116.31.140.71 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Guangdong Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Automatic report - FTP Brute Force	2019-10-25 16:37:48

Comments on same subnet:

IP	Type	Details	Datetime
116.31.140.13	attack	(ftpd) Failed FTP login from 116.31.140.13 (CN/China/-): 10 in the last 3600 secs	2020-09-01 06:41:35
116.31.140.37	attackbots	[Sun Jul 19 02:48:04.926186 2020] [:error] [pid 22715:tid 140632588613376] [client 116.31.140.37:58965] [client 116.31.140.37] ModSecurity: Access denied with code 403 (phase 1). Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "972"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.10"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/"] [unique_id "XxNR9Fcr71isoJ1NnSUOZgAAAcI"] ...	2020-07-19 07:52:39
116.31.140.220	attackbotsspam	FTP: login Brute Force attempt, PTR: PTR record not found	2019-09-22 00:12:20
116.31.140.147	attackspam	Automatic report - Port Scan Attack	2019-09-11 12:05:49

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 116.31.140.71
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8260
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;116.31.140.71.			IN	A

;; AUTHORITY SECTION:
.			596	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019102500 1800 900 604800 86400

;; Query time: 107 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Oct 25 16:37:42 CST 2019
;; MSG SIZE  rcvd: 117

Host info

Host 71.140.31.116.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 71.140.31.116.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
88.35.102.54	attackbotsspam	Jul 24 05:52:46 v22019058497090703 sshd[8884]: Failed password for root from 88.35.102.54 port 48858 ssh2 Jul 24 05:57:02 v22019058497090703 sshd[9130]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.35.102.54 Jul 24 05:57:04 v22019058497090703 sshd[9130]: Failed password for invalid user toor from 88.35.102.54 port 41258 ssh2 ...	2019-07-24 12:18:24
222.186.52.123	attackbots	Jul 24 05:45:59 MainVPS sshd[9288]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.52.123 user=root Jul 24 05:46:01 MainVPS sshd[9288]: Failed password for root from 222.186.52.123 port 38770 ssh2 Jul 24 05:46:08 MainVPS sshd[9300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.52.123 user=root Jul 24 05:46:10 MainVPS sshd[9300]: Failed password for root from 222.186.52.123 port 12732 ssh2 Jul 24 05:46:38 MainVPS sshd[9335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.52.123 user=root Jul 24 05:46:40 MainVPS sshd[9335]: Failed password for root from 222.186.52.123 port 56972 ssh2 ...	2019-07-24 12:04:34
142.44.137.62	attack	2019-07-24T04:15:15.124108abusebot-6.cloudsearch.cf sshd\[6377\]: Invalid user xue from 142.44.137.62 port 46676	2019-07-24 12:20:50
185.175.93.14	attackbots	Fail2Ban Ban Triggered	2019-07-24 12:12:01
191.53.104.124	attackbotsspam	failed_logins	2019-07-24 12:24:05
182.254.145.29	attackbots	Jul 23 23:09:02 aat-srv002 sshd[6158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.254.145.29 Jul 23 23:09:04 aat-srv002 sshd[6158]: Failed password for invalid user sk from 182.254.145.29 port 52671 ssh2 Jul 23 23:12:57 aat-srv002 sshd[6256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.254.145.29 Jul 23 23:12:59 aat-srv002 sshd[6256]: Failed password for invalid user admin from 182.254.145.29 port 41599 ssh2 ...	2019-07-24 12:15:54
58.40.54.138	attackspambots	Automatic report - Port Scan Attack	2019-07-24 12:13:34
159.89.172.190	attackbots	WordPress wp-login brute force :: 159.89.172.190 0.052 BYPASS [24/Jul/2019:12:03:49 1000] [censored_2] "POST /wp-login.php HTTP/1.1" 200 4630 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-07-24 12:20:30
193.32.163.182	attackbots	Jul 24 06:09:42 srv206 sshd[16533]: Invalid user admin from 193.32.163.182 ...	2019-07-24 12:13:05
60.194.51.19	attack	2019-07-24T06:08:12.831979cavecanem sshd[4157]: Invalid user test01 from 60.194.51.19 port 60848 2019-07-24T06:08:12.835186cavecanem sshd[4157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.194.51.19 2019-07-24T06:08:12.831979cavecanem sshd[4157]: Invalid user test01 from 60.194.51.19 port 60848 2019-07-24T06:08:14.573091cavecanem sshd[4157]: Failed password for invalid user test01 from 60.194.51.19 port 60848 ssh2 2019-07-24T06:12:03.124532cavecanem sshd[9598]: Invalid user shan from 60.194.51.19 port 60724 2019-07-24T06:12:03.127599cavecanem sshd[9598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.194.51.19 2019-07-24T06:12:03.124532cavecanem sshd[9598]: Invalid user shan from 60.194.51.19 port 60724 2019-07-24T06:12:05.247782cavecanem sshd[9598]: Failed password for invalid user shan from 60.194.51.19 port 60724 ssh2 2019-07-24T06:15:48.084017cavecanem sshd[14680]: Invalid user ble from 60.19 ...	2019-07-24 12:23:03
18.232.35.53	attack	Jul 23 20:08:43 TCP Attack: SRC=18.232.35.53 DST=[Masked] LEN=250 TOS=0x00 PREC=0x00 TTL=234 DF PROTO=TCP SPT=44626 DPT=80 WINDOW=913 RES=0x00 ACK PSH URGP=0	2019-07-24 12:14:03
193.201.224.241	attack	Jul 24 03:32:52 XXX sshd[34807]: Invalid user admin from 193.201.224.241 port 7096	2019-07-24 12:37:24
88.247.110.88	attackbotsspam	2019-07-24T04:28:17.337581abusebot-7.cloudsearch.cf sshd\[18402\]: Invalid user ls from 88.247.110.88 port 64491	2019-07-24 12:31:45
51.75.195.222	attack	firewall-block, port(s): 5973/tcp	2019-07-24 11:45:44
187.102.51.64	attack	port scan and connect, tcp 80 (http)	2019-07-24 12:27:27

Recently Reported IPs

185.26.205.248	167.71.111.16	16.98.36.222	42.86.164.33
61.28.156.239	112.78.132.125	191.252.178.76	183.56.173.152
2.81.249.17	106.12.69.9	35.204.93.66	106.12.200.13
210.12.190.35	137.157.126.122	161.180.101.31	99.138.192.80
111.226.248.227	195.154.92.15	94.102.49.102	177.184.189.52