124.31.204.116

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Xizang (Tibet) Province Network

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	ET SCAN Suspicious inbound to MSSQL port 1433 - port: 1433 proto: TCP cat: Potentially Bad Traffic	2020-06-01 03:36:46
attackspam	SMB Server BruteForce Attack	2019-09-25 08:27:26
attackspambots	Unauthorised access (Aug 6) SRC=124.31.204.116 LEN=44 TTL=240 ID=51927 TCP DPT=445 WINDOW=1024 SYN	2019-08-06 09:45:07
attack	SMB Server BruteForce Attack	2019-07-05 14:40:18

Comments on same subnet:

IP	Type	Details	Datetime
124.31.204.119	attackbots	1433/tcp 445/tcp... [2020-09-10/10-04]7pkt,2pt.(tcp)	2020-10-06 04:22:16
124.31.204.119	attack	1433/tcp 445/tcp... [2020-09-10/10-04]7pkt,2pt.(tcp)	2020-10-05 20:23:02
124.31.204.119	attackspambots	1433/tcp 445/tcp... [2020-09-10/10-04]7pkt,2pt.(tcp)	2020-10-05 12:13:46
124.31.204.119	attack	Unauthorized connection attempt from IP address 124.31.204.119 on Port 445(SMB)	2020-03-02 05:42:19
124.31.204.119	attack	ET SCAN Suspicious inbound to MSSQL port 1433 - port: 1433 proto: TCP cat: Potentially Bad Traffic	2019-12-11 05:22:24
124.31.204.60	attackbots	SMB Server BruteForce Attack	2019-10-30 04:30:57
124.31.204.60	attack	Port Scan: TCP/445	2019-09-14 10:44:33
124.31.204.60	attackspam	[SMB remote code execution attempt: port tcp/445] *(RWIN=1024)(06281018)	2019-06-28 18:03:18
124.31.204.60	attackbots	445/tcp 445/tcp 445/tcp... [2019-04-27/06-26]9pkt,1pt.(tcp)	2019-06-26 16:33:43

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 124.31.204.116
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42845
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;124.31.204.116.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019060701 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Jun 08 11:29:36 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 116.204.31.124.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 116.204.31.124.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
213.153.128.242	attackbotsspam	Feb 3 13:47:19 ms-srv sshd[23666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.153.128.242 Feb 3 13:47:21 ms-srv sshd[23666]: Failed password for invalid user vnstat from 213.153.128.242 port 51436 ssh2	2020-03-09 00:53:20
176.113.115.248	attackbotsspam	Mar 8 17:21:32 debian-2gb-nbg1-2 kernel: \[5943648.366416\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=176.113.115.248 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=31262 PROTO=TCP SPT=58556 DPT=61564 WINDOW=1024 RES=0x00 SYN URGP=0	2020-03-09 00:48:15
192.99.212.132	attackspambots	Mar 7 15:17:31 v26 sshd[3043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.99.212.132 user=r.r Mar 7 15:17:33 v26 sshd[3043]: Failed password for r.r from 192.99.212.132 port 53634 ssh2 Mar 7 15:17:33 v26 sshd[3043]: Received disconnect from 192.99.212.132 port 53634:11: Bye Bye [preauth] Mar 7 15:17:33 v26 sshd[3043]: Disconnected from 192.99.212.132 port 53634 [preauth] Mar 7 15:20:23 v26 sshd[3310]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.99.212.132 user=r.r Mar 7 15:20:25 v26 sshd[3310]: Failed password for r.r from 192.99.212.132 port 51534 ssh2 Mar 7 15:20:25 v26 sshd[3310]: Received disconnect from 192.99.212.132 port 51534:11: Bye Bye [preauth] Mar 7 15:20:25 v26 sshd[3310]: Disconnected from 192.99.212.132 port 51534 [preauth] Mar 7 15:21:50 v26 sshd[3439]: Invalid user bpadmin from 192.99.212.132 port 43864 Mar 7 15:21:52 v26 sshd[3439]: Failed passw........ -------------------------------	2020-03-09 00:51:35
213.155.194.26	attackspambots	May 28 10:05:24 ms-srv sshd[41328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.155.194.26 May 28 10:05:27 ms-srv sshd[41328]: Failed password for invalid user mac from 213.155.194.26 port 39806 ssh2	2020-03-09 00:50:11
222.186.30.145	attack	Too many connections or unauthorized access detected from Arctic banned ip	2020-03-09 00:43:02
2.181.58.179	attack	Honeypot attack, port: 445, PTR: PTR record not found	2020-03-09 00:32:27
77.29.227.160	attackbots	1583673419 - 03/08/2020 14:16:59 Host: 77.29.227.160/77.29.227.160 Port: 445 TCP Blocked	2020-03-09 00:40:58
87.17.66.24	attackbots	Mar 8 13:16:40 web8 sshd\[15013\]: Invalid user pi from 87.17.66.24 Mar 8 13:16:41 web8 sshd\[15014\]: Invalid user pi from 87.17.66.24 Mar 8 13:16:41 web8 sshd\[15013\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.17.66.24 Mar 8 13:16:41 web8 sshd\[15014\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.17.66.24 Mar 8 13:16:42 web8 sshd\[15013\]: Failed password for invalid user pi from 87.17.66.24 port 57054 ssh2	2020-03-09 01:02:49
192.99.4.145	attack	SSH brute-force: detected 7 distinct usernames within a 24-hour window.	2020-03-09 00:24:09
222.186.173.238	attack	Mar 8 17:30:28 minden010 sshd[1650]: Failed password for root from 222.186.173.238 port 7346 ssh2 Mar 8 17:30:31 minden010 sshd[1650]: Failed password for root from 222.186.173.238 port 7346 ssh2 Mar 8 17:30:35 minden010 sshd[1650]: Failed password for root from 222.186.173.238 port 7346 ssh2 Mar 8 17:30:39 minden010 sshd[1650]: Failed password for root from 222.186.173.238 port 7346 ssh2 ...	2020-03-09 00:34:28
213.178.223.165	attack	Jan 26 16:00:16 ms-srv sshd[27062]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.178.223.165 Jan 26 16:00:18 ms-srv sshd[27062]: Failed password for invalid user katyayani from 213.178.223.165 port 38559 ssh2	2020-03-09 00:31:37
138.68.250.76	attackbots	Fail2Ban Ban Triggered	2020-03-09 01:02:29
123.58.6.219	attackspam	Mar 8 14:21:55 srv01 sshd[24862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.6.219 user=root Mar 8 14:21:57 srv01 sshd[24862]: Failed password for root from 123.58.6.219 port 44515 ssh2 Mar 8 14:26:32 srv01 sshd[25142]: Invalid user jeremiah from 123.58.6.219 port 44363 Mar 8 14:26:32 srv01 sshd[25142]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.6.219 Mar 8 14:26:32 srv01 sshd[25142]: Invalid user jeremiah from 123.58.6.219 port 44363 Mar 8 14:26:34 srv01 sshd[25142]: Failed password for invalid user jeremiah from 123.58.6.219 port 44363 ssh2 ...	2020-03-09 00:29:34
27.70.226.215	attackbots	Honeypot attack, port: 5555, PTR: localhost.	2020-03-09 00:22:39
159.89.13.0	attackbotsspam	Mar 8 06:03:53 hanapaa sshd\[10850\]: Invalid user sunshine from 159.89.13.0 Mar 8 06:03:53 hanapaa sshd\[10850\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.13.0 Mar 8 06:03:55 hanapaa sshd\[10850\]: Failed password for invalid user sunshine from 159.89.13.0 port 60386 ssh2 Mar 8 06:08:01 hanapaa sshd\[11202\]: Invalid user pc from 159.89.13.0 Mar 8 06:08:01 hanapaa sshd\[11202\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.13.0	2020-03-09 00:16:52

Recently Reported IPs

61.163.36.24	80.108.220.67	178.217.40.208	103.254.94.91
194.28.36.22	252.230.95.15	81.17.81.34	190.116.55.89
66.15.58.245	189.198.91.48	94.64.46.134	175.111.37.51
103.197.106.49	118.161.70.230	202.138.233.162	92.98.255.120
181.115.168.69	1.55.145.209	218.89.187.46	197.44.157.200