52.80.20.85 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
52.80.20.135	attack	Automatic report - Banned IP Access	2020-07-21 13:27:01
52.80.20.135	attack	WordPress vulnerability sniffing (looking for /wp-login.php)	2020-07-13 02:01:42
52.80.20.135	attackbotsspam	52.80.20.135 - - \[08/Jul/2020:03:25:12 +0200\] "POST /wp-login.php HTTP/1.0" 200 4409 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 52.80.20.135 - - \[08/Jul/2020:03:25:15 +0200\] "POST /wp-login.php HTTP/1.0" 200 4241 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 52.80.20.135 - - \[08/Jul/2020:03:25:17 +0200\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-07-08 10:21:17
52.80.20.135	attack	2020/06/24 00:53:29 [error] 2039889#2039889: 410103 open() "/usr/share/nginx/html/wp-login.php" failed (2: No such file or directory), client: 52.80.20.135, server: _, request: "GET /wp-login.php HTTP/1.1", host: "boersch-ibak-panoramo.de", referrer: "http://www.xn--mobiles-wc-brsch-xwb.de/wp-login.php" 2020/06/24 00:53:29 [error] 2039889#2039889: 410103 open() "/usr/share/nginx/html/wp-login.php" failed (2: No such file or directory), client: 52.80.20.135, server: _, request: "GET /wp-login.php HTTP/1.1", host: "boersch-ibak-panoramo.de", referrer: "http://www.xn--mobiles-wc-brsch-xwb.de/wp-login.php" 2020/06/24 00:53:29 [error] 2039889#2039889: *410103 open() "/usr/share/nginx/html/wp-login.php" failed (2: No such file or directory), client: 52.80.20.135, server: _, request: "GET /wp-login.php HTTP/1.1", host: "boersch-ibak-panoramo.de", referrer: "http://www.xn--mobiles-wc-brsch-xwb.de/wp-login.php"	2020-06-24 17:28:19
52.80.20.135	attack	xmlrpc attack	2020-06-22 15:42:05
52.80.20.135	attackspambots	Trolling for resource vulnerabilities	2020-06-16 14:43:18
52.80.20.135	attackspam	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-06-15 04:27:53

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 52.80.20.85
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61367
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;52.80.20.85.			IN	A

;; AUTHORITY SECTION:
.			404	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022010900 1800 900 604800 86400

;; Query time: 20 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Jan 09 18:22:10 CST 2022
;; MSG SIZE  rcvd: 104

Host info

85.20.80.52.in-addr.arpa domain name pointer ec2-52-80-20-85.cn-north-1.compute.amazonaws.com.cn.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
85.20.80.52.in-addr.arpa	name = ec2-52-80-20-85.cn-north-1.compute.amazonaws.com.cn.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
222.186.175.140	attackspambots	SSH Brute-Force reported by Fail2Ban	2019-12-16 22:07:50
175.207.13.200	attackspam	$f2bV_matches	2019-12-16 22:01:55
111.19.157.177	attackspambots	Brute forcing RDP port 3389	2019-12-16 21:41:56
51.254.32.102	attack	Dec 16 16:08:37 server sshd\[13555\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.ip-51-254-32.eu user=mysql Dec 16 16:08:38 server sshd\[13555\]: Failed password for mysql from 51.254.32.102 port 36302 ssh2 Dec 16 16:20:24 server sshd\[17251\]: Invalid user md from 51.254.32.102 Dec 16 16:20:24 server sshd\[17251\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.ip-51-254-32.eu Dec 16 16:20:27 server sshd\[17251\]: Failed password for invalid user md from 51.254.32.102 port 59148 ssh2 ...	2019-12-16 21:49:47
66.181.167.115	attackspambots	Dec 16 08:28:40 game-panel sshd[16006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.167.115 Dec 16 08:28:42 game-panel sshd[16006]: Failed password for invalid user enrique from 66.181.167.115 port 60916 ssh2 Dec 16 08:35:04 game-panel sshd[16300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.181.167.115	2019-12-16 21:57:03
54.37.176.48	attackbotsspam	Lines containing failures of 54.37.176.48 Dec 16 07:13:08 server01 postfix/smtpd[9607]: connect from esserverate.redimmediatelynk.top[54.37.176.48] Dec x@x Dec x@x Dec x@x Dec x@x Dec 16 07:13:54 server01 postfix/smtpd[9607]: disconnect from esserverate.redimmediatelynk.top[54.37.176.48] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=54.37.176.48	2019-12-16 21:51:39
187.188.251.219	attackspambots	SSH Brute Force, server-1 sshd[10495]: Failed password for lp from 187.188.251.219 port 42820 ssh2	2019-12-16 21:38:54
92.118.37.58	attack	12/16/2019-07:52:36.403192 92.118.37.58 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-12-16 21:33:04
122.3.88.147	attackspam	--- report --- Dec 16 05:55:32 sshd: Connection from 122.3.88.147 port 3734	2019-12-16 21:38:03
212.34.246.73	attackbotsspam	Invalid user alain from 212.34.246.73 port 49522	2019-12-16 21:33:55
49.73.61.26	attackbots	SSH bruteforce (Triggered fail2ban)	2019-12-16 21:32:30
188.166.108.161	attack	Invalid user http from 188.166.108.161 port 53346	2019-12-16 21:45:05
193.112.123.100	attackbots	--- report --- Dec 16 10:58:12 sshd: Connection from 193.112.123.100 port 41300 Dec 16 10:58:14 sshd: Invalid user krant from 193.112.123.100 Dec 16 10:58:16 sshd: Failed password for invalid user krant from 193.112.123.100 port 41300 ssh2 Dec 16 10:58:17 sshd: Received disconnect from 193.112.123.100: 11: Bye Bye [preauth]	2019-12-16 22:10:51
177.126.211.2	attack	Dec 16 07:08:36 mail01 postfix/postscreen[11669]: CONNECT from [177.126.211.2]:33387 to [94.130.181.95]:25 Dec 16 07:08:36 mail01 postfix/dnsblog[12048]: addr 177.126.211.2 listed by domain bl.blocklist.de as 127.0.0.9 Dec 16 07:08:36 mail01 postfix/dnsblog[12049]: addr 177.126.211.2 listed by domain ix.dnsbl.xxxxxx.net as 127.0.0.2 Dec 16 07:08:36 mail01 postfix/dnsblog[12050]: addr 177.126.211.2 listed by domain zen.spamhaus.org as 127.0.0.3 Dec 16 07:08:36 mail01 postfix/dnsblog[12050]: addr 177.126.211.2 listed by domain zen.spamhaus.org as 127.0.0.11 Dec 16 07:08:36 mail01 postfix/dnsblog[12050]: addr 177.126.211.2 listed by domain zen.spamhaus.org as 127.0.0.4 Dec 16 07:08:37 mail01 postfix/postscreen[11669]: PREGREET 35 after 0.65 from [177.126.211.2]:33387: EHLO 177.126.211-2.teleuno.com.br Dec 16 07:08:37 mail01 postfix/postscreen[11669]: DNSBL rank 5 for [177.126.211.2]:33387 Dec x@x Dec x@x Dec x@x ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=	2019-12-16 22:11:41
148.235.57.179	attack	Invalid user olejniczak from 148.235.57.179 port 57918	2019-12-16 21:43:50

Recently Reported IPs

173.11.63.191	88.50.123.161	150.162.130.19	230.40.136.145
121.3.217.197	82.40.128.63	138.45.237.188	93.120.76.248
4.225.114.221	199.176.214.32	49.183.54.82	227.189.105.34
237.155.161.117	10.137.144.24	60.206.204.253	109.215.75.103
102.22.137.163	249.211.111.85	3.249.146.12	215.188.74.51