31.185.104.21 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Germany

Internet Service Provider: Martin Prager Trading as NbIServ

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	$f2bV_matches	2020-08-15 01:41:16
attack	Invalid user admin from 31.185.104.21 port 43039	2020-07-12 21:46:51
attack	CMS (WordPress or Joomla) login attempt.	2020-04-18 18:30:03
attackspambots	Mar 23 16:45:54 vpn01 sshd[21219]: Failed password for root from 31.185.104.21 port 33525 ssh2 Mar 23 16:46:05 vpn01 sshd[21219]: error: maximum authentication attempts exceeded for root from 31.185.104.21 port 33525 ssh2 [preauth] ...	2020-03-24 03:01:38
attackspambots	Oct 19 22:17:27 rotator sshd\[715\]: Failed password for root from 31.185.104.21 port 37551 ssh2Oct 19 22:17:29 rotator sshd\[715\]: Failed password for root from 31.185.104.21 port 37551 ssh2Oct 19 22:17:32 rotator sshd\[715\]: Failed password for root from 31.185.104.21 port 37551 ssh2Oct 19 22:17:34 rotator sshd\[715\]: Failed password for root from 31.185.104.21 port 37551 ssh2Oct 19 22:17:36 rotator sshd\[715\]: Failed password for root from 31.185.104.21 port 37551 ssh2Oct 19 22:17:39 rotator sshd\[715\]: Failed password for root from 31.185.104.21 port 37551 ssh2 ...	2019-10-20 04:33:39
attackbotsspam	Oct 19 05:51:14 rotator sshd\[21594\]: Failed password for root from 31.185.104.21 port 34673 ssh2Oct 19 05:51:17 rotator sshd\[21594\]: Failed password for root from 31.185.104.21 port 34673 ssh2Oct 19 05:51:19 rotator sshd\[21594\]: Failed password for root from 31.185.104.21 port 34673 ssh2Oct 19 05:51:21 rotator sshd\[21594\]: Failed password for root from 31.185.104.21 port 34673 ssh2Oct 19 05:51:24 rotator sshd\[21594\]: Failed password for root from 31.185.104.21 port 34673 ssh2Oct 19 05:51:26 rotator sshd\[21594\]: Failed password for root from 31.185.104.21 port 34673 ssh2 ...	2019-10-19 16:21:09
attack	Sep 30 03:56:32 thevastnessof sshd[23137]: Failed password for root from 31.185.104.21 port 34967 ssh2 ...	2019-09-30 14:38:38
attackspambots	Aug 10 05:53:35 sshgateway sshd\[21548\]: Invalid user apc from 31.185.104.21 Aug 10 05:53:35 sshgateway sshd\[21548\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.185.104.21 Aug 10 05:53:38 sshgateway sshd\[21548\]: Failed password for invalid user apc from 31.185.104.21 port 45629 ssh2	2019-08-10 18:47:51
attackspambots	SSHAttack	2019-06-29 22:46:12

Comments on same subnet:

IP	Type	Details	Datetime
31.185.104.19	attack	Aug 17 22:26:44 vpn01 sshd[17018]: Failed password for root from 31.185.104.19 port 35269 ssh2 Aug 17 22:26:56 vpn01 sshd[17018]: error: maximum authentication attempts exceeded for root from 31.185.104.19 port 35269 ssh2 [preauth] ...	2020-08-18 05:56:34
31.185.104.19	attackbotsspam	Automatic report - Banned IP Access	2020-08-12 00:46:50
31.185.104.20	attack	Jun 21 08:19:43 l02a sshd[27215]: Invalid user l02a from 31.185.104.20 Jun 21 08:19:43 l02a sshd[27215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=tor-exit-relay-0.anonymizing-proxy.digitalcourage.de Jun 21 08:19:43 l02a sshd[27215]: Invalid user l02a from 31.185.104.20 Jun 21 08:19:46 l02a sshd[27215]: Failed password for invalid user l02a from 31.185.104.20 port 43649 ssh2	2020-06-21 15:37:12
31.185.104.20	attackspam	$f2bV_matches	2020-04-10 07:42:10
31.185.104.19	attackbotsspam	Feb 4 01:04:18 v22019058497090703 sshd[13126]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.185.104.19 Feb 4 01:04:20 v22019058497090703 sshd[13126]: Failed password for invalid user support from 31.185.104.19 port 42477 ssh2 ...	2020-02-04 09:40:59
31.185.104.19	attackspam	Dec 19 19:53:04 vpn01 sshd[31294]: Failed password for root from 31.185.104.19 port 45769 ssh2 Dec 19 19:53:06 vpn01 sshd[31294]: Failed password for root from 31.185.104.19 port 45769 ssh2 ...	2019-12-20 06:09:30
31.185.104.20	attackbots	Automatic report - Banned IP Access	2019-11-26 23:32:12
31.185.104.19	attack	Oct 20 22:27:21 rotator sshd\[28470\]: Failed password for root from 31.185.104.19 port 34259 ssh2Oct 20 22:27:23 rotator sshd\[28470\]: Failed password for root from 31.185.104.19 port 34259 ssh2Oct 20 22:27:26 rotator sshd\[28470\]: Failed password for root from 31.185.104.19 port 34259 ssh2Oct 20 22:27:28 rotator sshd\[28470\]: Failed password for root from 31.185.104.19 port 34259 ssh2Oct 20 22:27:30 rotator sshd\[28470\]: Failed password for root from 31.185.104.19 port 34259 ssh2Oct 20 22:27:32 rotator sshd\[28470\]: Failed password for root from 31.185.104.19 port 34259 ssh2 ...	2019-10-21 05:11:07
31.185.104.20	attack	Oct 17 21:50:53 rotator sshd\[9886\]: Failed password for root from 31.185.104.20 port 45935 ssh2Oct 17 21:50:55 rotator sshd\[9886\]: Failed password for root from 31.185.104.20 port 45935 ssh2Oct 17 21:50:58 rotator sshd\[9886\]: Failed password for root from 31.185.104.20 port 45935 ssh2Oct 17 21:51:01 rotator sshd\[9886\]: Failed password for root from 31.185.104.20 port 45935 ssh2Oct 17 21:51:03 rotator sshd\[9886\]: Failed password for root from 31.185.104.20 port 45935 ssh2Oct 17 21:51:05 rotator sshd\[9886\]: Failed password for root from 31.185.104.20 port 45935 ssh2 ...	2019-10-18 06:12:23
31.185.104.19	attackbots	Oct 12 00:33:04 * sshd[18277]: Failed password for invalid user aero from 31.185.104.19 port 44625 ssh2 Oct 12 00:33:07 * sshd[18277]: Failed password for invalid user aero from 31.185.104.19 port 44625 ssh2 Oct 12 00:33:11 * sshd[18279]: Failed password for invalid user africa from 31.185.104.19 port 41851 ssh2 Oct 12 00:33:13 * sshd[18279]: Failed password for invalid user africa from 31.185.104.19 port 41851 ssh2 Oct 12 00:33:16 * sshd[18279]: Failed password for invalid user africa from 31.185.104.19 port 41851 ssh2 Oct 12 00:33:19 * sshd[18279]: Failed password for invalid user africa from 31.185.104.19 port 41851 ssh2 Oct 12 00:33:22 * sshd[18279]: Failed password for invalid user africa from 31.185.104.19 port 41851 ssh2 Oct 12 00:33:24 * sshd[18279]: Failed password for invalid user africa from 31.185.104.19 port 41851 ssh2 Oct 12 00:33:29 * sshd[18283]: Failed password for invalid user africa from 31.185.104.19 port 44675 ssh2 Oct 12 00:33:32 * sshd[18283]: Failed password for inv	2019-10-13 04:19:37
31.185.104.19	attackspam	Automatic report - Banned IP Access	2019-10-07 12:21:50
31.185.104.20	attack	Automatic report - Banned IP Access	2019-10-04 19:49:03
31.185.104.20	attack	10/03/2019-14:29:54.506733 31.185.104.20 Protocol: 6 ET TOR Known Tor Exit Node Traffic group 63	2019-10-03 20:49:07
31.185.104.20	attackbots	Invalid user zte from 31.185.104.20 port 35953	2019-09-13 11:36:20
31.185.104.20	attackbots	Aug 26 19:52:26 [munged] sshd[27105]: Failed none for sshd from 31.185.104.20 port 40929 ssh2 Aug 26 19:52:26 [munged] sshd[27105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.185.104.20 user=sshd	2019-08-27 03:41:44

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 31.185.104.21
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15191
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;31.185.104.21.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019042502 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Fri Apr 26 10:13:29 +08 2019
;; MSG SIZE  rcvd: 117

Host info

21.104.185.31.in-addr.arpa is an alias for 21.16-23.104.185.31.in-addr.arpa.
21.16-23.104.185.31.in-addr.arpa domain name pointer tor-exit-relay-1.anonymizing-proxy.digitalcourage.de.

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

Non-authoritative answer:
21.104.185.31.in-addr.arpa	canonical name = 21.16-23.104.185.31.in-addr.arpa.
21.16-23.104.185.31.in-addr.arpa	name = tor-exit-relay-1.anonymizing-proxy.digitalcourage.de.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
142.93.15.1	attack	Jun 21 10:00:01 mail sshd\[8895\]: Failed password for invalid user oracle from 142.93.15.1 port 44174 ssh2 Jun 21 10:15:53 mail sshd\[8994\]: Invalid user xie from 142.93.15.1 port 47568 ...	2019-06-21 20:45:40
101.108.253.66	attackspambots	Jun 21 12:02:47 v22019058497090703 sshd[31667]: Failed password for test from 101.108.253.66 port 58632 ssh2 Jun 21 12:07:15 v22019058497090703 sshd[31852]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.108.253.66 Jun 21 12:07:17 v22019058497090703 sshd[31852]: Failed password for invalid user testa from 101.108.253.66 port 58900 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=101.108.253.66	2019-06-21 20:41:21
171.40.164.119	attack	" "	2019-06-21 20:36:59
112.91.58.238	attackbotsspam	Brute force attempt	2019-06-21 20:58:30
185.208.208.198	attack	Jun 21 09:14:10 TCP Attack: SRC=185.208.208.198 DST=[Masked] LEN=40 TOS=0x00 PREC=0x00 TTL=242 PROTO=TCP SPT=48612 DPT=8625 WINDOW=1024 RES=0x00 SYN URGP=0	2019-06-21 20:52:58
129.204.200.85	attackspambots	SSH/22 MH Probe, BF, Hack -	2019-06-21 20:26:38
114.69.232.194	attackspam	Jun 19 06:35:52 our-server-hostname postfix/smtpd[387]: connect from unknown[114.69.232.194] Jun x@x Jun x@x Jun 19 06:35:54 stew .... truncated .... own[114.69.232.194]: x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun 19 19:33:13 our-server-hostname postfix/smtpd[22625]: too many errors after RCPT from unknown[114.69.232.194] Jun 19 19:33:13 our-server-hostname postfix/smtpd[22625]: disconnect from unknown[114.69.232.194] Jun 19 20:07:05 our-server-hostname postfix/smtpd[6996]: connect from unknown[114.69.232.194] Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun x@x Jun 19 20:07:16 our-server-hostname postfix/smtpd[6996]: too many errors after RCPT from unknown[114.69.232.194] Jun 19 20:07:16 our-server-hostname postfix/smtpd[6996]: disconnect from unknown[114.69.232.194] Jun 19 20:11........ -------------------------------	2019-06-21 20:56:43
5.189.156.204	attackbotsspam	Jun 21 07:23:17 xtremcommunity sshd\[16938\]: Invalid user deploy from 5.189.156.204 port 41016 Jun 21 07:23:17 xtremcommunity sshd\[16938\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.156.204 Jun 21 07:23:20 xtremcommunity sshd\[16938\]: Failed password for invalid user deploy from 5.189.156.204 port 41016 ssh2 Jun 21 07:23:23 xtremcommunity sshd\[16940\]: Invalid user deploy from 5.189.156.204 port 53664 Jun 21 07:23:23 xtremcommunity sshd\[16940\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.189.156.204 ...	2019-06-21 20:47:07
117.23.186.120	attack	" "	2019-06-21 20:39:53
218.92.0.209	attackbotsspam	port scan and connect, tcp 22 (ssh)	2019-06-21 20:18:03
109.229.231.164	attack	Unauthorised access (Jun 21) SRC=109.229.231.164 LEN=52 TTL=116 ID=26579 DF TCP DPT=445 WINDOW=8192 SYN	2019-06-21 20:11:20
107.180.78.1	attackspambots	webdav, phpmyadmin...	2019-06-21 20:19:12
185.200.118.35	attackbotsspam	MultiHost/MultiPort Probe, Scan, Hack -	2019-06-21 20:54:29
90.29.25.168	attackbotsspam	Jun 21 06:13:32 gcems sshd\[27608\]: Invalid user login from 90.29.25.168 port 38774 Jun 21 06:13:33 gcems sshd\[27608\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.29.25.168 Jun 21 06:13:35 gcems sshd\[27608\]: Failed password for invalid user login from 90.29.25.168 port 38774 ssh2 Jun 21 06:22:39 gcems sshd\[27841\]: Invalid user adminserver from 90.29.25.168 port 57840 Jun 21 06:22:39 gcems sshd\[27841\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.29.25.168 ...	2019-06-21 20:23:27
169.149.225.104	attackbotsspam	TCP port 445 (SMB) attempt blocked by firewall. [2019-06-21 11:16:12]	2019-06-21 20:22:57

Recently Reported IPs

213.36.244.174	109.185.168.86	37.59.8.84	178.220.81.36
46.227.30.207	223.255.127.82	221.122.92.73	186.224.225.98
70.61.166.78	91.191.223.204	239.183.211.138	59.11.209.168
106.12.84.112	83.97.23.115	121.101.133.204	202.69.61.67
121.123.189.182	159.203.131.94	211.198.225.81	109.72.249.169