112.80.139.3 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: China Unicom Jiangsu Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	The IP has triggered Cloudflare WAF. CF-Ray: 5410ce0509096bc6 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: img.skk.moe \| User-Agent: Mozilla/5.084743666 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 \| CF_DC: SJC. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 00:41:24

Type

Details

Datetime

attack

The IP has triggered Cloudflare WAF. CF-Ray: 5410ce0509096bc6 | WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 | WAF_Kind: firewall | CF_Action: challenge | Country: CN | CF_IPClass: noRecord | Protocol: HTTP/1.1 | Method: GET | Host: img.skk.moe | User-Agent: Mozilla/5.084743666 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 | CF_DC: SJC. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-08 00:41:24

Comments on same subnet:

IP	Type	Details	Datetime
112.80.139.186	attackbotsspam	Unauthorized connection attempt detected from IP address 112.80.139.186 to port 8118 [J]	2020-03-02 16:46:43
112.80.139.72	attackspam	The IP has triggered Cloudflare WAF. CF-Ray: 5430ed179f239666 \| WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: ip.skk.moe \| User-Agent: Mozilla/4.054101423 Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) \| CF_DC: SJC. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-12 00:47:55
112.80.139.237	attackspam	The IP has triggered Cloudflare WAF. CF-Ray: 5415a92e09326bf6 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: d.skk.moe \| User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; SM-N900T Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 \| CF_DC: SJC. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 06:55:56
112.80.139.252	attackspambots	The IP has triggered Cloudflare WAF. CF-Ray: 5413c84ba8846d04 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: ip.skk.moe \| User-Agent: Mozilla/5.066704189 Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36 \| CF_DC: SJC. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 02:00:28

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 112.80.139.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47615
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;112.80.139.3.			IN	A

;; AUTHORITY SECTION:
.			403	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019120700 1800 900 604800 86400

;; Query time: 123 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Dec 08 00:41:19 CST 2019
;; MSG SIZE  rcvd: 116

Host info

Host 3.139.80.112.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 3.139.80.112.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
85.128.142.86	attackbots	Automatic report - XMLRPC Attack	2019-11-09 18:40:20
218.92.0.187	attack	Nov 9 09:05:04 MK-Soft-Root2 sshd[28945]: Failed password for root from 218.92.0.187 port 33768 ssh2 Nov 9 09:05:08 MK-Soft-Root2 sshd[28945]: Failed password for root from 218.92.0.187 port 33768 ssh2 ...	2019-11-09 19:14:34
222.186.175.150	attackspam	" "	2019-11-09 19:13:43
140.143.134.86	attackspam	2019-11-09T09:40:12.917645tmaserv sshd\[25177\]: Failed password for invalid user www-data from 140.143.134.86 port 34305 ssh2 2019-11-09T10:41:08.269084tmaserv sshd\[28097\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.134.86 user=root 2019-11-09T10:41:10.392669tmaserv sshd\[28097\]: Failed password for root from 140.143.134.86 port 45892 ssh2 2019-11-09T10:46:29.983797tmaserv sshd\[28309\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.134.86 user=root 2019-11-09T10:46:31.840664tmaserv sshd\[28309\]: Failed password for root from 140.143.134.86 port 36669 ssh2 2019-11-09T10:51:57.052711tmaserv sshd\[28542\]: Invalid user 002 from 140.143.134.86 port 55689 ...	2019-11-09 19:10:56
203.135.149.56	attack	Nov 9 09:00:12 our-server-hostname postfix/smtpd[25780]: connect from unknown[203.135.149.56] Nov x@x Nov 9 09:00:13 our-server-hostname postfix/smtpd[25780]: lost connection after RCPT from unknown[203.135.149.56] Nov 9 09:00:13 our-server-hostname postfix/smtpd[25780]: disconnect from unknown[203.135.149.56] Nov 9 10:40:57 our-server-hostname postfix/smtpd[20537]: connect from unknown[203.135.149.56] Nov x@x Nov 9 10:40:58 our-server-hostname postfix/smtpd[20537]: lost connection after RCPT from unknown[203.135.149.56] Nov 9 10:40:58 our-server-hostname postfix/smtpd[20537]: disconnect from unknown[203.135.149.56] Nov 9 11:14:53 our-server-hostname postfix/smtpd[31985]: connect from unknown[203.135.149.56] Nov x@x Nov 9 11:14:54 our-server-hostname postfix/smtpd[31985]: lost connection after RCPT from unknown[203.135.149.56] Nov 9 11:14:54 our-server-hostname postfix/smtpd[31985]: disconnect from unknown[203.135.149.56] Nov 9 11:23:51 our-server-hostname pos........ -------------------------------	2019-11-09 18:42:35
160.153.156.137	attack	Automatic report - XMLRPC Attack	2019-11-09 19:07:59
128.199.67.66	attack	Nov 9 09:03:52 xxxxxxx7446550 sshd[29644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.67.66 user=r.r Nov 9 09:03:53 xxxxxxx7446550 sshd[29644]: Failed password for r.r from 128.199.67.66 port 34458 ssh2 Nov 9 09:03:53 xxxxxxx7446550 sshd[29645]: Received disconnect from 128.199.67.66: 11: Bye Bye Nov 9 09:30:35 xxxxxxx7446550 sshd[3522]: Invalid user splunk from 128.199.67.66 Nov 9 09:30:35 xxxxxxx7446550 sshd[3522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.67.66 Nov 9 09:30:38 xxxxxxx7446550 sshd[3522]: Failed password for invalid user splunk from 128.199.67.66 port 43858 ssh2 Nov 9 09:30:38 xxxxxxx7446550 sshd[3523]: Received disconnect from 128.199.67.66: 11: Bye Bye Nov 9 09:34:24 xxxxxxx7446550 sshd[4341]: Invalid user i from 128.199.67.66 Nov 9 09:34:24 xxxxxxx7446550 sshd[4341]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 t........ -------------------------------	2019-11-09 19:00:49
175.211.112.242	attackspam	Nov 9 11:09:31 XXX sshd[55396]: Invalid user ofsaa from 175.211.112.242 port 37892	2019-11-09 19:06:32
37.97.169.7	attackbots	2019-11-09T11:57:44.191374mail01 postfix/smtpd[27838]: warning: idiomcenter.com.br[37.97.169.7]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-11-09T11:58:01.125131mail01 postfix/smtpd[27838]: warning: idiomcenter.com.br[37.97.169.7]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-11-09T11:59:27.232671mail01 postfix/smtpd[12135]: warning: idiomcenter.com.br[37.97.169.7]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2019-11-09 19:16:24
66.206.14.138	attack	RDP Bruteforce	2019-11-09 19:08:54
5.196.201.7	attack	Nov 9 11:16:30 postfix/smtpd: warning: unknown[5.196.201.7]: SASL LOGIN authentication failed	2019-11-09 19:16:48
31.162.230.237	attackbots	Chat Spam	2019-11-09 19:12:32
62.215.6.11	attackbots	Nov 9 11:33:07 server sshd\[30210\]: Invalid user buster from 62.215.6.11 Nov 9 11:33:07 server sshd\[30210\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=out02-tec.fasttelco.net Nov 9 11:33:09 server sshd\[30210\]: Failed password for invalid user buster from 62.215.6.11 port 36188 ssh2 Nov 9 11:44:19 server sshd\[458\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=out02-tec.fasttelco.net user=root Nov 9 11:44:20 server sshd\[458\]: Failed password for root from 62.215.6.11 port 43961 ssh2 ...	2019-11-09 18:57:06
116.196.117.154	attackbots	Nov 9 11:36:55 meumeu sshd[23396]: Failed password for root from 116.196.117.154 port 45734 ssh2 Nov 9 11:41:34 meumeu sshd[24005]: Failed password for root from 116.196.117.154 port 51986 ssh2 ...	2019-11-09 18:48:23
148.70.4.242	attackspambots	2019-11-09T08:37:12.930308abusebot-2.cloudsearch.cf sshd\[12598\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.4.242 user=root	2019-11-09 18:52:16

Recently Reported IPs

222.172.197.34	222.79.48.112	220.200.156.167	220.181.51.101
219.143.174.58	219.140.116.97	218.8.47.115	211.97.23.124
196.245.232.195	183.194.66.206	183.191.124.102	183.184.28.129
182.242.106.175	182.138.163.90	182.138.137.231	182.138.137.171
175.184.164.48	175.152.109.170	175.42.2.184	175.42.2.93