124.90.53.53 - IPInfo

Basic Info

City: Hangzhou

Region: Zhejiang

Country: China

Internet Service Provider: China Unicom Zhejiang Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	The IP has triggered Cloudflare WAF. CF-Ray: 5410570a3a7a9629 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: ip.skk.moe \| User-Agent: Mozilla/5.081397758 Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) \| CF_DC: SJC. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 03:49:39

Type

Details

Datetime

attack

The IP has triggered Cloudflare WAF. CF-Ray: 5410570a3a7a9629 | WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 | WAF_Kind: firewall | CF_Action: challenge | Country: CN | CF_IPClass: noRecord | Protocol: HTTP/1.1 | Method: GET | Host: ip.skk.moe | User-Agent: Mozilla/5.081397758 Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0) | CF_DC: SJC. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-08 03:49:39

Comments on same subnet:

IP	Type	Details	Datetime
124.90.53.117	attack	Unauthorized connection attempt detected from IP address 124.90.53.117 to port 8123 [J]	2020-03-02 14:58:23
124.90.53.192	attackbots	The IP has triggered Cloudflare WAF. CF-Ray: 5433b18c5dbc9406 \| WAF_Rule_ID: 1112825 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: img.skk.moe \| User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Mobile Safari/537.36 \| CF_DC: SJC. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-12 03:52:16
124.90.53.173	attack	The IP has triggered Cloudflare WAF. CF-Ray: 540fa701ee9a2808 \| WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: api.skk.moe \| User-Agent: Mozilla/4.049897920 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) \| CF_DC: SJC. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 02:15:34

Type

Details

Datetime

124.90.53.117

attack

Unauthorized connection attempt detected from IP address 124.90.53.117 to port 8123 [J]

2020-03-02 14:58:23

124.90.53.192

attackbots

The IP has triggered Cloudflare WAF. CF-Ray: 5433b18c5dbc9406 | WAF_Rule_ID: 1112825 | WAF_Kind: firewall | CF_Action: challenge | Country: CN | CF_IPClass: noRecord | Protocol: HTTP/1.1 | Method: GET | Host: img.skk.moe | User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Mobile Safari/537.36 | CF_DC: SJC. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-12 03:52:16

124.90.53.173

attack

The IP has triggered Cloudflare WAF. CF-Ray: 540fa701ee9a2808 | WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 | WAF_Kind: firewall | CF_Action: drop | Country: CN | CF_IPClass: noRecord | Protocol: HTTP/1.1 | Method: GET | Host: api.skk.moe | User-Agent: Mozilla/4.049897920 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729) | CF_DC: SJC. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-08 02:15:34

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 124.90.53.53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57390
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;124.90.53.53.			IN	A

;; AUTHORITY SECTION:
.			246	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019120700 1800 900 604800 86400

;; Query time: 55 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Dec 08 03:49:36 CST 2019
;; MSG SIZE  rcvd: 116

Host info

Host 53.53.90.124.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 53.53.90.124.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
146.185.25.181	attackspam	DNS Enumeration	2019-11-05 23:59:32
139.59.34.17	attackbotsspam	SSH Bruteforce	2019-11-05 23:48:54
186.10.185.208	attack	PHI,WP GET /wp-login.php	2019-11-05 23:53:38
67.205.139.165	attackspambots	Nov 5 15:57:07 game-panel sshd[18881]: Failed password for root from 67.205.139.165 port 36436 ssh2 Nov 5 16:01:07 game-panel sshd[19007]: Failed password for root from 67.205.139.165 port 46446 ssh2 Nov 5 16:04:56 game-panel sshd[19093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.205.139.165	2019-11-06 00:12:15
34.212.63.114	attackspam	11/05/2019-16:10:02.953681 34.212.63.114 Protocol: 6 SURICATA TLS invalid record/traffic	2019-11-05 23:41:58
14.18.93.114	attack	Nov 5 16:45:43 vmanager6029 sshd\[7811\]: Invalid user whocares from 14.18.93.114 port 32874 Nov 5 16:45:43 vmanager6029 sshd\[7811\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.18.93.114 Nov 5 16:45:45 vmanager6029 sshd\[7811\]: Failed password for invalid user whocares from 14.18.93.114 port 32874 ssh2	2019-11-06 00:03:45
142.93.212.131	attack	Nov 5 05:56:03 web1 sshd\[2540\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.212.131 user=root Nov 5 05:56:06 web1 sshd\[2540\]: Failed password for root from 142.93.212.131 port 58740 ssh2 Nov 5 06:00:49 web1 sshd\[2953\]: Invalid user icinga from 142.93.212.131 Nov 5 06:00:49 web1 sshd\[2953\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.212.131 Nov 5 06:00:51 web1 sshd\[2953\]: Failed password for invalid user icinga from 142.93.212.131 port 42738 ssh2	2019-11-06 00:18:50
115.159.235.17	attackbots	Nov 5 17:00:46 server sshd\[32235\]: Invalid user esther from 115.159.235.17 Nov 5 17:00:46 server sshd\[32235\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.235.17 Nov 5 17:00:48 server sshd\[32235\]: Failed password for invalid user esther from 115.159.235.17 port 32792 ssh2 Nov 5 17:40:18 server sshd\[9556\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.235.17 user=root Nov 5 17:40:20 server sshd\[9556\]: Failed password for root from 115.159.235.17 port 45610 ssh2 ...	2019-11-06 00:06:09
185.176.27.102	attackspambots	ET DROP Dshield Block Listed Source group 1 - port: 4683 proto: TCP cat: Misc Attack	2019-11-06 00:12:58
185.53.88.33	attackspam	\[2019-11-05 10:35:17\] NOTICE\[2601\] chan_sip.c: Registration from '"1001" \' failed for '185.53.88.33:5448' - Wrong password \[2019-11-05 10:35:17\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-05T10:35:17.064-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="1001",SessionID="0x7fdf2c0eb718",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/185.53.88.33/5448",Challenge="22b1bd67",ReceivedChallenge="22b1bd67",ReceivedHash="ecbc37cd045bc2e4bf5c06f63caea1cf" \[2019-11-05 10:35:17\] NOTICE\[2601\] chan_sip.c: Registration from '"1001" \' failed for '185.53.88.33:5448' - Wrong password \[2019-11-05 10:35:17\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-05T10:35:17.165-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="1001",SessionID="0x7fdf2c003608",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/1	2019-11-05 23:42:23
206.189.202.45	attackspambots	2019-11-05T15:11:56.662951abusebot-2.cloudsearch.cf sshd\[26479\]: Invalid user QAZ!@\#123g from 206.189.202.45 port 56708	2019-11-06 00:25:16
198.108.67.106	attackbotsspam	firewall-block, port(s): 3569/tcp	2019-11-06 00:05:10
106.12.185.54	attack	Nov 5 16:42:43 sso sshd[12576]: Failed password for root from 106.12.185.54 port 39030 ssh2 ...	2019-11-06 00:16:45
103.245.181.2	attackspam	2019-11-05T15:40:48.1169111240 sshd\[13737\]: Invalid user user from 103.245.181.2 port 46290 2019-11-05T15:40:48.1196801240 sshd\[13737\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.245.181.2 2019-11-05T15:40:49.6058461240 sshd\[13737\]: Failed password for invalid user user from 103.245.181.2 port 46290 ssh2 ...	2019-11-05 23:49:08
185.234.217.194	attackspambots	login attempts	2019-11-06 00:11:42

Recently Reported IPs

76.200.212.103	58.176.158.189	123.160.232.110	126.39.249.34
123.158.61.81	71.30.70.107	185.208.209.174	217.3.46.126
121.57.231.206	50.76.40.130	37.250.92.22	121.57.230.225
50.107.13.41	121.57.225.54	126.151.85.2	121.57.225.21
206.12.185.61	121.57.224.173	60.38.226.138	120.92.72.50