116.252.2.11 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Guangxi Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	The IP has triggered Cloudflare WAF. CF-Ray: 5433670a1966998f \| WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: blog.skk.moe \| User-Agent: Mozilla/4.066686748 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-12 02:37:44

Type

Details

Datetime

attackspambots

The IP has triggered Cloudflare WAF. CF-Ray: 5433670a1966998f | WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 | WAF_Kind: firewall | CF_Action: drop | Country: CN | CF_IPClass: noRecord | Protocol: HTTP/1.1 | Method: GET | Host: blog.skk.moe | User-Agent: Mozilla/4.066686748 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) | CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-12 02:37:44

Comments on same subnet:

IP	Type	Details	Datetime
116.252.208.48	attackbots	IP 116.252.208.48 attacked honeypot on port: 5555 at 10/7/2020 1:43:12 PM	2020-10-09 08:01:45
116.252.208.48	attackspam	IP 116.252.208.48 attacked honeypot on port: 5555 at 10/7/2020 1:43:12 PM	2020-10-09 00:36:35
116.252.208.48	attackspam	IP 116.252.208.48 attacked honeypot on port: 5555 at 10/7/2020 1:43:12 PM	2020-10-08 16:33:12
116.252.254.223	attackspambots	port scan and connect, tcp 1433 (ms-sql-s)	2020-08-13 16:36:33
116.252.20.91	attackspambots	Automatic report - Port Scan Attack	2020-08-11 15:51:34
116.252.20.80	attack	Apr 5 00:29:58 ovpn sshd[30791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.252.20.80 user=r.r Apr 5 00:30:00 ovpn sshd[30791]: Failed password for r.r from 116.252.20.80 port 37326 ssh2 Apr 5 00:30:01 ovpn sshd[30791]: Received disconnect from 116.252.20.80 port 37326:11: Bye Bye [preauth] Apr 5 00:30:01 ovpn sshd[30791]: Disconnected from 116.252.20.80 port 37326 [preauth] Apr 5 00:40:45 ovpn sshd[1137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.252.20.80 user=r.r Apr 5 00:40:47 ovpn sshd[1137]: Failed password for r.r from 116.252.20.80 port 56672 ssh2 Apr 5 00:40:48 ovpn sshd[1137]: Received disconnect from 116.252.20.80 port 56672:11: Bye Bye [preauth] Apr 5 00:40:48 ovpn sshd[1137]: Disconnected from 116.252.20.80 port 56672 [preauth] Apr 5 00:44:03 ovpn sshd[1945]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116......... ------------------------------	2020-04-05 10:33:25
116.252.2.203	attackspambots	The IP has triggered Cloudflare WAF. CF-Ray: 5434090b0a56e819 \| WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: d.skk.moe \| User-Agent: Mozilla/4.049897920 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-12 05:40:27
116.252.2.157	attackspam	The IP has triggered Cloudflare WAF. CF-Ray: 5435faeb8e20eb04 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: d.skk.moe \| User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-12 04:45:33
116.252.2.156	attackspambots	The IP has triggered Cloudflare WAF. CF-Ray: 5438225bbc2fe50e \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: blog.skk.moe \| User-Agent: Mozilla/5.066704189 Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-12 03:07:02
116.252.2.233	attackbots	The IP has triggered Cloudflare WAF. CF-Ray: 541629bf0beb98e7 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: disqus.skk.moe \| User-Agent: Mozilla/5.082584686 Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 06:28:08
116.252.2.168	attack	The IP has triggered Cloudflare WAF. CF-Ray: 5415b967d91be815 \| WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: img.skk.moe \| User-Agent: Mozilla/4.066686748 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 05:42:18
116.252.2.135	attack	The IP has triggered Cloudflare WAF. CF-Ray: 5412f5b1ee787800 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: ip.skk.moe \| User-Agent: Mozilla/5.084743666 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 05:05:18
116.252.2.204	attackbots	The IP has triggered Cloudflare WAF. CF-Ray: 541680af7f9beb89 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: api.skk.moe \| User-Agent: Mozilla/5.064213590 Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 05:04:44
116.252.2.41	attack	The IP has triggered Cloudflare WAF. CF-Ray: 541209a14d4b99d1 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: img.skk.moe \| User-Agent: Mozilla/5.064213590 Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 04:34:38
116.252.2.106	attack	The IP has triggered Cloudflare WAF. CF-Ray: 54148e2f7aefeb99 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: d.skk.moe \| User-Agent: Mozilla/5.064213590 Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 04:11:53

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 116.252.2.11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31567
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;116.252.2.11.			IN	A

;; AUTHORITY SECTION:
.			505	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019121101 1800 900 604800 86400

;; Query time: 136 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Dec 12 02:37:39 CST 2019
;; MSG SIZE  rcvd: 116

Host info

Host 11.2.252.116.in-addr.arpa not found: 2(SERVFAIL)

Nslookup info:

;; Got SERVFAIL reply from 183.60.83.19, trying next server
Server:		183.60.82.98
Address:	183.60.82.98#53

** server can't find 11.2.252.116.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
175.24.67.217	attack	Invalid user mingyuan from 175.24.67.217 port 58432	2020-07-18 20:04:30
51.137.79.150	attackspambots	Invalid user marek from 51.137.79.150 port 56354	2020-07-18 20:23:29
79.137.80.110	attackbotsspam	SSH invalid-user multiple login attempts	2020-07-18 19:49:47
13.77.174.134	attackspam	Jul 18 14:15:15 hidden sshd[47443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.77.174.134 Jul 18 14:15:17 hidden sshd[47443]: Failed password for invalid user git from 13.77.174.134 port 48632 ssh2	2020-07-18 20:27:17
211.68.122.120	attackbotsspam	Invalid user deng from 211.68.122.120 port 25955	2020-07-18 19:59:37
67.205.135.127	attackspambots	Invalid user xiao from 67.205.135.127 port 38144	2020-07-18 20:21:44
181.129.161.45	attack	Invalid user odroid from 181.129.161.45 port 34378	2020-07-18 20:03:22
183.195.121.197	attack	Invalid user ttttt from 183.195.121.197 port 46476	2020-07-18 20:02:47
50.3.177.72	attackbotsspam	Invalid user fake from 50.3.177.72 port 40144	2020-07-18 20:24:40
190.16.102.150	attack	Invalid user radius from 190.16.102.150 port 56350	2020-07-18 20:01:56
167.99.157.37	attackbotsspam	Invalid user webstaff from 167.99.157.37 port 56546	2020-07-18 20:05:03
192.3.194.169	attackbots	2020-07-18T04:17:50.415358mail.csmailer.org sshd[21216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.3.194.169 2020-07-18T04:17:50.412732mail.csmailer.org sshd[21216]: Invalid user admin from 192.3.194.169 port 58884 2020-07-18T04:17:52.978847mail.csmailer.org sshd[21216]: Failed password for invalid user admin from 192.3.194.169 port 58884 ssh2 2020-07-18T04:17:53.770914mail.csmailer.org sshd[21229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.3.194.169 user=root 2020-07-18T04:17:56.078647mail.csmailer.org sshd[21229]: Failed password for root from 192.3.194.169 port 35698 ssh2 ...	2020-07-18 19:57:22
104.47.142.2	attack	Jul 18 08:40:31 localhost sshd\[12593\]: Invalid user admin from 104.47.142.2 port 37196 Jul 18 08:40:31 localhost sshd\[12593\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.47.142.2 Jul 18 08:40:33 localhost sshd\[12593\]: Failed password for invalid user admin from 104.47.142.2 port 37196 ssh2 ...	2020-07-18 19:54:22
36.107.231.56	attackbots	Jul 18 14:09:21 nextcloud sshd\[28800\]: Invalid user duan from 36.107.231.56 Jul 18 14:09:21 nextcloud sshd\[28800\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.107.231.56 Jul 18 14:09:23 nextcloud sshd\[28800\]: Failed password for invalid user duan from 36.107.231.56 port 60426 ssh2	2020-07-18 20:26:00
208.109.12.104	attack	Invalid user me from 208.109.12.104 port 58044	2020-07-18 20:00:25

Recently Reported IPs

145.174.75.8	106.39.246.162	8.186.166.158	103.69.245.152
65.55.210.209	64.233.172.112	49.7.3.74	45.131.70.101
36.32.3.170	2408:8648:1300:40:3b36:51c8:2ca2:6c61	2001:da8:20b:200:100::d7	27.224.136.55
23.108.4.117	223.166.74.240	223.166.74.52	222.94.195.204
222.82.61.53	222.79.48.199	221.13.12.252	80.167.243.11