Dec 17 22:44:40 eddieflores sshd\[22671\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.105.103.3	2019-12-18 16:51:37
112.196.4.130	attackbotsspam	Dec 16 18:17:28 sanyalnet-awsem3-1 sshd[4381]: Connection from 112.196.4.130 port 60172 on 172.30.0.184 port 22 Dec 16 18:17:29 sanyalnet-awsem3-1 sshd[4381]: Invalid user pippy from 112.196.4.130 Dec 16 18:17:29 sanyalnet-awsem3-1 sshd[4381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.4.130 Dec 16 18:17:31 sanyalnet-awsem3-1 sshd[4381]: Failed password for invalid user pippy from 112.196.4.130 port 60172 ssh2 Dec 16 18:17:32 sanyalnet-awsem3-1 sshd[4381]: Received disconnect from 112.196.4.130: 11: Bye Bye [preauth] Dec 16 18:42:45 sanyalnet-awsem3-1 sshd[5074]: Connection from 112.196.4.130 port 36912 on 172.30.0.184 port 22 Dec 16 18:42:47 sanyalnet-awsem3-1 sshd[5074]: Invalid user library1 from 112.196.4.130 Dec 16 18:42:47 sanyalnet-awsem3-1 sshd[5074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.196.4.130 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?	2019-12-18 16:22:52
94.191.9.85	attackspambots	Dec 18 07:32:03 vtv3 sshd[7935]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.191.9.85 Dec 18 07:32:06 vtv3 sshd[7935]: Failed password for invalid user amini from 94.191.9.85 port 39484 ssh2 Dec 18 07:38:10 vtv3 sshd[10548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.191.9.85 Dec 18 07:50:38 vtv3 sshd[16572]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.191.9.85 Dec 18 07:50:40 vtv3 sshd[16572]: Failed password for invalid user coe from 94.191.9.85 port 38418 ssh2 Dec 18 07:56:48 vtv3 sshd[19347]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.191.9.85 Dec 18 08:08:53 vtv3 sshd[24725]: Failed password for root from 94.191.9.85 port 37452 ssh2 Dec 18 08:15:00 vtv3 sshd[27622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.191.9.85 Dec 18 08:15:02 vtv3 sshd[27622]: Failed password	2019-12-18 16:43:38
77.247.109.63	attackbots	\[2019-12-18 03:29:32\] NOTICE\[2839\] chan_sip.c: Registration from '562 \' failed for '77.247.109.63:5060' - Wrong password \[2019-12-18 03:29:32\] SECURITY\[2857\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-12-18T03:29:32.947-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="562",SessionID="0x7f0fb40c0358",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/77.247.109.63/5060",Challenge="11116feb",ReceivedChallenge="11116feb",ReceivedHash="5ae079675e6c8c84ab569f93da0818c6" \[2019-12-18 03:29:34\] NOTICE\[2839\] chan_sip.c: Registration from '563 \' failed for '77.247.109.63:5060' - Wrong password \[2019-12-18 03:29:34\] SECURITY\[2857\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-12-18T03:29:34.418-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="563",SessionID="0x7f0fb462f398",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/77.247.1	2019-12-18 16:51:20
218.146.168.239	attack	Dec 18 09:32:36 MK-Soft-VM5 sshd[12780]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.146.168.239 Dec 18 09:32:38 MK-Soft-VM5 sshd[12780]: Failed password for invalid user mysql from 218.146.168.239 port 49710 ssh2 ...	2019-12-18 16:37:59
122.51.83.60	attackbots	Dec 18 07:21:23 srv01 sshd[25623]: Invalid user cn from 122.51.83.60 port 38984 Dec 18 07:21:23 srv01 sshd[25623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.83.60 Dec 18 07:21:23 srv01 sshd[25623]: Invalid user cn from 122.51.83.60 port 38984 Dec 18 07:21:25 srv01 sshd[25623]: Failed password for invalid user cn from 122.51.83.60 port 38984 ssh2 Dec 18 07:28:48 srv01 sshd[26233]: Invalid user khoanh from 122.51.83.60 port 39318 ...	2019-12-18 16:53:30
122.219.108.171	attack	Dec 17 21:01:56 php1 sshd\[20259\]: Invalid user nate from 122.219.108.171 Dec 17 21:01:56 php1 sshd\[20259\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.219.108.171 Dec 17 21:01:58 php1 sshd\[20259\]: Failed password for invalid user nate from 122.219.108.171 port 33156 ssh2 Dec 17 21:08:35 php1 sshd\[20869\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.219.108.171 user=root Dec 17 21:08:37 php1 sshd\[20869\]: Failed password for root from 122.219.108.171 port 41722 ssh2	2019-12-18 16:43:16

Recently Reported IPs

190.167.253.37	212.63.104.106	165.22.224.31	156.96.56.80
14.232.245.27	14.142.141.161	200.186.178.2	191.198.91.235
138.91.155.235	76.4.193.231	225.79.92.81	100.87.195.128
105.66.134.162	166.22.182.208	225.25.205.63	60.33.212.221
65.111.78.232	162.58.23.126	130.84.31.249	160.166.7.133