JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 118.145.104.105

118.145.104.105 was found in our database!

This IP was reported 1,437 times. Confidence of Abuse is 100%: ?

100%

ISP	Beijing Volcano Engine Technology Co., Ltd.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS137718
Domain Name	bytedance.com
Country	🇨🇳 China
City	Guangzhou, Guangdong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 118.145.104.105

Whois 118.145.104.105

IP Abuse Reports for 118.145.104.105:

This IP address has been reported a total of 1,437 times from 586 distinct sources. 118.145.104.105 was first reported on April 21st 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 CBJ	2026-04-21 13:09:17 (1 month ago)	fail2ban: apache-filepath-recon ...	Web App Attack
🇹🇭 Sawasdee	2026-04-21 12:30:10 (1 month ago)	SSH break in attempt ...	SSH
🇨🇳 kipfel★	2026-04-21 11:30:50 (1 month ago)	2026-04-21T19:25:48.769240+08:00 localhost sshd-session[890285]: Invalid user admin from 118.145.104 ... show more 2026-04-21T19:25:48.769240+08:00 localhost sshd-session[890285]: Invalid user admin from 118.145.104.105 port 54442 2026-04-21T19:26:27.092243+08:00 localhost sshd-session[890487]: Invalid user orangepi from 118.145.104.105 port 54166 2026-04-21T19:30:50.214943+08:00 localhost sshd-session[891625]: Invalid user test from 118.145.104.105 port 34014 ... show less	Brute-Force SSH
🇬🇧 Axel	2026-04-21 11:24:06 (1 month ago)	Blocked by Fail2Ban. Flagged by jail ssh \| UK-01	Brute-Force
🇳🇱 EGP Abuse Dept	2026-04-21 10:11:25 (1 month ago)	Unauthorized connection to SSH port 22	Port Scan Hacking SSH
🇺🇸 TPI-Abuse	2026-04-21 10:04:11 (1 month ago)	(mod_security) mod_security (id:218420) triggered by 118.145.104.105 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:218420) triggered by 118.145.104.105 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 21 06:04:01.657755 2026] [security2:error] [pid 2480821:tid 2480845] [client 118.145.104.105:60946] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.24:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.24"] [uri "/hello.world"] [unique_id "aedLkazTp_zJamoL2_YEAgAAANA"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Rom74	2026-04-21 09:52:06 (1 month ago)	2026-04-21T11:52:04.019952+02:00 serveur1 sshd[1085112]: pam_unix(sshd:auth): authentication failure ... show more 2026-04-21T11:52:04.019952+02:00 serveur1 sshd[1085112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.145.104.105 2026-04-21T11:52:05.875944+02:00 serveur1 sshd[1085112]: Failed password for invalid user admin from 118.145.104.105 port 42616 ssh2 ... show less	Brute-Force SSH
🇹🇼 kk_it_man	2026-04-21 09:40:01 (1 month ago)	honey catch	Port Scan
Anonymous	2026-04-21 09:28:20 (1 month ago)	Unauthorized connection attempt on Port 23	Port Scan Hacking Exploited Host
🇭🇺 kisbogdan	2026-04-21 09:05:07 (1 month ago)	endlessh: 1 connection ended in last one hour, totaling 0:17:07, average 0:17:07 per connection	Brute-Force SSH
🇩🇪 Admins@FBN	2026-04-21 08:00:37 (1 month ago)	FW-PortScan: Traffic Blocked srcport=33302 dstport=22	Port Scan Hacking SSH
🇺🇸 TPI-Abuse	2026-04-21 07:43:27 (1 month ago)	(mod_security) mod_security (id:218420) triggered by 118.145.104.105 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:218420) triggered by 118.145.104.105 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 21 03:43:16.176006 2026] [security2:error] [pid 29192:tid 29192] [client 118.145.104.105:33856] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.54:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.54"] [uri "/hello.world"] [unique_id "aecqlDnAYK3ABHNE3RZJdQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1426 to 1437 of 1437 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 202.39.153.245

🇺🇸 44.202.21.41

🇦🇪 20.203.42.204

🇩🇪 213.202.222.56

🇮🇷 185.120.169.49

🇰🇭 175.100.107.238

🇳🇱 172.71.99.119

🇯🇵 165.154.231.236

🇳🇱 141.101.76.84

🇨🇳 120.48.15.138

🇧🇩 103.183.62.0

🇷🇺 84.54.44.32

🇩🇪 69.5.169.142

🇦🇷 45.228.188.80

🇸🇬 43.163.84.198

🇭🇰 221.124.209.179

🇳🇱 172.71.182.80

🇺🇸 172.56.213.165

🇺🇸 154.16.119.22

🇫🇮 147.185.133.71