106.86.80.2 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Chongqing Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Nov 29 16:53:11 mail kernel: [62538.656150] [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3d:86:ee:00:08:e3:ff:fd:90:08:00 SRC=106.86.80.2 DST=91.205.173.180 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=19843 DF PROTO=TCP SPT=30334 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0 Nov 29 16:53:14 mail kernel: [62541.746645] [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3d:86:ee:00:08:e3:ff:fd:90:08:00 SRC=106.86.80.2 DST=91.205.173.180 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=22236 DF PROTO=TCP SPT=30334 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0 Nov 29 16:53:20 mail kernel: [62547.846170] [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3d:86:ee:00:08:e3:ff:fd:90:08:00 SRC=106.86.80.2 DST=91.205.173.180 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=26016 DF PROTO=TCP SPT=30334 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0	2019-11-30 01:31:32

Type

Details

Datetime

attack

Nov 29 16:53:11 mail kernel: [62538.656150] [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3d:86:ee:00:08:e3:ff:fd:90:08:00 SRC=106.86.80.2 DST=91.205.173.180 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=19843 DF PROTO=TCP SPT=30334 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0 
Nov 29 16:53:14 mail kernel: [62541.746645] [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3d:86:ee:00:08:e3:ff:fd:90:08:00 SRC=106.86.80.2 DST=91.205.173.180 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=22236 DF PROTO=TCP SPT=30334 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0 
Nov 29 16:53:20 mail kernel: [62547.846170] [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3d:86:ee:00:08:e3:ff:fd:90:08:00 SRC=106.86.80.2 DST=91.205.173.180 LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=26016 DF PROTO=TCP SPT=30334 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0

2019-11-30 01:31:32

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.86.80.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46626
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.86.80.2.			IN	A

;; AUTHORITY SECTION:
.			596	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019112900 1800 900 604800 86400

;; Query time: 112 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Nov 30 01:31:28 CST 2019
;; MSG SIZE  rcvd: 115

Host info

Host 2.80.86.106.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 2.80.86.106.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
180.250.248.170	attack	$f2bV_matches	2020-02-04 23:48:05
198.108.66.206	attackspam	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-05 00:09:43
14.1.29.121	attackbots	2019-06-28 02:13:43 1hgeWN-0005j4-6h SMTP connection from unequal.bookywook.com $unequal.jewishsochi.icu$ \[14.1.29.121\]:45594 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-06-28 02:15:17 1hgeXs-0005m9-Qr SMTP connection from unequal.bookywook.com $unequal.jewishsochi.icu$ \[14.1.29.121\]:37521 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-06-28 02:17:33 1hgea5-0005pL-0p SMTP connection from unequal.bookywook.com $unequal.jewishsochi.icu$ \[14.1.29.121\]:51797 I=\[193.107.88.166\]:25 closed by DROP in ACL ...	2020-02-04 23:34:35
77.70.96.195	attackspambots	Feb 4 16:04:33 legacy sshd[19534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.70.96.195 Feb 4 16:04:35 legacy sshd[19534]: Failed password for invalid user pen from 77.70.96.195 port 35598 ssh2 Feb 4 16:07:37 legacy sshd[19754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.70.96.195 ...	2020-02-04 23:34:51
14.1.29.109	attackbots	2019-06-23 14:20:43 1hf1UB-0002yb-I9 SMTP connection from soda.bookywook.com $soda.theearlykerner.icu$ \[14.1.29.109\]:47794 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-06-23 14:23:08 1hf1WW-00030Z-2z SMTP connection from soda.bookywook.com $soda.theearlykerner.icu$ \[14.1.29.109\]:49080 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-06-23 14:23:48 1hf1X9-000313-RD SMTP connection from soda.bookywook.com $soda.theearlykerner.icu$ \[14.1.29.109\]:37179 I=\[193.107.88.166\]:25 closed by DROP in ACL ...	2020-02-04 23:51:02
14.1.29.106	attackbotsspam	2019-06-25 01:21:10 1hfYGs-0000md-Mg SMTP connection from early.bookywook.com $early.teknobimo.icu$ \[14.1.29.106\]:39474 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-06-25 01:23:00 1hfYIe-0000oK-C5 SMTP connection from early.bookywook.com $early.teknobimo.icu$ \[14.1.29.106\]:58875 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-06-25 01:23:33 1hfYJB-0000p3-6h SMTP connection from early.bookywook.com $early.teknobimo.icu$ \[14.1.29.106\]:36866 I=\[193.107.88.166\]:25 closed by DROP in ACL ...	2020-02-04 23:58:14
222.186.15.10	attackbots	Feb 4 17:06:42 h2177944 sshd\[24054\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.10 user=root Feb 4 17:06:45 h2177944 sshd\[24054\]: Failed password for root from 222.186.15.10 port 10616 ssh2 Feb 4 17:06:47 h2177944 sshd\[24054\]: Failed password for root from 222.186.15.10 port 10616 ssh2 Feb 4 17:06:49 h2177944 sshd\[24054\]: Failed password for root from 222.186.15.10 port 10616 ssh2 ...	2020-02-05 00:12:13
190.133.67.197	attack	Feb 4 14:51:50 grey postfix/smtpd\[26834\]: NOQUEUE: reject: RCPT from r190-133-67-197.dialup.adsl.anteldata.net.uy\[190.133.67.197\]: 554 5.7.1 Service unavailable\; Client host \[190.133.67.197\] blocked using dul.dnsbl.sorbs.net\; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml\?190.133.67.197\; from=\ to=\ proto=ESMTP helo=\ ...	2020-02-04 23:40:03
111.68.99.124	attackspam	Unauthorized connection attempt detected from IP address 111.68.99.124 to port 25 [J]	2020-02-04 23:36:07
148.72.23.181	attackbots	148.72.23.181 - - \[04/Feb/2020:14:51:44 +0100\] "POST /wp-login.php HTTP/1.0" 200 4404 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 148.72.23.181 - - \[04/Feb/2020:14:51:47 +0100\] "POST /wp-login.php HTTP/1.0" 200 4236 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 148.72.23.181 - - \[04/Feb/2020:14:51:48 +0100\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-02-04 23:41:41
14.1.29.120	attack	2019-06-21 12:13:39 1heGY7-00010u-HU SMTP connection from shivering.bookywook.com $shivering.tahirfoods.icu$ \[14.1.29.120\]:46710 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-06-21 12:14:30 1heGYw-00011u-E2 SMTP connection from shivering.bookywook.com $shivering.tahirfoods.icu$ \[14.1.29.120\]:54794 I=\[193.107.88.166\]:25 closed by DROP in ACL 2019-06-21 12:15:23 1heGZn-000142-1t SMTP connection from shivering.bookywook.com $shivering.tahirfoods.icu$ \[14.1.29.120\]:46690 I=\[193.107.88.166\]:25 closed by DROP in ACL ...	2020-02-04 23:37:07
183.240.157.3	attack	Feb 4 10:10:23 plusreed sshd[952]: Invalid user iamfrek from 183.240.157.3 ...	2020-02-04 23:31:37
66.70.178.54	attack	$f2bV_matches	2020-02-04 23:54:35
89.248.167.141	attack	Feb 4 16:22:12 debian-2gb-nbg1-2 kernel: \[3088981.656467\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=89.248.167.141 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=21340 PROTO=TCP SPT=48483 DPT=3183 WINDOW=1024 RES=0x00 SYN URGP=0	2020-02-04 23:32:16
218.92.0.200	attack	Feb 4 15:53:18 vmanager6029 sshd\[3498\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.200 user=root Feb 4 15:53:20 vmanager6029 sshd\[3498\]: Failed password for root from 218.92.0.200 port 38816 ssh2 Feb 4 15:53:22 vmanager6029 sshd\[3498\]: Failed password for root from 218.92.0.200 port 38816 ssh2	2020-02-04 23:37:39

Recently Reported IPs

61.147.53.99	167.172.236.75	103.206.62.92	41.85.255.66
189.76.205.246	140.175.100.161	200.164.124.164	124.8.139.7
5.48.215.178	84.119.143.183	79.12.136.69	116.239.252.65
37.49.229.168	69.94.140.123	159.89.165.7	103.118.49.11
39.94.78.198	165.22.76.53	212.69.18.7	151.32.181.135