59.1.116.20 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Korea Republic of

Internet Service Provider: KT Corporation

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Unauthorized connection attempt detected from IP address 59.1.116.20 to port 1996 [T]	2020-06-24 01:56:35
attack	Invalid user upload from 59.1.116.20 port 53166	2019-10-03 15:58:30
attackspambots	Bruteforce on SSH Honeypot	2019-10-02 06:17:46
attackbotsspam	Oct 1 01:04:07 XXX sshd[55345]: Invalid user user from 59.1.116.20 port 58464	2019-10-01 09:20:08
attackbots	2019-09-01T00:22:03.547066enmeeting.mahidol.ac.th sshd\[5425\]: User root from 59.1.116.20 not allowed because not listed in AllowUsers 2019-09-01T00:22:03.669978enmeeting.mahidol.ac.th sshd\[5425\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.1.116.20 user=root 2019-09-01T00:22:05.829378enmeeting.mahidol.ac.th sshd\[5425\]: Failed password for invalid user root from 59.1.116.20 port 38724 ssh2 ...	2019-09-01 02:44:50
attackbots	Aug 29 02:22:14 hb sshd\[22351\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.1.116.20 user=root Aug 29 02:22:16 hb sshd\[22351\]: Failed password for root from 59.1.116.20 port 52490 ssh2 Aug 29 02:29:11 hb sshd\[22894\]: Invalid user plesk from 59.1.116.20 Aug 29 02:29:11 hb sshd\[22894\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.1.116.20 Aug 29 02:29:13 hb sshd\[22894\]: Failed password for invalid user plesk from 59.1.116.20 port 39756 ssh2	2019-08-29 11:33:48
attack	Aug 22 23:51:40 mail sshd\[47595\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.1.116.20 user=root ...	2019-08-23 12:25:10
attackbots	Aug 22 15:23:24 dev0-dcde-rnet sshd[29839]: Failed password for root from 59.1.116.20 port 41986 ssh2 Aug 22 15:29:22 dev0-dcde-rnet sshd[29870]: Failed password for root from 59.1.116.20 port 57376 ssh2	2019-08-22 22:12:08
attack	$f2bV_matches	2019-08-22 10:24:20
attackspam	2019-08-17 UTC: 1x - oracle	2019-08-18 08:41:39
attack	Aug 17 19:17:18 vmd17057 sshd\[26332\]: Invalid user oracle from 59.1.116.20 port 38128 Aug 17 19:17:18 vmd17057 sshd\[26332\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.1.116.20 Aug 17 19:17:20 vmd17057 sshd\[26332\]: Failed password for invalid user oracle from 59.1.116.20 port 38128 ssh2 ...	2019-08-18 01:24:10
attack	Aug 12 18:57:25 vpn01 sshd\[12237\]: Invalid user zimbra from 59.1.116.20 Aug 12 18:57:25 vpn01 sshd\[12237\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.1.116.20 Aug 12 18:57:27 vpn01 sshd\[12237\]: Failed password for invalid user zimbra from 59.1.116.20 port 44386 ssh2	2019-08-13 01:07:52
attack	Jul 13 11:26:47 XXX sshd[62774]: Invalid user honey from 59.1.116.20 port 36122	2019-07-13 18:44:36
attackbots	Jun 29 10:54:38 Ubuntu-1404-trusty-64-minimal sshd\[5631\]: Invalid user test6 from 59.1.116.20 Jun 29 10:54:38 Ubuntu-1404-trusty-64-minimal sshd\[5631\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.1.116.20 Jun 29 10:54:40 Ubuntu-1404-trusty-64-minimal sshd\[5631\]: Failed password for invalid user test6 from 59.1.116.20 port 52164 ssh2 Jun 29 21:04:50 Ubuntu-1404-trusty-64-minimal sshd\[28629\]: Invalid user usuario from 59.1.116.20 Jun 29 21:04:50 Ubuntu-1404-trusty-64-minimal sshd\[28629\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.1.116.20	2019-06-30 03:32:02
attackspam	Jun 28 19:00:52 debian sshd[23231]: Unable to negotiate with 59.1.116.20 port 55300: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth] Jun 29 11:11:18 debian sshd[13401]: Unable to negotiate with 59.1.116.20 port 36074: no matching key exchange method found. Their offer: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 [preauth] ...	2019-06-29 23:40:17
attackspambots	Jun 28 07:16:07 mail sshd\[29724\]: Invalid user user from 59.1.116.20 Jun 28 07:16:07 mail sshd\[29724\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.1.116.20 Jun 28 07:16:09 mail sshd\[29724\]: Failed password for invalid user user from 59.1.116.20 port 43684 ssh2 ...	2019-06-28 14:54:29
attackspam	Jun 27 06:45:15 server sshd[14216]: Failed password for root from 59.1.116.20 port 50962 ssh2 ...	2019-06-27 13:52:29

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 59.1.116.20
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22758
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;59.1.116.20.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019062700 1800 900 604800 86400

;; Query time: 4 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu Jun 27 13:52:19 CST 2019
;; MSG SIZE  rcvd: 115

Host info

Host 20.116.1.59.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 20.116.1.59.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
132.232.59.247	attackbots	$f2bV_matches	2019-11-10 17:16:59
200.164.217.210	attackbotsspam	2019-11-10T08:42:31.578642abusebot-5.cloudsearch.cf sshd\[23666\]: Invalid user elena from 200.164.217.210 port 46678	2019-11-10 17:15:13
119.28.212.100	attackbotsspam	Nov 7 16:55:17 rb06 sshd[31441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.28.212.100 user=r.r Nov 7 16:55:19 rb06 sshd[31441]: Failed password for r.r from 119.28.212.100 port 59186 ssh2 Nov 7 16:55:19 rb06 sshd[31441]: Received disconnect from 119.28.212.100: 11: Bye Bye [preauth] Nov 7 17:07:12 rb06 sshd[21560]: Failed password for invalid user steam from 119.28.212.100 port 43108 ssh2 Nov 7 17:07:13 rb06 sshd[21560]: Received disconnect from 119.28.212.100: 11: Bye Bye [preauth] Nov 7 17:11:16 rb06 sshd[23539]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.28.212.100 user=r.r Nov 7 17:11:18 rb06 sshd[23539]: Failed password for r.r from 119.28.212.100 port 54576 ssh2 Nov 7 17:11:19 rb06 sshd[23539]: Received disconnect from 119.28.212.100: 11: Bye Bye [preauth] Nov 7 17:15:10 rb06 sshd[8474]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tt........ -------------------------------	2019-11-10 17:07:05
119.203.59.159	attackspambots	Nov 8 14:00:47 pl3server sshd[28514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.203.59.159 user=r.r Nov 8 14:00:49 pl3server sshd[28514]: Failed password for r.r from 119.203.59.159 port 9365 ssh2 Nov 8 14:00:49 pl3server sshd[28514]: Received disconnect from 119.203.59.159: 11: Bye Bye [preauth] Nov 8 14:24:20 pl3server sshd[22727]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.203.59.159 user=r.r Nov 8 14:24:22 pl3server sshd[22727]: Failed password for r.r from 119.203.59.159 port 33129 ssh2 Nov 8 14:24:22 pl3server sshd[22727]: Received disconnect from 119.203.59.159: 11: Bye Bye [preauth] Nov 8 14:28:42 pl3server sshd[26198]: Invalid user ru from 119.203.59.159 Nov 8 14:28:42 pl3server sshd[26198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.203.59.159 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=11	2019-11-10 17:30:16
62.4.17.32	attackspam	Nov 7 22:00:48 fwweb01 sshd[11587]: Invalid user nan from 62.4.17.32 Nov 7 22:00:48 fwweb01 sshd[11587]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.4.17.32 Nov 7 22:00:50 fwweb01 sshd[11587]: Failed password for invalid user nan from 62.4.17.32 port 59246 ssh2 Nov 7 22:00:50 fwweb01 sshd[11587]: Received disconnect from 62.4.17.32: 11: Bye Bye [preauth] Nov 7 22:13:14 fwweb01 sshd[13115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.4.17.32 user=r.r Nov 7 22:13:16 fwweb01 sshd[13115]: Failed password for r.r from 62.4.17.32 port 51158 ssh2 Nov 7 22:13:16 fwweb01 sshd[13115]: Received disconnect from 62.4.17.32: 11: Bye Bye [preauth] Nov 7 22:16:45 fwweb01 sshd[13625]: Invalid user lihui from 62.4.17.32 Nov 7 22:16:45 fwweb01 sshd[13625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.4.17.32 Nov 7 22:16:47 fwweb01 sshd[13........ -------------------------------	2019-11-10 17:17:25
202.191.132.153	attack	Nov 10 07:29:34 mc1 kernel: \[4653660.405318\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=202.191.132.153 DST=159.69.205.51 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=19696 DF PROTO=TCP SPT=38540 DPT=7001 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 10 07:29:35 mc1 kernel: \[4653661.407713\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=202.191.132.153 DST=159.69.205.51 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=19697 DF PROTO=TCP SPT=38540 DPT=7001 WINDOW=14600 RES=0x00 SYN URGP=0 Nov 10 07:29:35 mc1 kernel: \[4653661.418019\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=202.191.132.153 DST=159.69.205.51 LEN=60 TOS=0x00 PREC=0x00 TTL=49 ID=59830 DF PROTO=TCP SPT=58804 DPT=8080 WINDOW=14600 RES=0x00 SYN URGP=0 ...	2019-11-10 17:03:59
202.191.200.227	attack	Nov 7 12:08:31 nbi-636 sshd[8336]: Invalid user sukalya from 202.191.200.227 port 43510 Nov 7 12:08:33 nbi-636 sshd[8336]: Failed password for invalid user sukalya from 202.191.200.227 port 43510 ssh2 Nov 7 12:08:33 nbi-636 sshd[8336]: Received disconnect from 202.191.200.227 port 43510:11: Bye Bye [preauth] Nov 7 12:08:33 nbi-636 sshd[8336]: Disconnected from 202.191.200.227 port 43510 [preauth] Nov 7 12:28:01 nbi-636 sshd[13002]: User r.r from 202.191.200.227 not allowed because not listed in AllowUsers Nov 7 12:28:01 nbi-636 sshd[13002]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.191.200.227 user=r.r Nov 7 12:28:03 nbi-636 sshd[13002]: Failed password for invalid user r.r from 202.191.200.227 port 34987 ssh2 Nov 7 12:28:03 nbi-636 sshd[13002]: Received disconnect from 202.191.200.227 port 34987:11: Bye Bye [preauth] Nov 7 12:28:03 nbi-636 sshd[13002]: Disconnected from 202.191.200.227 port 34987 [preauth] Nov........ -------------------------------	2019-11-10 16:54:44
185.17.41.198	attack	Nov 10 05:36:14 firewall sshd[4687]: Failed password for invalid user tim from 185.17.41.198 port 44484 ssh2 Nov 10 05:39:38 firewall sshd[4729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.17.41.198 user=root Nov 10 05:39:40 firewall sshd[4729]: Failed password for root from 185.17.41.198 port 58682 ssh2 ...	2019-11-10 16:56:32
222.186.175.202	attackbots	Nov 10 10:16:46 minden010 sshd[11871]: Failed password for root from 222.186.175.202 port 17060 ssh2 Nov 10 10:16:50 minden010 sshd[11871]: Failed password for root from 222.186.175.202 port 17060 ssh2 Nov 10 10:16:53 minden010 sshd[11871]: Failed password for root from 222.186.175.202 port 17060 ssh2 Nov 10 10:17:00 minden010 sshd[11871]: error: maximum authentication attempts exceeded for root from 222.186.175.202 port 17060 ssh2 [preauth] ...	2019-11-10 17:18:13
183.15.178.72	attackspambots	Automatic report - Port Scan Attack	2019-11-10 17:09:38
2.228.163.157	attackspambots	Failed password for root from 2.228.163.157 port 41386 ssh2 Invalid user grahm from 2.228.163.157 port 49810 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.163.157 Failed password for invalid user grahm from 2.228.163.157 port 49810 ssh2 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.228.163.157 user=root	2019-11-10 17:24:52
129.28.166.212	attackspam	Nov 10 08:50:20 OneL sshd\[12083\]: Invalid user oracle from 129.28.166.212 port 55800 Nov 10 08:50:20 OneL sshd\[12083\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.166.212 Nov 10 08:50:22 OneL sshd\[12083\]: Failed password for invalid user oracle from 129.28.166.212 port 55800 ssh2 Nov 10 08:55:23 OneL sshd\[12164\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.166.212 user=root Nov 10 08:55:24 OneL sshd\[12164\]: Failed password for root from 129.28.166.212 port 34378 ssh2 ...	2019-11-10 16:57:18
45.143.220.14	attackspambots	MultiHost/MultiPort Probe, Scan, Hack -	2019-11-10 17:01:53
201.122.224.77	attackspambots	Caught in portsentry honeypot	2019-11-10 17:06:28
106.13.82.49	attack	Nov 10 07:24:55 ns41 sshd[21344]: Failed password for root from 106.13.82.49 port 56824 ssh2 Nov 10 07:24:55 ns41 sshd[21344]: Failed password for root from 106.13.82.49 port 56824 ssh2 Nov 10 07:29:53 ns41 sshd[21548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.82.49	2019-11-10 16:55:01

Recently Reported IPs

74.91.58.197	58.69.58.63	218.87.254.142	104.215.197.155
153.228.93.234	4.199.175.100	188.127.230.7	167.170.97.237
143.164.110.49	228.65.5.168	134.249.128.135	2001:44c8:4251:914d:21f1:2355:fa69:714c
18.45.149.40	103.111.80.70	43.102.200.156	188.54.99.243
58.124.37.91	255.49.251.175	42.114.59.79	157.238.210.255