116.31.140.37 - IPInfo

Basic Info

City: Shanghai

Region: Shanghai

Country: China

Internet Service Provider: ChinaNet Guangdong Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	[Sun Jul 19 02:48:04.926186 2020] [:error] [pid 22715:tid 140632588613376] [client 116.31.140.37:58965] [client 116.31.140.37] ModSecurity: Access denied with code 403 (phase 1). Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "972"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.10"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/"] [unique_id "XxNR9Fcr71isoJ1NnSUOZgAAAcI"] ...	2020-07-19 07:52:39

Type

Details

Datetime

attackbots

[Sun Jul 19 02:48:04.926186 2020] [:error] [pid 22715:tid 140632588613376] [client 116.31.140.37:58965] [client 116.31.140.37] ModSecurity: Access denied with code 403 (phase 1). Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "972"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.10"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/"] [unique_id "XxNR9Fcr71isoJ1NnSUOZgAAAcI"]
...

2020-07-19 07:52:39

Comments on same subnet:

IP	Type	Details	Datetime
116.31.140.13	attack	(ftpd) Failed FTP login from 116.31.140.13 (CN/China/-): 10 in the last 3600 secs	2020-09-01 06:41:35
116.31.140.71	attack	Automatic report - FTP Brute Force	2019-10-25 16:37:48
116.31.140.220	attackbotsspam	FTP: login Brute Force attempt, PTR: PTR record not found	2019-09-22 00:12:20
116.31.140.147	attackspam	Automatic report - Port Scan Attack	2019-09-11 12:05:49

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 116.31.140.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31440
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;116.31.140.37.			IN	A

;; AUTHORITY SECTION:
.			287	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020071801 1800 900 604800 86400

;; Query time: 45 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Jul 19 07:52:36 CST 2020
;; MSG SIZE  rcvd: 117

Host info

Host 37.140.31.116.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 37.140.31.116.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
137.74.195.204	attack	Mar 20 01:39:05 icecube sshd[16493]: Invalid user admin from 137.74.195.204 port 34908 Mar 20 01:39:05 icecube sshd[16493]: Failed password for invalid user admin from 137.74.195.204 port 34908 ssh2	2020-03-20 09:28:49
185.253.217.55	attack	serveres are UTC -0400 Lines containing failures of 185.253.217.55 Mar 19 11:00:11 tux2 sshd[21121]: Failed password for r.r from 185.253.217.55 port 53032 ssh2 Mar 19 11:00:12 tux2 sshd[21121]: Received disconnect from 185.253.217.55 port 53032:11: Bye Bye [preauth] Mar 19 11:00:12 tux2 sshd[21121]: Disconnected from authenticating user r.r 185.253.217.55 port 53032 [preauth] Mar 19 11:10:46 tux2 sshd[21783]: Failed password for r.r from 185.253.217.55 port 51344 ssh2 Mar 19 11:10:47 tux2 sshd[21783]: Received disconnect from 185.253.217.55 port 51344:11: Bye Bye [preauth] Mar 19 11:10:47 tux2 sshd[21783]: Disconnected from authenticating user r.r 185.253.217.55 port 51344 [preauth] Mar 19 11:16:19 tux2 sshd[22081]: Failed password for r.r from 185.253.217.55 port 54570 ssh2 Mar 19 11:16:20 tux2 sshd[22081]: Received disconnect from 185.253.217.55 port 54570:11: Bye Bye [preauth] Mar 19 11:16:20 tux2 sshd[22081]: Disconnected from authenticating user r.r 185.253.217.55 ........ ------------------------------	2020-03-20 09:20:33
118.89.78.216	attack	Lines containing failures of 118.89.78.216 Mar 19 11:48:13 cdb sshd[25364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.89.78.216 user=r.r Mar 19 11:48:15 cdb sshd[25364]: Failed password for r.r from 118.89.78.216 port 55334 ssh2 Mar 19 11:48:15 cdb sshd[25364]: Received disconnect from 118.89.78.216 port 55334:11: Bye Bye [preauth] Mar 19 11:48:15 cdb sshd[25364]: Disconnected from authenticating user r.r 118.89.78.216 port 55334 [preauth] Mar 19 11:55:46 cdb sshd[26164]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.89.78.216 user=r.r Mar 19 11:55:48 cdb sshd[26164]: Failed password for r.r from 118.89.78.216 port 46944 ssh2 Mar 19 11:55:48 cdb sshd[26164]: Received disconnect from 118.89.78.216 port 46944:11: Bye Bye [preauth] Mar 19 11:55:48 cdb sshd[26164]: Disconnected from authenticating user r.r 118.89.78.216 port 46944 [preauth] Mar 19 11:59:02 cdb sshd[26419]: pam_u........ ------------------------------	2020-03-20 09:11:02
222.186.30.187	attackspambots	Mar 20 06:36:38 areeb-Workstation sshd[21445]: Failed password for root from 222.186.30.187 port 30817 ssh2 Mar 20 06:36:42 areeb-Workstation sshd[21445]: Failed password for root from 222.186.30.187 port 30817 ssh2 ...	2020-03-20 09:09:04
191.37.212.65	attackbotsspam	firewall-block, port(s): 23/tcp	2020-03-20 09:14:08
123.206.174.21	attack	Invalid user bot from 123.206.174.21 port 10817	2020-03-20 09:49:32
222.186.173.226	attackspambots	2020-03-19T21:25:54.252449xentho-1 sshd[537552]: Failed password for root from 222.186.173.226 port 45921 ssh2 2020-03-19T21:25:48.207008xentho-1 sshd[537552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.173.226 user=root 2020-03-19T21:25:50.247629xentho-1 sshd[537552]: Failed password for root from 222.186.173.226 port 45921 ssh2 2020-03-19T21:25:54.252449xentho-1 sshd[537552]: Failed password for root from 222.186.173.226 port 45921 ssh2 2020-03-19T21:25:59.732004xentho-1 sshd[537552]: Failed password for root from 222.186.173.226 port 45921 ssh2 2020-03-19T21:25:48.207008xentho-1 sshd[537552]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.173.226 user=root 2020-03-19T21:25:50.247629xentho-1 sshd[537552]: Failed password for root from 222.186.173.226 port 45921 ssh2 2020-03-19T21:25:54.252449xentho-1 sshd[537552]: Failed password for root from 222.186.173.226 port 45921 ssh2 2020-0 ...	2020-03-20 09:28:35
187.11.242.196	attackbotsspam	Scanned 3 times in the last 24 hours on port 22	2020-03-20 09:25:20
111.229.204.204	attackspambots	Invalid user tsbot from 111.229.204.204 port 47362	2020-03-20 09:17:39
106.13.45.131	attackspam	Mar 19 22:44:21 ourumov-web sshd\[31909\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.45.131 user=root Mar 19 22:44:23 ourumov-web sshd\[31909\]: Failed password for root from 106.13.45.131 port 36574 ssh2 Mar 19 22:49:41 ourumov-web sshd\[32256\]: Invalid user libuuid from 106.13.45.131 port 42518 Mar 19 22:49:41 ourumov-web sshd\[32256\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.45.131 ...	2020-03-20 09:44:54
193.105.125.163	attackbots	Mar 20 01:54:34 ns382633 sshd\[17967\]: Invalid user sk from 193.105.125.163 port 57688 Mar 20 01:54:34 ns382633 sshd\[17967\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.105.125.163 Mar 20 01:54:36 ns382633 sshd\[17967\]: Failed password for invalid user sk from 193.105.125.163 port 57688 ssh2 Mar 20 02:00:47 ns382633 sshd\[19572\]: Invalid user diradmin from 193.105.125.163 port 38844 Mar 20 02:00:47 ns382633 sshd\[19572\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.105.125.163	2020-03-20 09:19:58
171.220.243.128	attackbotsspam	Mar 20 01:55:20 lukav-desktop sshd\[32243\]: Invalid user ts4 from 171.220.243.128 Mar 20 01:55:20 lukav-desktop sshd\[32243\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.220.243.128 Mar 20 01:55:22 lukav-desktop sshd\[32243\]: Failed password for invalid user ts4 from 171.220.243.128 port 39552 ssh2 Mar 20 02:00:50 lukav-desktop sshd\[32309\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.220.243.128 user=root Mar 20 02:00:52 lukav-desktop sshd\[32309\]: Failed password for root from 171.220.243.128 port 57682 ssh2	2020-03-20 09:41:02
113.172.16.224	attackbots	Mar 19 22:50:24 haigwepa sshd[15496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.172.16.224 Mar 19 22:50:26 haigwepa sshd[15496]: Failed password for invalid user admin from 113.172.16.224 port 35943 ssh2 ...	2020-03-20 09:09:26
88.102.244.211	attack	Tried sshing with brute force.	2020-03-20 09:30:36
106.75.4.19	attackbotsspam	firewall-block, port(s): 465/tcp	2020-03-20 09:24:59

Recently Reported IPs

100.20.185.29	103.217.255.8	186.137.204.140	45.83.166.34
216.15.128.199	206.80.100.85	45.201.18.245	41.193.16.244
83.253.154.252	217.100.30.50	110.141.148.206	203.229.184.192
126.252.115.231	67.78.61.120	108.101.234.123	13.232.58.217
121.226.43.188	129.157.149.20	41.2.57.223	180.22.13.234