116.55.75.160 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Yunnan Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	Unauthorized connection attempt detected from IP address 116.55.75.160 to port 6656 [T]	2020-01-30 18:31:10

Comments on same subnet:

IP	Type	Details	Datetime
116.55.75.238	attack	Unauthorized connection attempt detected from IP address 116.55.75.238 to port 6656 [T]	2020-01-28 08:31:31
116.55.75.175	attack	badbot	2019-11-20 21:52:44

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 116.55.75.160
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48280
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;116.55.75.160.			IN	A

;; AUTHORITY SECTION:
.			328	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020013001 1800 900 604800 86400

;; Query time: 51 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Jan 30 18:31:06 CST 2020
;; MSG SIZE  rcvd: 117

Host info

160.75.55.116.IN-ADDR.ARPA domain name pointer 160.75.55.116.broad.km.yn.dynamic.163data.com.cn.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
160.75.55.116.in-addr.arpa	name = 160.75.55.116.broad.km.yn.dynamic.163data.com.cn.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
103.252.119.139	attackbots	smtp probe/invalid login attempt	2020-09-22 01:34:37
211.90.39.117	attackbotsspam	20 attempts against mh-ssh on echoip	2020-09-22 01:42:12
172.255.251.196	attackbots	MultiHost/MultiPort Probe, Scan, Hack -	2020-09-22 01:20:56
139.59.136.99	attackspam	leo_www	2020-09-22 01:23:02
59.124.6.166	attackspambots	Invalid user toor from 59.124.6.166 port 55786	2020-09-22 01:30:40
114.119.166.88	attack	[Sun Sep 20 23:59:58.592498 2020] [:error] [pid 23424:tid 140117914142464] [client 114.119.166.88:55004] [client 114.119.166.88] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/coreruleset-3.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "756"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/prakiraan-iklim/agroklimatologi/kalender-tanam/3394-kalender-tanam-katam-terpadu-papua/kalender-tanam-katam-terpadu-provinsi-papua/kalender-tanam-katam-terpadu-kabupaten-boven-digoel-provinsi-papua"] [unique_id "X2eKjohylJRSFCTJL2z-LwAAAGM"] ...	2020-09-22 01:29:55
185.234.219.228	attackspambots	2020-09-21 20:45:57 dovecot_login authenticator failed for (smd-m.ru) [185.234.219.228]: 535 Incorrect authentication data (set_id=admin@smd-m.ru) ...	2020-09-22 01:48:41
49.234.27.90	attackbotsspam	[ssh] SSH attack	2020-09-22 01:30:54
113.31.125.177	attackspam	Invalid user admin from 113.31.125.177 port 49596	2020-09-22 01:26:15
111.68.98.152	attack	Sep 21 20:07:09 vps768472 sshd\[13772\]: Invalid user server from 111.68.98.152 port 54842 Sep 21 20:07:09 vps768472 sshd\[13772\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.68.98.152 Sep 21 20:07:11 vps768472 sshd\[13772\]: Failed password for invalid user server from 111.68.98.152 port 54842 ssh2 ...	2020-09-22 01:44:15
183.106.43.239	attack	Listed on abuseat.org plus zen-spamhaus / proto=6 . srcport=15235 . dstport=80 . (2306)	2020-09-22 01:39:11
180.71.58.82	attackspam	Sep 21 13:04:33 XXXXXX sshd[3460]: Invalid user taskctl from 180.71.58.82 port 36365	2020-09-22 01:25:01
64.225.43.55	attackspam	64.225.43.55 - - [21/Sep/2020:18:45:40 +0100] "POST /wp-login.php HTTP/1.1" 200 2394 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 64.225.43.55 - - [21/Sep/2020:18:45:41 +0100] "POST /wp-login.php HTTP/1.1" 200 2328 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 64.225.43.55 - - [21/Sep/2020:18:45:41 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-22 01:51:06
132.232.108.149	attackbotsspam	132.232.108.149 (CN/China/-), 6 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Sep 21 13:21:14 jbs1 sshd[774]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.108.149 user=root Sep 21 13:21:16 jbs1 sshd[774]: Failed password for root from 132.232.108.149 port 54958 ssh2 Sep 21 13:20:10 jbs1 sshd[31888]: Failed password for root from 36.22.179.54 port 9851 ssh2 Sep 21 13:20:25 jbs1 sshd[32230]: Failed password for root from 106.12.154.24 port 44336 ssh2 Sep 21 13:20:23 jbs1 sshd[32230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.154.24 user=root Sep 21 13:21:47 jbs1 sshd[1386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.68.209.240 user=root IP Addresses Blocked:	2020-09-22 01:23:22
222.186.180.8	attackbots	Sep 21 19:43:15 vm0 sshd[7045]: Failed password for root from 222.186.180.8 port 25848 ssh2 Sep 21 19:43:29 vm0 sshd[7045]: error: maximum authentication attempts exceeded for root from 222.186.180.8 port 25848 ssh2 [preauth] ...	2020-09-22 01:45:07

Recently Reported IPs

60.172.71.130	60.160.143.89	49.81.79.4	193.6.112.84
192.16.188.43	42.115.231.76	42.56.11.130	96.86.73.161
35.198.248.77	27.158.23.114	14.134.108.13	1.180.165.186
1.4.216.118	1.2.231.58	223.240.215.17	222.220.152.56
55.37.177.23	157.47.162.77	222.90.42.38	163.192.147.219