112.80.137.13 - IPInfo

Basic Info

City: Nanjing

Region: Jiangsu

Country: China

Internet Service Provider: China Unicom Jiangsu Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	The IP has triggered Cloudflare WAF. CF-Ray: 541062388e246c56 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: d.skk.moe \| User-Agent: Mozilla/5.051975669 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 \| CF_DC: SJC. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 03:17:30

Type

Details

Datetime

attackbots

The IP has triggered Cloudflare WAF. CF-Ray: 541062388e246c56 | WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 | WAF_Kind: firewall | CF_Action: challenge | Country: CN | CF_IPClass: noRecord | Protocol: HTTP/1.1 | Method: GET | Host: d.skk.moe | User-Agent: Mozilla/5.051975669 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 | CF_DC: SJC. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-08 03:17:30

Comments on same subnet:

IP	Type	Details	Datetime
112.80.137.153	attackspambots	Web Server Scan. RayID: 590c5cc7ee296e42, UA: Mozilla/4.049897920 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729), Country: CN	2020-05-21 04:11:37
112.80.137.72	attack	Unauthorized connection attempt detected from IP address 112.80.137.72 to port 22 [J]	2020-03-02 19:32:51
112.80.137.30	attackspam	Unauthorized connection attempt detected from IP address 112.80.137.30 to port 9991 [T]	2020-01-27 15:42:09
112.80.137.97	attackbotsspam	Unauthorized connection attempt detected from IP address 112.80.137.97 to port 8081 [T]	2020-01-10 08:56:25
112.80.137.144	attack	CN_APNIC-HM_<177>1578575004 [1:2013053:1] ET WEB_SERVER PyCurl Suspicious User Agent Inbound [Classification: Attempted Information Leak] [Priority: 2]: {TCP} 112.80.137.144:59730	2020-01-10 03:04:32
112.80.137.119	attackspam	Unauthorized connection attempt detected from IP address 112.80.137.119 to port 3128	2019-12-31 08:08:24
112.80.137.14	attackbots	HTTP/80/443 Probe, BF, WP, Hack -	2019-12-26 05:16:33
112.80.137.34	attackspam	The IP has triggered Cloudflare WAF. CF-Ray: 54101e30ae016e18 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: theme-suka.skk.moe \| User-Agent: Mozilla/5.051975669 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 \| CF_DC: SJC. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 06:43:04
112.80.137.117	attack	The IP has triggered Cloudflare WAF. CF-Ray: 54147ae5dbc76bb4 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: d.skk.moe \| User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Mobile Safari/537.36 \| CF_DC: SJC. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 06:04:43
112.80.137.189	attackspambots	The IP has triggered Cloudflare WAF. CF-Ray: 541570716d3c9641 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: d.skk.moe \| User-Agent: Mozilla/5.062334851 Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 \| CF_DC: SJC. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 05:07:54
112.80.137.39	attackbotsspam	The IP has triggered Cloudflare WAF. CF-Ray: 54104ef0f857ed47 \| WAF_Rule_ID: 1025440 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: blog.skk.moe \| User-Agent: Mozilla/5.0 (iPad; CPU OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1 \| CF_DC: SJC. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 01:34:56

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 112.80.137.13
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1199
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;112.80.137.13.			IN	A

;; AUTHORITY SECTION:
.			486	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019120700 1800 900 604800 86400

;; Query time: 48 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Dec 08 03:17:27 CST 2019
;; MSG SIZE  rcvd: 117

Host info

Host 13.137.80.112.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 13.137.80.112.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
18.197.201.120	attackbotsspam	Web App Attack	2019-11-10 06:20:37
46.38.144.202	attack	2019-11-09T23:11:04.172599mail01 postfix/smtpd[31558]: warning: unknown[46.38.144.202]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-11-09T23:11:29.011392mail01 postfix/smtpd[31558]: warning: unknown[46.38.144.202]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-11-09T23:11:53.132253mail01 postfix/smtpd[31558]: warning: unknown[46.38.144.202]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2019-11-10 06:33:17
201.251.238.72	attackbotsspam	Spam Timestamp : 09-Nov-19 16:01 BlockList Provider combined abuse (866)	2019-11-10 06:35:53
175.29.177.54	attack	proto=tcp . spt=37357 . dpt=25 . (Found on Dark List de Nov 09) (867)	2019-11-10 06:10:59
192.241.210.224	attackspambots	5x Failed Password	2019-11-10 06:19:19
45.82.153.76	attack	2019-11-09T23:25:02.434808mail01 postfix/smtpd[32165]: warning: unknown[45.82.153.76]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-11-09T23:25:24.466678mail01 postfix/smtpd[13728]: warning: unknown[45.82.153.76]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-11-09T23:29:33.461452mail01 postfix/smtpd[24443]: warning: unknown[45.82.153.76]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2019-11-10 06:30:09
213.32.65.111	attack	Nov 9 11:55:36 TORMINT sshd\[32237\]: Invalid user bmv from 213.32.65.111 Nov 9 11:55:36 TORMINT sshd\[32237\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.32.65.111 Nov 9 11:55:38 TORMINT sshd\[32237\]: Failed password for invalid user bmv from 213.32.65.111 port 56950 ssh2 ...	2019-11-10 06:30:31
185.209.0.92	attackbots	11/09/2019-23:13:12.016144 185.209.0.92 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-11-10 06:28:07
185.200.118.84	attackbots	proto=tcp . spt=45770 . dpt=3389 . src=185.200.118.84 . dst=xx.xx.4.1 . (Found on Alienvault Nov 09) (869)	2019-11-10 06:06:11
183.107.114.46	attack	SSH brutforce	2019-11-10 06:15:09
222.74.73.202	attackbots	Spam emails were sent from this SMTP server. Some of this kind of spam emails attempted to camouflage the SMTP servers with 27.85.176.228 (a KDDI's legitimate server). The URLs in the spam messages were such as : - http :// ds85e6a.xyz/asint/ura-ac02/prof.php?pid=1 (61.14.210.110) - http :// ds85e6a.xyz/asint/stop/ The spammer used the following domains for the email addresses in the sites.: - mlstp.0ch.biz (The domain "0ch.biz" used "ns01.kix.ad.jp" and "ns02" for the name servers. Its registrant was "MEDIAWARS CO.,Ltd.". Its registrar was "IDC Frontier Inc.".) - lover-amazing.com (Its registrar was "GMO Internet, Inc.".)	2019-11-10 06:22:21
79.101.63.194	attack	Autoban 79.101.63.194 AUTH/CONNECT	2019-11-10 06:16:08
50.127.71.5	attackspam	$f2bV_matches	2019-11-10 06:44:15
128.199.210.105	attack	Nov 9 23:27:32 debian sshd\[19707\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.210.105 user=root Nov 9 23:27:34 debian sshd\[19707\]: Failed password for root from 128.199.210.105 port 52898 ssh2 Nov 9 23:47:05 debian sshd\[21212\]: Invalid user network from 128.199.210.105 port 58920 ...	2019-11-10 06:41:11
124.42.117.243	attackbots	Nov 9 21:56:53 OneL sshd\[28354\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.42.117.243 user=root Nov 9 21:56:55 OneL sshd\[28354\]: Failed password for root from 124.42.117.243 port 16464 ssh2 Nov 9 22:00:57 OneL sshd\[28455\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.42.117.243 user=root Nov 9 22:01:00 OneL sshd\[28455\]: Failed password for root from 124.42.117.243 port 33485 ssh2 Nov 9 22:05:05 OneL sshd\[28588\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.42.117.243 user=root ...	2019-11-10 06:06:30

Recently Reported IPs

111.224.218.83	110.80.155.247	67.204.232.17	88.88.125.162
202.219.173.204	106.39.189.88	149.170.184.183	106.11.154.83
98.190.215.139	73.145.186.211	60.230.123.16	103.192.227.199
77.226.178.0	86.107.29.12	60.13.7.241	151.63.6.169
115.41.160.59	60.13.7.30	86.136.2.85	222.74.44.91