103.252.42.41 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: India

Internet Service Provider: IP Administrator

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	1433/tcp 445/tcp... [2019-09-20/10-22]4pkt,2pt.(tcp)	2019-10-23 05:40:33
attack	Oct 4 23:46:19 localhost kernel: [3984998.447362] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=103.252.42.41 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=46369 PROTO=TCP SPT=45021 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 4 23:46:19 localhost kernel: [3984998.447368] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=103.252.42.41 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=46369 PROTO=TCP SPT=45021 DPT=445 SEQ=1258673378 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0	2019-10-05 18:12:53

Type

Details

Datetime

attackspambots

1433/tcp 445/tcp...
[2019-09-20/10-22]4pkt,2pt.(tcp)

2019-10-23 05:40:33

attack

Oct  4 23:46:19 localhost kernel: [3984998.447362] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=103.252.42.41 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=46369 PROTO=TCP SPT=45021 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct  4 23:46:19 localhost kernel: [3984998.447368] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=103.252.42.41 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=46369 PROTO=TCP SPT=45021 DPT=445 SEQ=1258673378 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0

2019-10-05 18:12:53

Comments on same subnet:

IP	Type	Details	Datetime
103.252.42.179	attack	SpamScore above: 10.0	2020-04-07 02:13:47
103.252.42.171	attackbotsspam	email spam	2020-04-06 05:25:21
103.252.42.111	attackbots	Apr 2 06:09:06 web01 postfix/smtpd[18410]: connect from organic.traumado.com[103.252.42.111] Apr 2 06:09:06 web01 policyd-spf[18425]: None; identhostnamey=helo; client-ip=103.252.42.111; helo=organic.eselsoft.com; envelope-from=x@x Apr 2 06:09:06 web01 policyd-spf[18425]: Pass; identhostnamey=mailfrom; client-ip=103.252.42.111; helo=organic.eselsoft.com; envelope-from=x@x Apr x@x Apr 2 06:09:06 web01 postfix/smtpd[18410]: disconnect from organic.traumado.com[103.252.42.111] Apr 2 06:52:45 web01 postfix/smtpd[19979]: connect from organic.traumado.com[103.252.42.111] Apr 2 06:52:46 web01 policyd-spf[20200]: None; identhostnamey=helo; client-ip=103.252.42.111; helo=organic.eselsoft.com; envelope-from=x@x Apr 2 06:52:46 web01 policyd-spf[20200]: Pass; identhostnamey=mailfrom; client-ip=103.252.42.111; helo=organic.eselsoft.com; envelope-from=x@x Apr x@x Apr 2 06:52:46 web01 postfix/smtpd[19979]: disconnect from organic.traumado.com[103.252.42.111] Apr 2 07:00:50 we........ -------------------------------	2020-04-02 15:25:30
103.252.42.168	attackbots	SpamScore above: 10.0	2020-04-01 20:51:41
103.252.42.115	attackbotsspam	Mar 31 00:31:16 exim[18919]: [1\47] 1jJ2w7-0004v9-HC H=event.traumado.com (event.eselsoft.com) [103.252.42.115] F= rejected after DATA: This message scored 100.5 spam points.	2020-03-31 08:57:31
103.252.42.178	attack	SpamScore above: 10.0	2020-03-30 20:15:18

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 103.252.42.41
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51590
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;103.252.42.41.			IN	A

;; AUTHORITY SECTION:
.			530	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019100500 1800 900 604800 86400

;; Query time: 119 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Oct 05 18:12:48 CST 2019
;; MSG SIZE  rcvd: 117

Host info

Host 41.42.252.103.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 41.42.252.103.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
218.92.0.210	attackspam	2019-08-10T16:40:16.598369abusebot-3.cloudsearch.cf sshd\[24860\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.210 user=root	2019-08-11 00:58:13
139.59.39.49	attackbotsspam	Jan 3 16:17:00 motanud sshd\[11110\]: Invalid user sandok from 139.59.39.49 port 41270 Jan 3 16:17:00 motanud sshd\[11110\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.39.49 Jan 3 16:17:02 motanud sshd\[11110\]: Failed password for invalid user sandok from 139.59.39.49 port 41270 ssh2	2019-08-11 01:53:51
139.198.3.81	attack	2019-08-10T14:16:17.001221stark.klein-stark.info sshd\[8392\]: Invalid user minecraft from 139.198.3.81 port 41040 2019-08-10T14:16:17.005367stark.klein-stark.info sshd\[8392\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.198.3.81 2019-08-10T14:16:18.726235stark.klein-stark.info sshd\[8392\]: Failed password for invalid user minecraft from 139.198.3.81 port 41040 ssh2 ...	2019-08-11 01:39:08
37.252.90.68	attack	ssh failed login	2019-08-11 01:16:47
103.120.227.49	attackbots	Aug 10 16:46:15 server sshd\[5003\]: Invalid user julian from 103.120.227.49 port 49138 Aug 10 16:46:15 server sshd\[5003\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.120.227.49 Aug 10 16:46:18 server sshd\[5003\]: Failed password for invalid user julian from 103.120.227.49 port 49138 ssh2 Aug 10 16:51:55 server sshd\[21028\]: Invalid user spotlight from 103.120.227.49 port 46651 Aug 10 16:51:55 server sshd\[21028\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.120.227.49	2019-08-11 01:46:27
73.26.245.243	attack	Aug 10 14:16:32 [munged] sshd[32170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=73.26.245.243 user=root Aug 10 14:16:34 [munged] sshd[32170]: Failed password for root from 73.26.245.243 port 36200 ssh2	2019-08-11 01:27:20
106.12.7.75	attackspam	Aug 10 17:28:08 *** sshd[29174]: User postfix from 106.12.7.75 not allowed because not listed in AllowUsers	2019-08-11 01:50:19
187.115.241.66	attack	Automatic report - Port Scan Attack	2019-08-11 01:00:34
180.76.55.93	attackspambots	Aug 10 13:45:06 vtv3 sshd\[8021\]: Invalid user jking from 180.76.55.93 port 47858 Aug 10 13:45:06 vtv3 sshd\[8021\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.55.93 Aug 10 13:45:08 vtv3 sshd\[8021\]: Failed password for invalid user jking from 180.76.55.93 port 47858 ssh2 Aug 10 13:48:04 vtv3 sshd\[9543\]: Invalid user fx from 180.76.55.93 port 33348 Aug 10 13:48:04 vtv3 sshd\[9543\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.55.93 Aug 10 13:59:37 vtv3 sshd\[15208\]: Invalid user jacob from 180.76.55.93 port 59927 Aug 10 13:59:37 vtv3 sshd\[15208\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.55.93 Aug 10 13:59:39 vtv3 sshd\[15208\]: Failed password for invalid user jacob from 180.76.55.93 port 59927 ssh2 Aug 10 14:02:34 vtv3 sshd\[16975\]: Invalid user long from 180.76.55.93 port 45476 Aug 10 14:02:34 vtv3 sshd\[16975\]: pam_unix\(sshd:auth\):	2019-08-11 01:38:47
78.131.197.170	attackspambots	SPF Fail sender not permitted to send mail for @tktelekom.pl / Mail sent to address hacked/leaked from Last.fm	2019-08-11 01:09:20
95.238.103.204	attack	Aug 10 14:16:30 cvbmail sshd\[3799\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.238.103.204 user=root Aug 10 14:16:32 cvbmail sshd\[3799\]: Failed password for root from 95.238.103.204 port 60954 ssh2 Aug 10 14:16:42 cvbmail sshd\[3801\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.238.103.204 user=root	2019-08-11 01:19:17
111.59.92.70	attack	Aug 10 19:17:25 server2 sshd\[26113\]: User root from 111.59.92.70 not allowed because not listed in AllowUsers Aug 10 19:17:26 server2 sshd\[26114\]: User root from 111.59.92.70 not allowed because not listed in AllowUsers Aug 10 19:17:26 server2 sshd\[26112\]: User root from 111.59.92.70 not allowed because not listed in AllowUsers Aug 10 19:17:26 server2 sshd\[26115\]: User root from 111.59.92.70 not allowed because not listed in AllowUsers Aug 10 19:17:26 server2 sshd\[26120\]: User root from 111.59.92.70 not allowed because not listed in AllowUsers Aug 10 19:17:27 server2 sshd\[26122\]: Invalid user francisco.tosso from 111.59.92.70	2019-08-11 01:07:41
104.248.85.54	attack	Aug 10 18:49:03 meumeu sshd[14078]: Failed password for invalid user diradmin from 104.248.85.54 port 38426 ssh2 Aug 10 18:53:08 meumeu sshd[14510]: Failed password for invalid user jacob123 from 104.248.85.54 port 33662 ssh2 ...	2019-08-11 01:06:24
201.244.0.35	attackspam	Aug 10 19:35:45 itv-usvr-01 sshd[10929]: Invalid user user from 201.244.0.35 Aug 10 19:35:45 itv-usvr-01 sshd[10929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.244.0.35 Aug 10 19:35:45 itv-usvr-01 sshd[10929]: Invalid user user from 201.244.0.35 Aug 10 19:35:47 itv-usvr-01 sshd[10929]: Failed password for invalid user user from 201.244.0.35 port 60470 ssh2 Aug 10 19:40:48 itv-usvr-01 sshd[11228]: Invalid user gary from 201.244.0.35	2019-08-11 01:22:01
182.243.109.177	attack	Aug 10 14:16:53 vpn01 sshd\[26423\]: Invalid user ubnt from 182.243.109.177 Aug 10 14:16:53 vpn01 sshd\[26423\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.243.109.177 Aug 10 14:16:55 vpn01 sshd\[26423\]: Failed password for invalid user ubnt from 182.243.109.177 port 36948 ssh2	2019-08-11 01:10:23

Recently Reported IPs

105.197.140.16	146.14.5.29	15.192.205.61	14.0.119.120
73.68.91.199	72.243.154.176	122.74.207.44	47.253.108.248
158.236.70.98	215.219.238.14	97.150.247.101	2.133.70.201
165.118.229.251	86.137.148.197	184.42.246.201	122.191.79.42
2a02:c207:2028:9190::1:3829	2a02:c207:2028:9190::1	187.167.67.187	100.222.150.59