JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 121.41.165.59

121.41.165.59 was found in our database!

This IP was reported 180 times. Confidence of Abuse is 64%: ?

64%

ISP	Aliyun Computing Co., LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS37963
Domain Name	alibabacloud.com
Country	🇨🇳 China
City	Hangzhou, Zhejiang

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 121.41.165.59

Whois 121.41.165.59

IP Abuse Reports for 121.41.165.59:

This IP address has been reported a total of 180 times from 58 distinct sources. 121.41.165.59 was first reported on March 27th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-06-20 03:08:04 (1 day ago)	Honeypot detection: Windows Remote Management (WinRM) unauthorized access attempt on port 5986. Seve ... show more Honeypot detection: Windows Remote Management (WinRM) unauthorized access attempt on port 5986. Severity: MEDIUM. Aaran.cloud show less	Brute-Force Hacking
🇫🇮 WinnieHoneypots	2026-06-15 01:14:00 (6 days ago)	📡 TCP port scanner, 5 or more hits, last seen on port 58400 30111 16002	Port Scan
🇫🇷 security.rdmc.fr	2026-06-12 08:25:25 (1 week ago)	VoIP Attack proto:TCP src:50927 dst:5060	Port Scan Fraud VoIP
Anonymous	2026-06-12 02:07:38 (1 week ago)	Jun 11 22:07:34 localhost kernel: [109575352.720437] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:9 ... show more Jun 11 22:07:34 localhost kernel: [109575352.720437] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=121.41.165.59 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x40 TTL=233 ID=20866 PROTO=TCP SPT=50052 DPT=9009 WINDOW=1024 RES=0x00 SYN URGP=0 Jun 11 22:07:34 localhost kernel: [109575352.720446] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=121.41.165.59 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x40 TTL=233 ID=20866 PROTO=TCP SPT=50052 DPT=9009 SEQ=1312559821 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 Jun 11 22:07:37 localhost kernel: [109575355.712367] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=121.41.165.59 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x40 TTL=233 ID=45600 PROTO=TCP SPT=50052 DPT=8050 WINDOW=1024 RES=0x00 SYN URGP=0 Jun 11 22:07:37 localhost kernel: [109575355.712386] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:00:00:0c:9f:f0:1e:08:00 SRC=121.41.165.59 DST=[mungedIP2] LEN=40 TOS=0 show less	Port Scan
🇺🇸 ISPLtd	2026-06-09 04:09:03 (1 week ago)	Jun 8 22:09:00 121.41.165.59 TCP SPT=58140 DPT=1105 SYN Jun 8 22:09:01 121.41.165.59 TCP SPT=58140 ... show more Jun 8 22:09:00 121.41.165.59 TCP SPT=58140 DPT=1105 SYN Jun 8 22:09:01 121.41.165.59 TCP SPT=58140 DPT=24066 SYN Jun 8 22:09:02 121.41.165.59 TCP SPT=58140 DPT=19017 ... show less	Port Scan
🇹🇷 Squearex	2026-06-07 17:00:58 (2 weeks ago)	Automated ban by SCUMUnified Shield. Honeypot Trap Triggered (Decoy Port 3389)	Brute-Force SSH
🇪🇸 gnom4ik	2026-06-07 06:47:37 (2 weeks ago)	ban-reviewer auto report; ip=121.41.165.59; scenario=ssh:bruteforce; verdict=valid_ban; confidence=0 ... show more ban-reviewer auto report; ip=121.41.165.59; scenario=ssh:bruteforce; verdict=valid_ban; confidence=0.92; categories=14,15,18,22; active_decisions=2; lookback_decisions=2; nginx_requests=0; appsec_matches=0; auth_events=0; kernel_events=0; signals=ip_decision_count_high show less	Port Scan Hacking Brute-Force SSH
🇬🇧 PeravixGroup	2026-06-06 23:04:41 (2 weeks ago)	Honeypot detection: Docker daemon unauthorized access / container escape attempt on port 2376. Sever ... show more Honeypot detection: Docker daemon unauthorized access / container escape attempt on port 2376. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host
🇺🇸 ISPLtd	2026-06-06 22:41:47 (2 weeks ago)	Jun 6 16:41:45 121.41.165.59 TCP SPT=45704 DPT=2113 SYN Jun 6 16:41:45 121.41.165.59 TCP SPT=45704 ... show more Jun 6 16:41:45 121.41.165.59 TCP SPT=45704 DPT=2113 SYN Jun 6 16:41:45 121.41.165.59 TCP SPT=45704 DPT=5071 SYN Jun 6 16:41:46 121.41.165.59 TCP SPT=45704 DPT=6067 ... show less	Port Scan
🇫🇷 Petre 21_ip	2026-06-05 23:30:06 (2 weeks ago)	2026-06-06T01:30:05.353838+02:00 vmi2775508 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:5c:a7:cf:c ... show more 2026-06-06T01:30:05.353838+02:00 vmi2775508 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:5c:a7:cf:c0:69:11:b3:85:db:08:00 SRC=121.41.165.59 DST=155.133.26.57 LEN=40 TOS=0x00 PREC=0x00 TTL=231 ID=9239 PROTO=TCP SPT=42204 DPT=30333 WINDOW=1024 RES=0x00 SYN URGP=0 ... show less	Port Scan
🇩🇪 acadeova	2026-06-05 15:19:46 (2 weeks ago)	Blocked by UFW on vps2 [8046/tcp] Source port: 52751 TTL: 241 Packet length: 40 TOS: 0x00 This repo ... show more Blocked by UFW on vps2 [8046/tcp] Source port: 52751 TTL: 241 Packet length: 40 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇩🇪 acadeova	2026-06-04 08:53:06 (2 weeks ago)	🚨 Recon detected (nft drop) SRC=121.41.165.59 Observed=TCP dpt=46314 in=enp0s6 ttl=241 Time=recent(j ... show more 🚨 Recon detected (nft drop) SRC=121.41.165.59 Observed=TCP dpt=46314 in=enp0s6 ttl=241 Time=recent(journalctl: 10 minutes ago) Assessment=Generic scanning / reconnaissance (PORT_SCAN) show less	Port Scan
🇺🇸 ISPLtd	2026-06-02 04:08:53 (2 weeks ago)	Jun 1 22:08:51 121.41.165.59 TCP SPT=53331 DPT=35663 SYN Jun 1 22:08:52 121.41.165.59 TCP SPT=5333 ... show more Jun 1 22:08:51 121.41.165.59 TCP SPT=53331 DPT=35663 SYN Jun 1 22:08:52 121.41.165.59 TCP SPT=53331 DPT=4491 SYN Jun 1 22:08:53 121.41.165.59 TCP SPT=53331 DPT=63019 ... show less	Port Scan
🇬🇧 PeravixGroup	2026-06-01 05:47:39 (2 weeks ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8080. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇸🇬 baltic-lab.com	2026-05-31 07:51:31 (3 weeks ago)	Firewall Detection, SG, Either a port scan or continued brute-force attack by a previously blocked o ... show more Firewall Detection, SG, Either a port scan or continued brute-force attack by a previously blocked offender ... show less	Brute-Force Port Scan

Showing 1 to 15 of 180 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 170.106.11.6

🇺🇸 128.203.201.155

🇺🇸 107.175.87.129

🇮🇩 103.154.231.122

🇺🇸 93.152.208.38

🇺🇸 93.152.208.26

🇳🇱 93.123.72.183

🇮🇳 52.172.177.191

🇺🇸 34.186.24.208

🇺🇸 34.86.157.72

🇵🇰 223.123.42.232

🇨🇳 123.56.8.132

🇺🇸 66.132.195.61

🇧🇷 45.234.22.193

🇳🇱 45.148.10.152

🇹🇼 35.201.198.27

🇨🇳 223.109.252.190

🇳🇱 195.178.110.30

🇫🇷 195.177.94.173

🇱🇹 81.30.98.49