31.185.104.21 is a Tor IP used by Hackers

IP informations Cybercrime IP Feeds Raw whois

31.185.104.21

is a

Tor IP

used by

Hackers

100 %

Germany

Report Abuse

116attacks reported

25Brute-ForceSSH

19Web App Attack

12SSH

12uncategorized

10PhishingWeb Spam

6Brute-ForceExploited Host

5Brute-Force

4HackingBrute-Force

3Brute-ForceMailserver Attack

...

65abuse reported

36Web Spam

8Bad Web BotWeb SpamBlog Spam

7Web SpamForum Spam

3Bad Web Bot

2Email SpamHacking

2Email Spam

2Blog Spam

2uncategorized

1Bad Web BotWeb App Attack

1Web SpamPort ScanBrute-ForceBad Web BotExploited HostWeb App Attack

...

13anonymizers reported

4Tor IP

3Open Proxy

1Open ProxyHackingWeb App Attack

1Open ProxyWeb App Attack

1Open ProxyWeb SpamBad Web BotWeb App Attack

1Open ProxyWeb SpamEmail SpamBad Web BotWeb App Attack

1Open ProxyWeb SpamEmail SpamWeb App AttackHacking

1Open ProxyWeb SpamBrute-ForceWeb App AttackEmail Spam

2organizations reported

2uncategorized

1reputation reported

1uncategorized

from 71 distinct reporters

and 20 distinct sources : BadIPs.com, torstatus.blutmagie.de, BotScout.com, CleanTalk, CruzIt.com, dan.me.uk, Emerging Threats, GPF Comics, Charles Haley, iBlocklist.com, sblam.com, Snort.org Labs, StopForumSpam.com, TalosIntel.com, TorProject.org, FireHOL, blocklist.net.ua, GreenSnow.co, danger.rulez.sk, AbuseIPDB

31.185.104.21 was first signaled at 2017-12-02 14:30 and last record was at 2019-08-20 17:15.

31.185.104.21

Organization

Martin Prager trading as "NbIServ"

all IP owned by Martin Prager trading as "NbIServ"

Localisation

Germany

NetRange : First & Last IP

31.185.104.0 - 31.185.111.255

Network CIDR

31.185.104.0/21

ASN

43847

list IP by ASN 43847

Cybercrime IP Feeds

Date UTC	Category	Sub Categories	Source List	Source	Logs
2019-07-10 04:20	attacks	Brute-ForceSSH		AbuseIPDB	Jul 10 15:20:51 mail sshd\[7066\]: Invalid user admin from 31.185.104.21 Jul 10 15:20:51 mail sshd\[7066\]: pam_unix$sshd:auth$: authentication fail
2019-07-09 04:12	attacks	Brute-ForceSSH		AbuseIPDB	Unauthorized SSH login attempts
2019-07-08 19:14	attacks	Brute-Force		AbuseIPDB	WordPress login Brute force / Web App Attack on client site.
2019-07-08 06:10	attacks	Brute-ForceSSH		AbuseIPDB	Jul 8 17:09:50 vpn01 sshd\[10858\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.185.104.21 user=root
2019-07-07 23:41	attacks	Brute-ForceSSH		AbuseIPDB	pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.185.104.21 user=root Failed password for root from 31.18
2019-07-07 10:10	attacks	Brute-ForceSSH		AbuseIPDB	Jul 7 21:10:29 lnxweb61 sshd[18705]: Failed password for root from 31.185.104.21 port 45425 ssh2 Jul 7 21:10:31 lnxweb61 sshd[18705]: Failed password
2019-07-06 20:42	attacks	Web App Attack		AbuseIPDB
2019-07-06 06:00	attacks	Web App Attack		AbuseIPDB	php WP PHPmyadamin ABUSE blocked for 12h
2019-07-04 22:41	attacks	Web App Attack		AbuseIPDB	Automatic report - Web App Attack
2019-07-04 11:11	attacks	Brute-ForceSSH		AbuseIPDB	Jul 4 22:11:04 vps65 sshd\[20384\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.185.104.21 user=root
2019-07-03 23:14	attacks	Brute-ForceSSH		AbuseIPDB	Jul 4 10:14:39 km20725 sshd\[26997\]: Failed password for root from 31.185.104.21 port 33787 ssh2Jul 4 10:14:42 km20725 sshd\[26997\]: Failed password
2019-07-02 22:37	attacks	Brute-ForceSSH		AbuseIPDB	Jul 3 09:37:11 vpn01 sshd\[9018\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.185.104.21 user=root
2019-06-30 00:51	attacks	Brute-ForceSSH		AbuseIPDB	SSH Brute-Force attacks
2019-06-27 21:49	abuse	Email SpamHacking		AbuseIPDB	IP: 31.185.104.21 ASN: AS43847 NbIServ Port: Message Submission 587 Found in one or more Blacklists Date: 28/06/2019 6:49:20 AM UTC
2019-06-27 19:42	attacks	Web App Attack		AbuseIPDB	Automatic report - Web App Attack
2019-06-26 21:08	abuse	Email SpamHacking		AbuseIPDB	IP: 31.185.104.21 ASN: AS43847 NbIServ Port: Message Submission 587 Found in one or more Blacklists Date: 27/06/2019 6:08:11 AM UTC
2019-06-26 03:39	attacks	Web App Attack		AbuseIPDB	Automatic report - Web App Attack
2019-06-21 21:10	attacks	PhishingWeb Spam		AbuseIPDB	Malicious Traffic/Form Submission
2019-06-14 12:01	attacks	PhishingWeb SpamEmail SpamSpoofing		AbuseIPDB
2019-06-09 06:13	attacks	HackingBrute-Force		AbuseIPDB	VNC brute force attack detected by fail2ban
2019-06-06 12:24	attacks	HackingBrute-Force		AbuseIPDB	VNC brute force attack detected by fail2ban
2019-06-03 18:02	attacks	HackingBrute-Force		AbuseIPDB	VNC brute force attack detected by fail2ban
2019-05-30 23:36	attacks	HackingBrute-Force		AbuseIPDB	VNC brute force attack detected by fail2ban
2019-05-28 07:31	attacks	Web App Attack		AbuseIPDB	/posting.php?mode=post&f=3&sid=8998b531073a5ee670e4fb9416ba9c2f
2019-05-22 04:55	attacks	PhishingSpoofing		AbuseIPDB
2019-05-20 17:16	attacks	Brute-Force		AbuseIPDB	[Tue May 21 04:16:25.635013 2019] [access_compat:error] [pid 21698] [client 31.185.104.21:41879] AH01797: client denied by server configuration: /data
2019-05-16 12:33	attacks	Brute-ForceSSH		AbuseIPDB	Apr 26 09:52:17 localhost sshd[13366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.185.104.21 user=root
2019-05-14 01:15	attacks	Port Scan		AbuseIPDB
2019-05-09 16:58	abuse	Web Spam		AbuseIPDB
2019-04-29 05:22	attacks	Brute-ForceSSH		AbuseIPDB	Apr 26 09:52:17 localhost sshd[13366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.185.104.21 user=root
2019-04-26 14:56	attacks	PhishingWeb Spam		AbuseIPDB	Malicious Traffic/Form Submission
2019-04-25 16:52	attacks	Brute-ForceSSH		AbuseIPDB	Apr 26 09:52:17 localhost sshd[13366]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.185.104.21 user=root
2019-03-25 10:13	attacks	PhishingWeb Spam		AbuseIPDB	(From [email protected]43.gotorrents.top) Hot sexy porn projects, daily updates http://menfloraltee.allproblog.com/?danielle porn family boy fr
2019-03-03 00:17	anonymizers	Open ProxyHackingWeb App Attack		AbuseIPDB	31.185.104.21:43641 - - [03/Mar/2019:07:40:47 +0100] "GET /?men=Funktion HTTP/1.1" 200 6035
2019-03-02 17:33	attacks	Brute-ForceSSH		AbuseIPDB	Mar 3 03:32:48 **** sshd[16518]: User root from 31.185.104.21 not allowed because not listed in AllowUsers
2019-02-20 02:50	attacks	PhishingWeb Spam		AbuseIPDB	(From [email protected])
2019-02-17 01:30	abuse	Web Spam		AbuseIPDB
2019-02-08 03:19	abuse	Bad Web BotWeb App Attack		AbuseIPDB	Unauthorized access detected from banned ip
2019-02-08 00:21	abuse	Web Spam		AbuseIPDB
2019-02-05 11:32	attacks	PhishingOpen ProxyWeb Spam		AbuseIPDB	Tor exit node
2019-01-26 21:15	attacks	PhishingWeb Spam		AbuseIPDB	Malicious Traffic/Form Submission
2019-01-15 20:33	attacks	PhishingWeb Spam		AbuseIPDB	Malicious Traffic/Form Submission
2019-01-12 22:40	attacks	Brute-ForceSSH		AbuseIPDB	Jan 13 14:10:27 tanzim-HP-Z238-Microtower-Workstation sshd\[31347\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh rus
2018-12-19 13:45	attacks	Brute-ForceSSH		AbuseIPDB	SSH-Bruteforce
2018-12-19 05:59	attacks	Brute-ForceSSH		AbuseIPDB
2018-12-16 18:23	attacks	Hacking		AbuseIPDB	Blocked user enumeration attempt
2018-12-08 08:24	anonymizers	Open Proxy		AbuseIPDB	TOR exit node, open proxy, malicious network. hostname: tor-exit-relay-1.anonymizing-proxy.digitalcourage.de
2018-12-08 02:36	attacks	Brute-ForceExploited Host		AbuseIPDB	$lgm
2018-12-07 00:40	attacks	Brute-ForceExploited Host		AbuseIPDB	$lgm
2018-12-07 00:21	attacks	Brute-ForceExploited Host		AbuseIPDB	$lgm
2017-12-02 14:30	abuse	Web Spam		AbuseIPDB	GET /user/gilbertrg2/ HTTP/1.0
2017-12-02 15:56	attacks	Web App Attack		AbuseIPDB	WordpressAttack
2017-12-02 16:12	attacks	Brute-ForceSSHPort ScanOpen Proxy		AbuseIPDB	Brute-force ssh login attempt.
2017-12-02 16:41	attacks	Brute-ForceSSH		AbuseIPDB	Oct 14 16:34:08 master sshd[31756]: Failed password for invalid user admin from 31.185.104.21 port 37891 ssh2
2017-12-02 18:17	attacks	SSH		AbuseIPDB	Unauthorized access to SSH at 25/Sep/2017:00:40:39 +0000. Received: (SSH-2.0-libssh2_1.8.0)
2017-12-02 18:53	attacks	Web App Attack		AbuseIPDB	Malicious brute force vulnerability hacking attacks
2017-12-02 18:55	attacks	SSH		AbuseIPDB	ssh intrusion attempt
2017-12-02 22:53	attacks	Port ScanHackingWeb App Attack		AbuseIPDB	WebSphere Server and JBoss Platform Apache Commons Collections Remote Code Execution
2017-12-02 23:23	attacks	Web App AttackPort Scan		AbuseIPDB
2017-12-02 23:55	abuse	Web Spam		AbuseIPDB	Posts email addresses in web forms
2019-03-29 18:19	attacks		bi_any_1_7d	BadIPs.com
2019-03-29 18:19	attacks		bi_any_2_30d	BadIPs.com
2019-03-29 18:19	attacks		bi_any_2_7d	BadIPs.com
2019-03-29 18:20	attacks	Brute-ForceMailserver Attack	bi_mail_1_7d	BadIPs.com
2019-03-29 18:20	attacks	Brute-ForceMailserver Attack	bi_mail_2_30d	BadIPs.com
2019-03-29 18:20	attacks	Email Spam	bi_spam_1_7d	BadIPs.com
2019-03-29 18:20	attacks	SSH	bi_ssh_1_7d	BadIPs.com
2019-03-29 18:20	attacks	SSH	bi_ssh_2_30d	BadIPs.com
2019-03-29 18:21	anonymizers	Tor IP	bm_tor	torstatus.blutmagie.de
2019-03-29 18:22	abuse	Bad Web Bot	botscout_7d	BotScout.com
2019-03-29 18:22	abuse	Bad Web BotWeb SpamBlog Spam	cleantalk_7d	CleanTalk
2019-03-29 18:23	abuse	Bad Web BotWeb SpamBlog Spam	cleantalk_updated_7d	CleanTalk
2019-03-29 18:23	attacks	Web App Attack	cruzit_web_attacks	CruzIt.com
2019-03-29 18:23	anonymizers	Tor IP	dm_tor	dan.me.uk
2019-03-29 18:24	anonymizers	Tor IP	et_tor	Emerging Threats
2019-03-29 18:34	abuse		gpf_comics	GPF Comics
2019-03-29 18:34	attacks	SSH	haley_ssh	Charles Haley
2019-03-29 18:36	attacks	Web App Attack	iblocklist_cruzit_web_attacks	iBlocklist.com
2019-03-29 18:42	abuse	Web SpamBad Web BotBlog SpamForum Spam	sblam	sblam.com
2019-03-29 18:42	attacks		snort_ipfilter	Snort.org Labs
2019-03-29 18:44	abuse	Web SpamForum Spam	stopforumspam	StopForumSpam.com
2019-03-29 18:45	abuse	Web SpamForum Spam	stopforumspam_180d	StopForumSpam.com
2019-03-29 18:47	abuse	Web SpamForum Spam	stopforumspam_1d	StopForumSpam.com
2019-03-29 18:47	abuse	Web SpamForum Spam	stopforumspam_30d	StopForumSpam.com
2019-03-29 18:48	abuse	Web SpamForum Spam	stopforumspam_365d	StopForumSpam.com
2019-03-29 18:51	abuse	Web SpamForum Spam	stopforumspam_7d	StopForumSpam.com
2019-03-29 18:51	abuse	Web SpamForum Spam	stopforumspam_90d	StopForumSpam.com
2019-03-29 18:52	attacks		talosintel_ipfilter	TalosIntel.com
2019-03-29 18:53	anonymizers	Tor IP	tor_exits	TorProject.org
2019-05-28 23:20	abuse	Bad Web BotWeb SpamBlog Spam	cleantalk_1d	CleanTalk
2019-05-28 23:26	abuse	Bad Web BotWeb SpamBlog Spam	cleantalk_updated_1d	CleanTalk
2019-05-28 23:27	abuse		firehol_abusers_1d	FireHOL
2019-06-05 20:34	attacks		bi_any_0_1d	BadIPs.com
2019-06-05 20:34	attacks		bi_any_2_1d	BadIPs.com
2019-06-05 20:34	attacks	Brute-ForceMailserver Attack	bi_mail_0_1d	BadIPs.com
2019-06-05 20:34	attacks	Email Spam	bi_spam_0_1d	BadIPs.com
2019-06-10 16:02	abuse	Bad Web Bot	botscout_1d	BotScout.com
2019-06-22 04:38	abuse	Email Spam	blocklist_net_ua	blocklist.net.ua
2019-06-24 02:37	attacks		greensnow	GreenSnow.co
2019-06-26 22:42	attacks	SSH	bi_ssh_0_1d	BadIPs.com
2019-06-28 22:43	abuse	Bad Web BotWeb SpamBlog Spam	cleantalk_30d	CleanTalk
2019-06-28 22:44	abuse	Bad Web BotWeb SpamBlog Spam	cleantalk_updated_30d	CleanTalk
2019-06-30 19:20	attacks	SSH	bi_sshd_0_1d	BadIPs.com
2019-06-30 19:20	attacks	SSH	bi_sshd_2_30d	BadIPs.com
2019-07-01 18:30	attacks	SSH	bi_sshd_1_7d	BadIPs.com
2019-07-01 18:31	abuse	Bad Web BotWeb SpamBlog Spam	cleantalk	CleanTalk
2019-07-01 18:33	abuse	Bad Web BotWeb SpamBlog Spam	cleantalk_updated	CleanTalk
2019-07-02 17:26	organizations		coinbl_hosts
2019-07-09 10:39	attacks	Brute-Force	bruteforceblocker	danger.rulez.sk
2019-07-10 09:57	attacks		et_compromised	Emerging Threats
2019-07-30 19:07	attacks	Web App AttackCMS Attack	bi_cms_0_1d	BadIPs.com
2019-07-30 19:07	attacks	Web App AttackCMS Attack	bi_cms_1_7d	BadIPs.com
2019-07-30 19:07	attacks	Web App AttackCMS Attack	bi_cms_2_30d	BadIPs.com
2019-07-30 19:07	attacks		bi_http_0_1d	BadIPs.com
2019-07-30 19:07	attacks		bi_http_1_7d	BadIPs.com
2019-07-31 18:00	attacks		bi_http_2_30d	BadIPs.com
2019-08-20 17:15	reputation		bds_atif
2019-03-29 18:23	organizations		datacenters
2019-03-29 18:21	abuse	Bad Web Bot	botscout_30d	BotScout.com

only last 50 and first 10 AbuseIPDB logs are shown

Threats Categories :

abuse

IPs used to spam forum, boards, blogs or smtp servers, automated web scripts or scrappers (bad bots)

anonymizer

Onion Router IP addresses. TOR network IPs, TOR exit points, socks or ssl proxy.

attacks

bruteforce ssh/ftp/system account, IPs that have been detected by fail2ban, ports scan, vulnerabilities scan, DDoS.

malware

Addresses that have been identified distributing malware, form-grabber and stealer, Viruses, Worms, Trojans, Ransomware, Adware, Spyware

Whois

inetnum: 31.185.104.0 - 31.185.111.255
netname: DE-NBISERV-20110316
country: DE
org: ORG-MPta1-RIPE
admin-c: NP2275-RIPE
tech-c: NP2275-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-by: NbIServ-MNT
mnt-lower: NbIServ-MNT
mnt-routes: NbIServ-MNT
created: 2011-03-16T13:47:40Z
last-modified: 2016-05-19T10:08:43Z
source: RIPE # Filtered

organisation: ORG-MPta1-RIPE
org-name: Martin Prager trading as "NbIServ"
org-type: LIR
descr: NbIServ IP-Netz
address: Bethenhausen 5
address: 07554
address: Bethenhausen
address: GERMANY
phone: +4936695240050
fax-no: +4936695240051
admin-c: NP2275-RIPE
abuse-c: NA4181-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: NbIServ-MNT
mnt-by: RIPE-NCC-HM-MNT
mnt-by: NbIServ-MNT
created: 2010-11-12T10:29:35Z
last-modified: 2017-10-30T14:36:24Z
source: RIPE # Filtered

person: NbIServ Martin Prager
address: NbIServ
address: Bethenhausen 5
address: 07554 Bethenhausen
address: Deutschland
fax-no: +49-36695-240051
phone: +49-36695-240050
nic-hdl: NP2275-RIPE
mnt-by: NbIServ-MNT
created: 2010-11-12T12:25:51Z
last-modified: 2017-10-30T22:11:33Z
source: RIPE # Filtered

route: 31.185.104.0/21
descr: Martin Prager trading as "NbIServ"
origin: AS43847
mnt-by: NbIServ-MNT
created: 2015-04-10T16:07:55Z
last-modified: 2015-04-10T16:07:55Z
source: RIPE

most specific ip range is highlighted

Updated : 2019-01-22