116.252.80.130

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Guangxi Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Port scan: Attack repeated for 24 hours	2020-07-18 13:41:40
attackbotsspam	Mar 31 23:30:13 debian-2gb-nbg1-2 kernel: \[7949264.233947\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=116.252.80.130 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=26802 PROTO=TCP SPT=22266 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0	2020-04-01 07:27:25

Type

Details

Datetime

attackbotsspam

Port scan: Attack repeated for 24 hours

2020-07-18 13:41:40

attackbotsspam

Mar 31 23:30:13 debian-2gb-nbg1-2 kernel: \[7949264.233947\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=116.252.80.130 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=240 ID=26802 PROTO=TCP SPT=22266 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0

2020-04-01 07:27:25

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 116.252.80.130
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41116
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;116.252.80.130.			IN	A

;; AUTHORITY SECTION:
.			367	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020033102 1800 900 604800 86400

;; Query time: 95 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Apr 01 07:27:20 CST 2020
;; MSG SIZE  rcvd: 118

Host info

130.80.252.116.in-addr.arpa has no PTR record

Nslookup info:

;; Got SERVFAIL reply from 183.60.83.19, trying next server
Server:		183.60.82.98
Address:	183.60.82.98#53

** server can't find 130.80.252.116.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
197.86.207.181	attack	Automatic report - Port Scan Attack	2019-10-29 20:31:28
114.32.22.83	attackspam	Port Scan	2019-10-29 20:20:07
222.186.175.154	attack	Oct 29 13:15:27 nextcloud sshd\[790\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.154 user=root Oct 29 13:15:28 nextcloud sshd\[790\]: Failed password for root from 222.186.175.154 port 22852 ssh2 Oct 29 13:15:32 nextcloud sshd\[790\]: Failed password for root from 222.186.175.154 port 22852 ssh2 ...	2019-10-29 20:21:31
46.101.244.122	attackspam	MultiHost/MultiPort Probe, Scan, Hack -	2019-10-29 20:25:27
223.16.216.92	attack	Oct 29 13:08:32 icinga sshd[11312]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.16.216.92 Oct 29 13:08:34 icinga sshd[11312]: Failed password for invalid user admin from 223.16.216.92 port 55490 ssh2 ...	2019-10-29 20:29:58
118.24.19.178	attackspambots	Oct 29 13:17:46 vps01 sshd[4274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.19.178 Oct 29 13:17:48 vps01 sshd[4274]: Failed password for invalid user tyguy628 from 118.24.19.178 port 56860 ssh2	2019-10-29 20:18:18
159.65.152.201	attackbotsspam	Oct 29 13:24:21 lnxded63 sshd[30468]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.152.201	2019-10-29 20:47:15
51.75.202.218	attackbots	Oct 29 12:59:09 localhost sshd\[23734\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.202.218 user=root Oct 29 12:59:12 localhost sshd\[23734\]: Failed password for root from 51.75.202.218 port 51494 ssh2 Oct 29 13:02:52 localhost sshd\[24124\]: Invalid user tzhang from 51.75.202.218 port 33770 Oct 29 13:02:52 localhost sshd\[24124\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.202.218	2019-10-29 20:23:39
165.22.103.169	attackbotsspam	165.22.103.169 - - \[29/Oct/2019:12:17:32 +0000\] "POST /wp-login.php HTTP/1.1" 200 4358 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 165.22.103.169 - - \[29/Oct/2019:12:17:35 +0000\] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" ...	2019-10-29 20:52:41
41.216.165.190	attackbotsspam	2019-10-29 06:24:37 H=([41.216.165.190]) [41.216.165.190]:63544 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.4, 127.0.0.3) (https://www.spamhaus.org/query/ip/41.216.165.190) 2019-10-29 06:25:23 H=([41.216.165.190]) [41.216.165.190]:62893 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3, 127.0.0.4) (https://www.spamhaus.org/sbl/query/SBLCSS) 2019-10-29 06:40:47 H=([41.216.165.190]) [41.216.165.190]:63457 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3, 127.0.0.4) (https://www.spamhaus.org/query/ip/41.216.165.190) ...	2019-10-29 20:50:35
193.31.24.113	attack	10/29/2019-13:47:06.307762 193.31.24.113 Protocol: 6 SURICATA SMTP tls rejected	2019-10-29 20:48:59
193.110.168.35	attackbotsspam	Port Scan	2019-10-29 20:54:57
213.32.20.107	attack	B: Abusive content scan (301)	2019-10-29 20:27:32
159.65.183.47	attackbots	ssh failed login	2019-10-29 20:38:16
114.67.82.156	attack	2019-10-29T08:57:55.705560tmaserv sshd\[19003\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.82.156 user=root 2019-10-29T08:57:57.935634tmaserv sshd\[19003\]: Failed password for root from 114.67.82.156 port 56314 ssh2 2019-10-29T13:34:59.909722tmaserv sshd\[2734\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.82.156 user=root 2019-10-29T13:35:02.323649tmaserv sshd\[2734\]: Failed password for root from 114.67.82.156 port 59578 ssh2 2019-10-29T13:39:41.597712tmaserv sshd\[2960\]: Invalid user th from 114.67.82.156 port 41154 2019-10-29T13:39:41.603705tmaserv sshd\[2960\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.82.156 ...	2019-10-29 20:32:24

Recently Reported IPs

134.122.61.205	111.120.16.2	103.45.106.55	222.77.77.162
183.111.197.102	109.73.176.53	103.25.58.129	213.238.181.236
121.122.97.162	110.93.91.95	114.79.144.99	89.223.93.15
110.87.106.72	116.90.145.153	82.0.24.21	53.39.108.147
77.40.131.162	208.126.209.0	95.170.239.20	206.208.188.181