3.16.139.113 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Amazon Technologies Inc.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Feb 3 07:55:33 lukav-desktop sshd\[8944\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.16.139.113 user=root Feb 3 07:55:34 lukav-desktop sshd\[8944\]: Failed password for root from 3.16.139.113 port 54326 ssh2 Feb 3 07:58:47 lukav-desktop sshd\[10897\]: Invalid user huo from 3.16.139.113 Feb 3 07:58:47 lukav-desktop sshd\[10897\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.16.139.113 Feb 3 07:58:49 lukav-desktop sshd\[10897\]: Failed password for invalid user huo from 3.16.139.113 port 43864 ssh2	2020-02-03 14:39:21

Type

Details

Datetime

attack

Feb  3 07:55:33 lukav-desktop sshd\[8944\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.16.139.113  user=root
Feb  3 07:55:34 lukav-desktop sshd\[8944\]: Failed password for root from 3.16.139.113 port 54326 ssh2
Feb  3 07:58:47 lukav-desktop sshd\[10897\]: Invalid user huo from 3.16.139.113
Feb  3 07:58:47 lukav-desktop sshd\[10897\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=3.16.139.113
Feb  3 07:58:49 lukav-desktop sshd\[10897\]: Failed password for invalid user huo from 3.16.139.113 port 43864 ssh2

2020-02-03 14:39:21

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 3.16.139.113
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20152
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;3.16.139.113.			IN	A

;; AUTHORITY SECTION:
.			243	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020020300 1800 900 604800 86400

;; Query time: 113 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Feb 03 14:39:16 CST 2020
;; MSG SIZE  rcvd: 116

Host info

113.139.16.3.in-addr.arpa domain name pointer ec2-3-16-139-113.us-east-2.compute.amazonaws.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
113.139.16.3.in-addr.arpa	name = ec2-3-16-139-113.us-east-2.compute.amazonaws.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
59.166.206.208	attack	port scan and connect, tcp 23 (telnet)	2019-09-15 01:53:44
206.189.231.196	attack	WordPress wp-login brute force :: 206.189.231.196 0.064 BYPASS [14/Sep/2019:16:43:03 1000] [censored_4] "POST /wp-login.php HTTP/1.1" 200 3989 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-09-15 01:43:22
36.229.223.167	attack	port 23 attempt blocked	2019-09-15 01:59:55
193.242.166.3	attackspam	Honeypot attack, port: 445, PTR: i.ulianathomas1302.example.com.	2019-09-15 01:36:29
80.16.43.10	attackspam	Honeypot attack, port: 23, PTR: host10-43-static.16-80-b.business.telecomitalia.it.	2019-09-15 01:29:50
156.209.150.222	attackspambots	Honeypot attack, port: 23, PTR: host-156.209.222.150-static.tedata.net.	2019-09-15 01:27:45
36.227.35.40	attack	port 23 attempt blocked	2019-09-15 02:05:29
31.163.175.227	attackspam	port 23 attempt blocked	2019-09-15 02:23:13
222.92.189.76	attack	Sep 14 14:54:36 nextcloud sshd\[10264\]: Invalid user growl from 222.92.189.76 Sep 14 14:54:36 nextcloud sshd\[10264\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.92.189.76 Sep 14 14:54:38 nextcloud sshd\[10264\]: Failed password for invalid user growl from 222.92.189.76 port 1027 ssh2 ...	2019-09-15 02:03:05
45.80.64.246	attackbotsspam	2019-09-14T17:52:22.702343abusebot-5.cloudsearch.cf sshd\[18832\]: Invalid user bo from 45.80.64.246 port 59344	2019-09-15 02:12:44
117.50.20.112	attackbotsspam	" "	2019-09-15 02:04:55
95.48.54.106	attackspam	Sep 14 16:01:08 vmd17057 sshd\[19279\]: Invalid user operator from 95.48.54.106 port 46246 Sep 14 16:01:08 vmd17057 sshd\[19279\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.48.54.106 Sep 14 16:01:10 vmd17057 sshd\[19279\]: Failed password for invalid user operator from 95.48.54.106 port 46246 ssh2 ...	2019-09-15 01:57:12
187.190.236.88	attack	Automatic report - Banned IP Access	2019-09-15 02:02:19
102.253.66.181	attackbots	This IP code has blocked my account	2019-09-15 01:53:03
141.255.117.205	attackbots	[Sat Sep 14 03:42:26.390279 2019] [:error] [pid 198711] [client 141.255.117.205:49892] [client 141.255.117.205] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "127.0.0.1"] [uri "/cgi-bin/ViewLog.asp"] [unique_id "XXyL0r47YKdoaUVprJ-oJQAAAAE"] ...	2019-09-15 02:14:26

Recently Reported IPs

210.116.246.75	73.54.151.243	2.162.154.160	149.202.6.24
159.240.87.77	59.0.65.189	213.79.1.110	102.184.133.59
40.118.150.151	216.175.168.212	128.88.150.254	35.192.174.234
58.175.11.48	3.188.84.63	98.183.62.22	57.60.150.250
143.134.73.28	203.172.213.209	123.161.202.104	94.52.201.223