117.2.104.150 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Viet Nam

Internet Service Provider: Viettel Corporation

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	DATE:2020-02-02 16:07:37, IP:117.2.104.150, PORT:1433 MSSQL brute force auth on honeypot server (honey-neo-dc)	2020-02-03 03:42:15

Comments on same subnet:

IP	Type	Details	Datetime
117.2.104.202	attackbotsspam	SSH bruteforce	2020-05-21 19:53:17
117.2.104.240	attackspambots	1578431936 - 01/07/2020 22:18:56 Host: 117.2.104.240/117.2.104.240 Port: 445 TCP Blocked	2020-01-08 06:53:01
117.2.104.191	attackbotsspam	Unauthorized connection attempt from IP address 117.2.104.191 on Port 445(SMB)	2019-12-11 07:54:35
117.2.104.145	attack	Unauthorized connection attempt from IP address 117.2.104.145 on Port 445(SMB)	2019-09-09 23:00:40
117.2.104.3	attack	Aug 16 14:26:31 *** sshd[20942]: Failed password for invalid user tit0nich from 117.2.104.3 port 60003 ssh2	2019-08-17 09:14:25

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 117.2.104.150
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43806
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;117.2.104.150.			IN	A

;; AUTHORITY SECTION:
.			384	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020020201 1800 900 604800 86400

;; Query time: 49 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Feb 03 03:42:10 CST 2020
;; MSG SIZE  rcvd: 117

Host info

Host 150.104.2.117.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 150.104.2.117.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
89.248.168.157	attack	05/11/2020-16:35:19.987710 89.248.168.157 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2020-05-12 06:30:01
159.203.179.230	attack	May 11 18:04:42 ny01 sshd[8616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.179.230 May 11 18:04:44 ny01 sshd[8616]: Failed password for invalid user redmine from 159.203.179.230 port 53562 ssh2 May 11 18:08:13 ny01 sshd[9054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.179.230	2020-05-12 06:27:06
211.252.87.90	attack	May 11 22:29:57 localhost sshd[68163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.252.87.90 user=root May 11 22:30:00 localhost sshd[68163]: Failed password for root from 211.252.87.90 port 44453 ssh2 May 11 22:33:50 localhost sshd[68487]: Invalid user patricia from 211.252.87.90 port 22505 May 11 22:33:50 localhost sshd[68487]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.252.87.90 May 11 22:33:50 localhost sshd[68487]: Invalid user patricia from 211.252.87.90 port 22505 May 11 22:33:53 localhost sshd[68487]: Failed password for invalid user patricia from 211.252.87.90 port 22505 ssh2 ...	2020-05-12 06:41:57
134.122.8.164	attackbotsspam	2020-05-11T21:53:18.600135shield sshd\[5094\]: Invalid user system from 134.122.8.164 port 54912 2020-05-11T21:53:18.603714shield sshd\[5094\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.8.164 2020-05-11T21:53:20.033883shield sshd\[5094\]: Failed password for invalid user system from 134.122.8.164 port 54912 ssh2 2020-05-11T21:57:13.691594shield sshd\[6589\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.122.8.164 user=root 2020-05-11T21:57:16.044526shield sshd\[6589\]: Failed password for root from 134.122.8.164 port 40068 ssh2	2020-05-12 06:09:35
45.142.195.8	attackbots	May 12 01:27:49 dri postfix/smtpd[16162]: warning: unknown[45.142.195.8]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 12 01:28:16 dri postfix/smtpd[16162]: warning: unknown[45.142.195.8]: SASL ...	2020-05-12 06:33:10
78.128.113.100	attackbots	2020-05-12 00:05:24 dovecot_plain authenticator failed for \(\[78.128.113.100\]\) \[78.128.113.100\]: 535 Incorrect authentication data \(set_id=sales@opso.it\) 2020-05-12 00:05:37 dovecot_plain authenticator failed for \(\[78.128.113.100\]\) \[78.128.113.100\]: 535 Incorrect authentication data 2020-05-12 00:05:51 dovecot_plain authenticator failed for \(\[78.128.113.100\]\) \[78.128.113.100\]: 535 Incorrect authentication data 2020-05-12 00:06:08 dovecot_plain authenticator failed for \(\[78.128.113.100\]\) \[78.128.113.100\]: 535 Incorrect authentication data 2020-05-12 00:06:19 dovecot_plain authenticator failed for \(\[78.128.113.100\]\) \[78.128.113.100\]: 535 Incorrect authentication data	2020-05-12 06:16:25
106.13.99.51	attack	2020-05-11T22:31:41.733686vps773228.ovh.net sshd[29794]: Invalid user ftpuser from 106.13.99.51 port 43752 2020-05-11T22:31:41.746888vps773228.ovh.net sshd[29794]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.99.51 2020-05-11T22:31:41.733686vps773228.ovh.net sshd[29794]: Invalid user ftpuser from 106.13.99.51 port 43752 2020-05-11T22:31:43.899662vps773228.ovh.net sshd[29794]: Failed password for invalid user ftpuser from 106.13.99.51 port 43752 ssh2 2020-05-11T22:35:14.561334vps773228.ovh.net sshd[29800]: Invalid user ordplugins from 106.13.99.51 port 58638 ...	2020-05-12 06:34:29
67.205.167.193	attackspambots	2020-05-12T00:08:19.417823vps751288.ovh.net sshd\[8236\]: Invalid user applmgr from 67.205.167.193 port 44160 2020-05-12T00:08:19.427166vps751288.ovh.net sshd\[8236\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.205.167.193 2020-05-12T00:08:21.880141vps751288.ovh.net sshd\[8236\]: Failed password for invalid user applmgr from 67.205.167.193 port 44160 ssh2 2020-05-12T00:11:38.553343vps751288.ovh.net sshd\[8272\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.205.167.193 user=root 2020-05-12T00:11:40.659903vps751288.ovh.net sshd\[8272\]: Failed password for root from 67.205.167.193 port 52210 ssh2	2020-05-12 06:21:09
186.85.159.135	attackspam	May 11 15:01:10 server1 sshd\[706\]: Invalid user ruben from 186.85.159.135 May 11 15:01:10 server1 sshd\[706\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.85.159.135 May 11 15:01:11 server1 sshd\[706\]: Failed password for invalid user ruben from 186.85.159.135 port 63553 ssh2 May 11 15:03:05 server1 sshd\[1291\]: Invalid user taysa from 186.85.159.135 May 11 15:03:05 server1 sshd\[1291\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.85.159.135 ...	2020-05-12 06:17:36
134.175.111.215	attackbotsspam	May 11 21:37:19 ip-172-31-62-245 sshd\[18650\]: Invalid user english from 134.175.111.215\ May 11 21:37:21 ip-172-31-62-245 sshd\[18650\]: Failed password for invalid user english from 134.175.111.215 port 44862 ssh2\ May 11 21:41:25 ip-172-31-62-245 sshd\[18749\]: Failed password for root from 134.175.111.215 port 51792 ssh2\ May 11 21:45:35 ip-172-31-62-245 sshd\[18781\]: Invalid user test from 134.175.111.215\ May 11 21:45:36 ip-172-31-62-245 sshd\[18781\]: Failed password for invalid user test from 134.175.111.215 port 58744 ssh2\	2020-05-12 06:39:15
114.67.79.46	attack	May 12 00:00:19 buvik sshd[26549]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.79.46 May 12 00:00:21 buvik sshd[26549]: Failed password for invalid user ubuntu from 114.67.79.46 port 41689 ssh2 May 12 00:03:58 buvik sshd[3678]: Invalid user userftp from 114.67.79.46 ...	2020-05-12 06:10:45
103.145.12.121	attackbots	Trying ports that it shouldn't be.	2020-05-12 06:31:45
218.92.0.191	attackbotsspam	May 11 23:43:39 sip sshd[219236]: Failed password for root from 218.92.0.191 port 53518 ssh2 May 11 23:43:41 sip sshd[219236]: Failed password for root from 218.92.0.191 port 53518 ssh2 May 11 23:43:45 sip sshd[219236]: Failed password for root from 218.92.0.191 port 53518 ssh2 ...	2020-05-12 06:27:57
182.254.154.89	attackbotsspam	May 11 22:34:53 eventyay sshd[13227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.254.154.89 May 11 22:34:56 eventyay sshd[13227]: Failed password for invalid user cron from 182.254.154.89 port 59274 ssh2 May 11 22:35:33 eventyay sshd[13243]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.254.154.89 ...	2020-05-12 06:20:31
62.210.215.25	attackspam	This client attempted to login to an administrator account on a Website, or abused from another resource.	2020-05-12 06:37:30

Recently Reported IPs

99.25.94.193	157.255.208.240	91.166.104.197	24.4.98.7
60.243.168.77	126.242.180.207	171.33.84.25	77.168.6.23
121.227.68.45	134.209.228.253	91.39.22.78	58.208.203.191
114.43.151.229	191.133.180.165	195.198.168.150	67.91.8.176
69.76.59.153	49.71.140.157	83.224.248.229	23.21.193.170