125.70.117.5 - IPInfo

Basic Info

City: Chengdu

Region: Sichuan

Country: China

Internet Service Provider: ChinaNet Sichuan Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	[portscan] tcp/21 [FTP] [scan/connect: 6 time(s)] in blocklist.de:'listed [ftp]' in spfbl.net:'listed' *(RWIN=65535)(11071155)	2019-11-07 19:39:20

Comments on same subnet:

IP	Type	Details	Datetime
125.70.117.106	attackspambots	Fail2Ban - FTP Abuse Attempt	2020-01-11 00:08:41

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 125.70.117.5
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57371
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;125.70.117.5.			IN	A

;; AUTHORITY SECTION:
.			526	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019110700 1800 900 604800 86400

;; Query time: 49 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Nov 07 19:39:16 CST 2019
;; MSG SIZE  rcvd: 116

Host info

5.117.70.125.in-addr.arpa domain name pointer 5.117.70.125.broad.cd.sc.dynamic.163data.com.cn.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
5.117.70.125.in-addr.arpa	name = 5.117.70.125.broad.cd.sc.dynamic.163data.com.cn.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
208.109.53.185	attackspambots	208.109.53.185 - - [01/Jun/2020:00:32:55 +0200] "GET /wp-login.php HTTP/1.1" 200 6364 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 208.109.53.185 - - [01/Jun/2020:00:32:57 +0200] "POST /wp-login.php HTTP/1.1" 200 6615 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 208.109.53.185 - - [01/Jun/2020:00:32:59 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-06-01 08:07:48
163.43.116.204	attack	May 31 17:10:48 dax sshd[2012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.43.116.204 user=r.r May 31 17:10:50 dax sshd[2012]: Failed password for r.r from 163.43.116.204 port 60340 ssh2 May 31 17:10:51 dax sshd[2012]: Received disconnect from 163.43.116.204: 11: Bye Bye [preauth] May 31 17:21:12 dax sshd[3454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.43.116.204 user=r.r May 31 17:21:14 dax sshd[3454]: Failed password for r.r from 163.43.116.204 port 56728 ssh2 May 31 17:21:14 dax sshd[3454]: Received disconnect from 163.43.116.204: 11: Bye Bye [preauth] May 31 17:25:04 dax sshd[3894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.43.116.204 user=r.r May 31 17:25:07 dax sshd[3894]: Failed password for r.r from 163.43.116.204 port 36032 ssh2 May 31 17:25:07 dax sshd[3894]: Received disconnect from 163.43.116.204: 11: Bye By........ -------------------------------	2020-06-01 07:35:28
187.12.181.106	attackspambots	5x Failed Password	2020-06-01 08:10:35
37.187.75.16	attackbots	www.eintrachtkultkellerfulda.de 37.187.75.16 [31/May/2020:22:22:27 +0200] "POST /wp-login.php HTTP/1.1" 200 6613 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" www.eintrachtkultkellerfulda.de 37.187.75.16 [31/May/2020:22:22:33 +0200] "POST /wp-login.php HTTP/1.1" 200 6613 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36"	2020-06-01 08:05:51
158.69.42.3	attackbotsspam	May 31 22:23:05 debian-2gb-nbg1-2 kernel: \[13215360.341731\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=158.69.42.3 DST=195.201.40.59 LEN=40 TOS=0x14 PREC=0x00 TTL=238 ID=5080 PROTO=TCP SPT=59211 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0	2020-06-01 07:44:49
51.178.78.152	attackspambots	9200/tcp 5800/tcp 9042/tcp... [2020-03-31/05-31]803pkt,111pt.(tcp)	2020-06-01 07:37:45
94.102.49.109	attack	RDP brute force to non-standard port.	2020-06-01 07:39:50
79.173.253.50	attackbotsspam	sshd jail - ssh hack attempt	2020-06-01 07:50:38
34.75.80.41	attackspam	May 31 13:20:55 cumulus sshd[26366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.75.80.41 user=r.r May 31 13:20:57 cumulus sshd[26366]: Failed password for r.r from 34.75.80.41 port 38066 ssh2 May 31 13:20:57 cumulus sshd[26366]: Received disconnect from 34.75.80.41 port 38066:11: Bye Bye [preauth] May 31 13:20:57 cumulus sshd[26366]: Disconnected from 34.75.80.41 port 38066 [preauth] May 31 13:24:52 cumulus sshd[26724]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.75.80.41 user=r.r May 31 13:24:55 cumulus sshd[26724]: Failed password for r.r from 34.75.80.41 port 32804 ssh2 May 31 13:24:55 cumulus sshd[26724]: Received disconnect from 34.75.80.41 port 32804:11: Bye Bye [preauth] May 31 13:24:55 cumulus sshd[26724]: Disconnected from 34.75.80.41 port 32804 [preauth] May 31 13:26:27 cumulus sshd[26891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ........ -------------------------------	2020-06-01 07:53:26
164.132.51.91	attack	$f2bV_matches	2020-06-01 07:34:33
61.91.164.142	attackspambots	(imapd) Failed IMAP login from 61.91.164.142 (TH/Thailand/61-91-164-142.static.asianet.co.th): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: Jun 1 00:52:53 ir1 dovecot[2885757]: imap-login: Disconnected (auth failed, 1 attempts in 53 secs): user=, method=PLAIN, rip=61.91.164.142, lip=5.63.12.44, session=	2020-06-01 07:52:59
149.56.102.43	attackbotsspam	Lines containing failures of 149.56.102.43 May 31 19:35:00 kmh-vmh-002-fsn07 sshd[974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.102.43 user=r.r May 31 19:35:02 kmh-vmh-002-fsn07 sshd[974]: Failed password for r.r from 149.56.102.43 port 38170 ssh2 May 31 19:35:03 kmh-vmh-002-fsn07 sshd[974]: Received disconnect from 149.56.102.43 port 38170:11: Bye Bye [preauth] May 31 19:35:03 kmh-vmh-002-fsn07 sshd[974]: Disconnected from authenticating user r.r 149.56.102.43 port 38170 [preauth] May 31 19:40:02 kmh-vmh-002-fsn07 sshd[9163]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.102.43 user=r.r May 31 19:40:04 kmh-vmh-002-fsn07 sshd[9163]: Failed password for r.r from 149.56.102.43 port 53264 ssh2 May 31 19:40:05 kmh-vmh-002-fsn07 sshd[9163]: Received disconnect from 149.56.102.43 port 53264:11: Bye Bye [preauth] May 31 19:40:05 kmh-vmh-002-fsn07 sshd[9163]: Disconnected fr........ ------------------------------	2020-06-01 07:55:04
106.54.191.247	attackbots	SSH Brute-Force reported by Fail2Ban	2020-06-01 08:06:15
115.79.35.110	attackspam	Jun 1 00:36:04 ns381471 sshd[29108]: Failed password for root from 115.79.35.110 port 45991 ssh2	2020-06-01 07:46:56
109.162.94.25	attackspam	20/5/31@16:22:29: FAIL: Alarm-Network address from=109.162.94.25 20/5/31@16:22:29: FAIL: Alarm-Network address from=109.162.94.25 ...	2020-06-01 08:09:34

Recently Reported IPs

121.160.102.39	73.215.115.46	51.89.23.6	38.98.158.39
191.100.10.124	190.28.87.216	51.77.200.101	60.168.244.179
154.83.17.200	182.61.29.126	150.109.164.133	180.249.202.128
106.12.15.235	122.245.64.162	124.79.158.217	54.37.155.42
144.76.174.7	85.92.109.76	213.230.80.6	59.144.88.66