116.31.140.13 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Guangdong Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	(ftpd) Failed FTP login from 116.31.140.13 (CN/China/-): 10 in the last 3600 secs	2020-09-01 06:41:35

Comments on same subnet:

IP	Type	Details	Datetime
116.31.140.37	attackbots	[Sun Jul 19 02:48:04.926186 2020] [:error] [pid 22715:tid 140632588613376] [client 116.31.140.37:58965] [client 116.31.140.37] ModSecurity: Access denied with code 403 (phase 1). Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "972"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.10"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/"] [unique_id "XxNR9Fcr71isoJ1NnSUOZgAAAcI"] ...	2020-07-19 07:52:39
116.31.140.71	attack	Automatic report - FTP Brute Force	2019-10-25 16:37:48
116.31.140.220	attackbotsspam	FTP: login Brute Force attempt, PTR: PTR record not found	2019-09-22 00:12:20
116.31.140.147	attackspam	Automatic report - Port Scan Attack	2019-09-11 12:05:49

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 116.31.140.13
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48487
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;116.31.140.13.			IN	A

;; AUTHORITY SECTION:
.			356	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020083101 1800 900 604800 86400

;; Query time: 21 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Sep 01 06:41:32 CST 2020
;; MSG SIZE  rcvd: 117

Host info

Host 13.140.31.116.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 13.140.31.116.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
191.126.165.231	attack	port	2020-09-13 16:39:35
46.101.151.97	attack	Sep 13 10:35:45 * sshd[27583]: Failed password for root from 46.101.151.97 port 32962 ssh2	2020-09-13 17:06:02
115.97.134.11	attackspam	DATE:2020-09-12 18:52:03, IP:115.97.134.11, PORT:telnet Telnet brute force auth on honeypot server (epe-honey1-hq)	2020-09-13 16:41:14
103.139.45.122	attack	Sep 12 20:11:56 Host-KLAX-C postfix/smtpd[146495]: lost connection after AUTH from unknown[103.139.45.122] Sep 12 20:11:59 Host-KLAX-C postfix/smtpd[146495]: lost connection after AUTH from unknown[103.139.45.122] Sep 12 20:12:02 Host-KLAX-C postfix/smtpd[146495]: lost connection after AUTH from unknown[103.139.45.122] Sep 12 20:12:05 Host-KLAX-C postfix/smtpd[146495]: lost connection after AUTH from unknown[103.139.45.122] Sep 12 20:12:07 Host-KLAX-C postfix/smtpd[146495]: lost connection after AUTH from unknown[103.139.45.122] Sep 12 20:12:09 Host-KLAX-C postfix/smtpd[146495]: lost connection after AUTH from unknown[103.139.45.122] Sep 12 20:12:12 Host-KLAX-C postfix/smtpd[146495]: lost connection after AUTH from unknown[103.139.45.122] Sep 12 20:12:14 Host-KLAX-C postfix/smtpd[146495]: lost connection after AUTH from unknown[103.139.45.122] Sep 12 20:12:15 Host-KLAX-C postfix/smtpd[146495]: lost connection after AUTH from unknown[103.139.45.122] Sep 12 20:12:17 Host-KLAX-C postfix/s ...	2020-09-13 16:47:14
188.92.213.115	attack	Sep 13 09:29:03 mail.srvfarm.net postfix/smtps/smtpd[1007950]: warning: unknown[188.92.213.115]: SASL PLAIN authentication failed: Sep 13 09:29:03 mail.srvfarm.net postfix/smtps/smtpd[1007950]: lost connection after AUTH from unknown[188.92.213.115] Sep 13 09:31:18 mail.srvfarm.net postfix/smtps/smtpd[1023469]: warning: unknown[188.92.213.115]: SASL PLAIN authentication failed: Sep 13 09:31:18 mail.srvfarm.net postfix/smtps/smtpd[1023469]: lost connection after AUTH from unknown[188.92.213.115] Sep 13 09:38:29 mail.srvfarm.net postfix/smtpd[1022145]: warning: unknown[188.92.213.115]: SASL PLAIN authentication failed:	2020-09-13 17:20:15
115.97.136.195	attackbots	TCP (SYN) 115.97.136.195:21550 -> port 23, len 40	2020-09-13 16:39:16
49.233.151.183	attackspambots	port scan and connect, tcp 1433 (ms-sql-s)	2020-09-13 16:53:44
212.70.149.52	attack	Rude login attack (3064 tries in 1d)	2020-09-13 16:51:07
27.5.47.149	attack	1599929566 - 09/12/2020 23:52:46 Host: 27.5.47.149/27.5.47.149 Port: 23 TCP Blocked ...	2020-09-13 17:05:18
103.214.202.3	attack	Brute forcing Wordpress login	2020-09-13 17:09:40
185.247.224.55	attackbotsspam	185.247.224.55 (RO/Romania/-), 6 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Sep 13 02:03:05 jbs1 sshd[10688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.224.55 user=root Sep 13 02:03:08 jbs1 sshd[10688]: Failed password for root from 185.247.224.55 port 57444 ssh2 Sep 13 01:59:01 jbs1 sshd[9188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.182.57.161 user=root Sep 13 01:59:04 jbs1 sshd[9188]: Failed password for root from 61.182.57.161 port 3467 ssh2 Sep 13 02:03:35 jbs1 sshd[10923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.102.119.121 user=root Sep 13 02:03:01 jbs1 sshd[10679]: Failed password for root from 51.254.120.159 port 52767 ssh2 IP Addresses Blocked:	2020-09-13 17:05:47
117.50.8.159	attackbotsspam	Sep 13 08:24:20 icinga sshd[36747]: Failed password for root from 117.50.8.159 port 36328 ssh2 Sep 13 08:33:49 icinga sshd[51436]: Failed password for root from 117.50.8.159 port 37264 ssh2 ...	2020-09-13 16:59:25
178.129.40.31	attackbotsspam	1599929591 - 09/12/2020 18:53:11 Host: 178.129.40.31/178.129.40.31 Port: 445 TCP Blocked	2020-09-13 16:52:21
138.197.175.236	attackspam	TCP (SYN) 138.197.175.236:45407 -> port 2365, len 44	2020-09-13 16:44:06
51.15.191.81	attackspambots	Automatic report - Banned IP Access	2020-09-13 17:13:12

Recently Reported IPs

174.136.31.143	37.228.227.124	108.50.164.201	205.228.79.207
127.232.237.90	177.91.182.162	91.101.26.68	11.56.113.184
52.35.138.255	58.182.173.137	42.194.195.60	219.112.215.167
37.208.135.86	115.73.19.243	186.93.240.101	173.230.158.167
187.101.218.182	92.86.213.94	211.80.102.183	27.205.213.6