116.52.118.239

Basic Info

City: Kunming

Region: Yunnan

Country: China

Internet Service Provider: ChinaNet Yunnan Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	The IP has triggered Cloudflare WAF. CF-Ray: 5413a39aae84e7ad \| WAF_Rule_ID: 1112824 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: blog.skk.moe \| User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; SM-N900T Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 03:35:34

Type

Details

Datetime

attack

The IP has triggered Cloudflare WAF. CF-Ray: 5413a39aae84e7ad | WAF_Rule_ID: 1112824 | WAF_Kind: firewall | CF_Action: challenge | Country: CN | CF_IPClass: noRecord | Protocol: HTTP/1.1 | Method: GET | Host: blog.skk.moe | User-Agent: Mozilla/5.0 (Linux; U; Android 4.3; en-us; SM-N900T Build/JSS15J) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30 | CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-08 03:35:34

Comments on same subnet:

IP	Type	Details	Datetime
116.52.118.253	attack	Unauthorized connection attempt detected from IP address 116.52.118.253 to port 4712 [T]	2020-04-15 02:07:01
116.52.118.52	attackbots	The IP has triggered Cloudflare WAF. CF-Ray: 5435ea1e4817eb19 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: doku.skk.moe \| User-Agent: Mozilla/5.084743666 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-12 05:13:51

Type

Details

Datetime

116.52.118.253

attack

Unauthorized connection attempt detected from IP address 116.52.118.253 to port 4712 [T]

2020-04-15 02:07:01

116.52.118.52

attackbots

The IP has triggered Cloudflare WAF. CF-Ray: 5435ea1e4817eb19 | WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 | WAF_Kind: firewall | CF_Action: drop | Country: CN | CF_IPClass: noRecord | Protocol: HTTP/1.1 | Method: GET | Host: doku.skk.moe | User-Agent: Mozilla/5.084743666 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 | CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-12 05:13:51

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 116.52.118.239
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62916
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;116.52.118.239.			IN	A

;; AUTHORITY SECTION:
.			144	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019120700 1800 900 604800 86400

;; Query time: 112 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Dec 08 03:35:30 CST 2019
;; MSG SIZE  rcvd: 118

Host info

239.118.52.116.in-addr.arpa domain name pointer 239.118.52.116.broad.km.yn.dynamic.163data.com.cn.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
239.118.52.116.in-addr.arpa	name = 239.118.52.116.broad.km.yn.dynamic.163data.com.cn.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
5.188.84.45	attackbotsspam	2019-11-21 06:30:41 UTC \| JulioGypedly \| baburin.ptr@mail.ru \| https://european-biotechnology.net/proof-of-concept/purchase-zyloprim-300-mg-with-visa/ \| 5.188.84.45 \| Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 \| Submission q One or two printed copies for publisher q Rhyme copy in honest workbook or ASCII on disk pro publisher q Each disk has been labelled with your appellation and the title-deed of the manuscript q One transcript on disk throughout yourself q One printed conception also in behalf of yourself. His kinsfolk he could in actuality do something, less than virtuous moved to Omaha, Nebraska, when he was a wee talk hither it. Wen factors are in the sexual congress organs (go \|	2019-11-21 15:02:47
106.13.142.115	attackspam	Nov 21 07:30:12 MK-Soft-VM3 sshd[27663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.142.115 Nov 21 07:30:14 MK-Soft-VM3 sshd[27663]: Failed password for invalid user cepeda from 106.13.142.115 port 47022 ssh2 ...	2019-11-21 14:57:08
151.80.254.74	attackspambots	2019-11-21T01:26:02.570363homeassistant sshd[9406]: Failed password for invalid user admin from 151.80.254.74 port 49164 ssh2 2019-11-21T06:30:04.801644homeassistant sshd[3875]: Invalid user cku from 151.80.254.74 port 35038 2019-11-21T06:30:04.809113homeassistant sshd[3875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.80.254.74 ...	2019-11-21 14:52:37
193.188.22.193	attackbots	193.188.22.193 was recorded 12 times by 10 hosts attempting to connect to the following ports: 10022,443,42633,2292,3022,4022. Incident counter (4h, 24h, all-time): 12, 84, 647	2019-11-21 15:09:57
68.183.219.43	attack	Nov 21 07:30:06 sso sshd[23760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.219.43 Nov 21 07:30:08 sso sshd[23760]: Failed password for invalid user admin from 68.183.219.43 port 40320 ssh2 ...	2019-11-21 15:01:01
106.54.141.8	attack	Nov 21 08:46:24 www sshd\[750\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.141.8 user=root Nov 21 08:46:25 www sshd\[750\]: Failed password for root from 106.54.141.8 port 45712 ssh2 Nov 21 08:50:14 www sshd\[878\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.141.8 user=root ...	2019-11-21 14:56:39
216.109.50.34	attackspam	Nov 21 08:22:32 pkdns2 sshd\[65352\]: Invalid user 1qaz2xsw3edc from 216.109.50.34Nov 21 08:22:34 pkdns2 sshd\[65352\]: Failed password for invalid user 1qaz2xsw3edc from 216.109.50.34 port 50502 ssh2Nov 21 08:26:16 pkdns2 sshd\[306\]: Invalid user pass321 from 216.109.50.34Nov 21 08:26:18 pkdns2 sshd\[306\]: Failed password for invalid user pass321 from 216.109.50.34 port 59310 ssh2Nov 21 08:29:57 pkdns2 sshd\[414\]: Invalid user nobody1234678 from 216.109.50.34Nov 21 08:29:59 pkdns2 sshd\[414\]: Failed password for invalid user nobody1234678 from 216.109.50.34 port 39880 ssh2 ...	2019-11-21 15:04:47
170.238.46.6	attackbotsspam	Nov 21 09:21:19 server sshd\[20584\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.238.46.6 user=root Nov 21 09:21:21 server sshd\[20584\]: Failed password for root from 170.238.46.6 port 57146 ssh2 Nov 21 09:30:36 server sshd\[22914\]: Invalid user darroll from 170.238.46.6 Nov 21 09:30:36 server sshd\[22914\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.238.46.6 Nov 21 09:30:38 server sshd\[22914\]: Failed password for invalid user darroll from 170.238.46.6 port 38736 ssh2 ...	2019-11-21 14:40:46
173.252.95.8	attackbots	[Thu Nov 21 13:29:59.767212 2019] [:error] [pid 11728:tid 139629066536704] [client 173.252.95.8:64204] [client 173.252.95.8] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/images/banner_cuaca_jalur_natal-2016_tahun_baru-2017.jpg"] [unique_id "XdYu5@Fwx2PoewqcX5OqUAAAAAE"] ...	2019-11-21 15:06:22
101.109.83.140	attack	Nov 21 07:26:29 vps666546 sshd\[22183\]: Invalid user asterisk from 101.109.83.140 port 40962 Nov 21 07:26:29 vps666546 sshd\[22183\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.109.83.140 Nov 21 07:26:30 vps666546 sshd\[22183\]: Failed password for invalid user asterisk from 101.109.83.140 port 40962 ssh2 Nov 21 07:30:35 vps666546 sshd\[22291\]: Invalid user shoulars from 101.109.83.140 port 48748 Nov 21 07:30:35 vps666546 sshd\[22291\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.109.83.140 ...	2019-11-21 14:42:12
49.81.92.64	attackspam	SpamReport	2019-11-21 15:02:34
187.190.236.88	attackbotsspam	F2B jail: sshd. Time: 2019-11-21 07:30:21, Reported by: VKReport	2019-11-21 14:49:49
183.164.45.104	attackbotsspam	Automatic report - Port Scan Attack	2019-11-21 14:40:31
178.242.50.219	attackbotsspam	Automatic report - Port Scan Attack	2019-11-21 15:11:36
186.103.223.10	attackbots	Nov 21 13:31:44 webhost01 sshd[30525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.103.223.10 Nov 21 13:31:47 webhost01 sshd[30525]: Failed password for invalid user kianusch from 186.103.223.10 port 49004 ssh2 ...	2019-11-21 14:50:17

Recently Reported IPs

165.151.203.96	111.162.146.236	37.164.170.41	186.141.181.197
110.90.103.97	93.104.39.13	18.204.72.3	41.186.37.133
68.110.114.125	106.45.0.43	77.21.95.56	208.46.110.27
106.11.157.154	3.144.135.75	106.11.154.33	1.194.219.2
130.45.27.131	97.57.242.134	104.196.246.71	191.165.127.175