JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 111.113.89.104

111.113.89.104 was found in our database!

This IP was reported 149 times. Confidence of Abuse is 83%: ?

83%

ISP	CHINANET ningxia province network
Usage Type	Fixed Line ISP
ASN	AS4134
Domain Name	yc.nx.cn
Country	🇨🇳 China
City	Wuzhong, Ningxia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 111.113.89.104

Whois 111.113.89.104

IP Abuse Reports for 111.113.89.104:

This IP address has been reported a total of 149 times from 52 distinct sources. 111.113.89.104 was first reported on January 22nd 2024, and the most recent report was 14 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-20 08:13:33 (14 hours ago)	2026-06-20T10:13:33.329967+02:00 myserver sshd[2171673]: banner exchange: Connection from 111.113.89 ... show more 2026-06-20T10:13:33.329967+02:00 myserver sshd[2171673]: banner exchange: Connection from 111.113.89.104 port 20558: invalid format 2026-06-20T10:13:33.329967+02:00 myserver sshd[2171673]: banner exchange: Connection from 111.113.89.104 port 20558: invalid format ... show less	Brute-Force SSH
🇺🇸 MPL	2026-06-20 04:29:46 (17 hours ago)	tcp/130 (2 or more attempts)	Port Scan
🇺🇸 xmission.com	2026-06-19 18:25:27 (1 day ago)	Blocked by UFW (TCP on 21) Source port: 33892 TTL: 238 Packet length: 44 TOS: 0x00 This report (for ... show more Blocked by UFW (TCP on 21) Source port: 33892 TTL: 238 Packet length: 44 TOS: 0x00 This report (for 111.113.89.104) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan FTP Brute-Force Brute-Force
🇺🇸 xmission.com	2026-06-18 20:24:14 (2 days ago)	Blocked by UFW (TCP on 10323) Source port: 25083 TTL: 238 Packet length: 44 TOS: 0x00 This report ( ... show more Blocked by UFW (TCP on 10323) Source port: 25083 TTL: 238 Packet length: 44 TOS: 0x00 This report (for 111.113.89.104) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 drewf.ink	2026-06-17 05:53:34 (3 days ago)	[05:53] Port scanning. Port(s) scanned: TCP/8080	Port Scan
🇫🇮 6kilowatti	2026-06-16 11:30:28 (4 days ago)	2026-06-16T14:30:27.951489+03:00 6kw kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:b6:e7:09:78:9a:18 ... show more 2026-06-16T14:30:27.951489+03:00 6kw kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:b6:e7:09:78:9a:18:bd:57:7e:08:00 SRC=111.113.89.104 DST=5.61.88.83 LEN=44 TOS=0x00 PREC=0x00 TTL=236 ID=51202 PROTO=TCP SPT=11165 DPT=7093 WINDOW=1024 RES=0x00 SYN URGP=0 ... show less	Port Scan
🇺🇸 Axel	2026-06-16 08:11:16 (4 days ago)	Blocked by UFW on LAXHH [4200/tcp] \| SPT: 14427 \| TTL: 234 \| LEN: 44 \| TOS: 0x00 • Reported by: gith ... show more Blocked by UFW on LAXHH [4200/tcp] \| SPT: 14427 \| TTL: 234 \| LEN: 44 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇮🇹 LTM	2026-06-16 06:20:01 (4 days ago)	DNS - Multiple recursive query request denied	DNS Poisoning Hacking
🇺🇸 Axel	2026-06-14 22:45:54 (5 days ago)	Blocked by UFW on LAXHH [9864/tcp] \| SPT: 47492 \| TTL: 235 \| LEN: 44 \| TOS: 0x00 • Reported by: gith ... show more Blocked by UFW on LAXHH [9864/tcp] \| SPT: 47492 \| TTL: 235 \| LEN: 44 \| TOS: 0x00 • Reported by: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 sandra361	2026-06-14 15:47:43 (6 days ago)	Port scan detected: 5 attempts across 1 ports (2024). \| Evidence: REAPER_TARPIT: IN=enp1s0 SRC=111.1 ... show more Port scan detected: 5 attempts across 1 ports (2024). \| Evidence: REAPER_TARPIT: IN=enp1s0 SRC=111.113.89.104 LEN=60 TOS=0x00 PREC=0x00 TTL=40 ID=13163 DF PROTO=TCP SPT=62544 DPT=2024 WINDOW=29200 RES=0x00 SYN URGP=0 show less	Port Scan
🇳🇴 tmiland	2026-06-14 13:41:45 (6 days ago)	Suricata Detected 31 attacks from 111.113.89.104.; GPL DNS named version attempt; IP: 111.113.89.104 ... show more Suricata Detected 31 attacks from 111.113.89.104.; GPL DNS named version attempt; IP: 111.113.89.104; Ports: 52276; Direction: to_server; Trigger: DNS; Category: Attempted Information Leak; Severity: 2 show less	Brute-Force
🇫🇷 TheHoneyPotter	2026-06-13 11:22:16 (1 week ago)	Honeypot detection: SSH brute-force authentication attempt on port 22 (2 or more attempts) - Logs: 2 ... show more Honeypot detection: SSH brute-force authentication attempt on port 22 (2 or more attempts) - Logs: 2026-06-13T11:22:15.794Z ACCEPT host=::ffff:111.113.89.104 port=25768 fd=6 n=3/4096 ... show less	Brute-Force SSH
🇺🇸 xmission.com	2026-06-12 19:28:10 (1 week ago)	Blocked by UFW (TCP on 2194) Source port: 21813 TTL: 239 Packet length: 44 TOS: 0x00 This report (f ... show more Blocked by UFW (TCP on 2194) Source port: 21813 TTL: 239 Packet length: 44 TOS: 0x00 This report (for 111.113.89.104) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 MPL	2026-06-11 14:04:53 (1 week ago)	tcp/1947	Port Scan
🇬🇧 PeravixGroup	2026-06-10 11:10:59 (1 week ago)	Honeypot detection: TR-069 CWMP router management protocol abuse attempt on port 7547. Severity: MED ... show more Honeypot detection: TR-069 CWMP router management protocol abuse attempt on port 7547. Severity: MEDIUM. Aaran.cloud show less	IoT Targeted Hacking

Showing 1 to 15 of 149 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇪 198.235.24.203

🇸🇳 196.207.228.8

🇧🇦 195.222.43.138

🇲🇾 183.171.191.232

🇮🇳 182.79.4.245

🇩🇪 167.94.145.28

🇫🇮 62.60.152.192

🇧🇷 187.16.96.250

🇮🇳 182.70.183.237

🇮🇳 182.66.218.97

🇨🇳 182.43.22.64

🇸🇬 172.253.84.222

🇮🇪 128.251.36.118

🇺🇸 100.55.69.54

🇯🇵 47.74.32.128

🇳🇱 45.148.10.157

🇸🇬 45.78.198.199

🇨🇳 39.154.6.200

🇨🇳 14.103.91.55

🇷🇴 2.57.121.112