39.109.104.217

Basic Info

City: unknown

Region: unknown

Country: Hong Kong

Internet Service Provider: Huayun Data International Limited

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	HK_APNIC-HM_<177>1590724154 [1:2403340:57599] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 21 [Classification: Misc Attack] [Priority: 2]: {TCP} 39.109.104.217:41030	2020-05-29 18:20:30
attackbots	Port probing on unauthorized port 3389	2020-05-25 07:22:26

Type

Details

Datetime

attackspambots

HK_APNIC-HM_<177>1590724154 [1:2403340:57599] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 21 [Classification: Misc Attack] [Priority: 2]:  {TCP} 39.109.104.217:41030

2020-05-29 18:20:30

attackbots

Port probing on unauthorized port 3389

2020-05-25 07:22:26

Comments on same subnet:

IP	Type	Details	Datetime
39.109.104.122	attack	Nov 6 23:33:36 game-panel sshd[19144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.104.122 Nov 6 23:33:37 game-panel sshd[19144]: Failed password for invalid user ax400 from 39.109.104.122 port 58254 ssh2 Nov 6 23:38:07 game-panel sshd[19296]: Failed password for root from 39.109.104.122 port 49678 ssh2	2019-11-07 07:38:45

Type

Details

Datetime

39.109.104.122

attack

Nov  6 23:33:36 game-panel sshd[19144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.109.104.122
Nov  6 23:33:37 game-panel sshd[19144]: Failed password for invalid user ax400 from 39.109.104.122 port 58254 ssh2
Nov  6 23:38:07 game-panel sshd[19296]: Failed password for root from 39.109.104.122 port 49678 ssh2

2019-11-07 07:38:45

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 39.109.104.217
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52382
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;39.109.104.217.			IN	A

;; AUTHORITY SECTION:
.			400	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020051200 1800 900 604800 86400

;; Query time: 30 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue May 12 14:06:22 CST 2020
;; MSG SIZE  rcvd: 118

Host info

Host 217.104.109.39.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 217.104.109.39.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
184.105.247.206	attack	TCP (SYN) 184.105.247.206:58970 -> port 548, len 44	2020-06-07 02:42:19
185.39.11.47	attackbotsspam	Jun 6 19:47:59 debian-2gb-nbg1-2 kernel: \[13724426.946346\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=185.39.11.47 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=61528 PROTO=TCP SPT=52416 DPT=35091 WINDOW=1024 RES=0x00 SYN URGP=0	2020-06-07 02:40:10
185.175.93.23	attack	Jun 6 21:22:56 debian kernel: [370336.567251] [UFW BLOCK] IN=eth0 OUT= MAC=52:54:00:be:e4:65:08:e8:4f:6e:48:0c:08:00 SRC=185.175.93.23 DST=89.252.131.35 LEN=40 TOS=0x00 PREC=0x00 TTL=243 ID=37880 PROTO=TCP SPT=44466 DPT=5920 WINDOW=1024 RES=0x00 SYN URGP=0	2020-06-07 02:37:27
206.189.143.219	attackspambots	Jun 6 19:23:33 debian-2gb-nbg1-2 kernel: \[13722961.406600\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=206.189.143.219 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=51264 PROTO=TCP SPT=59338 DPT=20822 WINDOW=1024 RES=0x00 SYN URGP=0	2020-06-07 02:25:52
92.63.196.3	attackspam	scans 60 times in preceeding hours on the ports (in chronological order) 7889 2089 3328 7005 3348 3382 3377 1234 3359 3318 5989 3364 3363 3316 2089 1989 8080 3003 3399 3331 8008 6489 3089 55555 3989 2020 5689 3327 3372 4001 3352 1689 4000 6003 3030 9989 8089 3358 5678 3379 3369 2489 4989 9002 3351 3889 3331 33898 2689 5002 2789 3347 3387 5889 4040 5003 3319 2589 4389 3328 resulting in total of 60 scans from 92.63.196.0/24 block.	2020-06-07 02:54:08
185.153.196.225	attackspambots	06/06/2020-13:48:23.076347 185.153.196.225 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-06-07 02:39:10
162.243.144.109	attackspambots	Port Scan detected! ...	2020-06-07 02:47:18
192.241.194.171	attackspam	1591452099 - 06/06/2020 16:01:39 Host: 192.241.194.171/192.241.194.171 Port: 20 TCP Blocked	2020-06-07 02:31:47
194.26.29.117	attackspam	scans 36 times in preceeding hours on the ports (in chronological order) 10265 10384 10691 10574 10551 10482 10960 10702 10556 10407 10470 10477 10725 10242 10625 10038 10183 10494 10505 10411 10780 10402 10711 10792 10602 10552 10982 10511 10361 10734 10788 10010 10747 10628 10394 10142 resulting in total of 612 scans from 194.26.29.0/24 block.	2020-06-07 02:30:54
185.176.27.42	attack	TCP (SYN) 185.176.27.42:41797 -> port 40877, len 44	2020-06-07 02:34:44
92.63.197.53	attackbotsspam	Jun 6 21:31:51 debian kernel: [370871.189806] [UFW BLOCK] IN=eth0 OUT= MAC=52:54:00:be:e4:65:08:e8:4f:6e:48:0c:08:00 SRC=92.63.197.53 DST=89.252.131.35 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=28746 PROTO=TCP SPT=54098 DPT=20555 WINDOW=1024 RES=0x00 SYN URGP=0	2020-06-07 02:53:53
172.105.89.161	attack	Unauthorized connection attempt detected from IP address 172.105.89.161 to port 7070	2020-06-07 02:44:15
77.247.108.119	attackbots	Unauthorized connection attempt detected from IP address 77.247.108.119 to port 443	2020-06-07 02:22:20
185.175.93.37	attack	TCP (SYN) 185.175.93.37:44795 -> port 33389, len 44	2020-06-07 02:37:08
92.63.197.55	attackbotsspam	TCP (SYN) 92.63.197.55:54083 -> port 20889, len 44	2020-06-07 02:53:37

Recently Reported IPs

113.180.169.20	116.86.89.221	220.136.108.3	122.162.160.30
5.39.94.77	42.247.30.156	79.124.7.78	180.191.120.99
29.218.73.140	247.103.228.69	156.204.27.223	66.203.33.102
32.65.142.87	119.44.194.54	156.83.52.9	81.47.141.246
114.46.63.40	108.103.76.21	124.121.185.138	115.79.150.182