104.42.47.203 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: Microsoft Corporation

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	RDP Brute-Force (honeypot 6)	2020-04-09 08:38:13

Comments on same subnet:

IP	Type	Details	Datetime
104.42.47.121	attack	RDP Brute Force	2019-09-26 09:18:36
104.42.47.225	attackbotsspam	Brute forcing RDP port 3389	2019-09-04 02:46:26

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.42.47.203
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37019
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.42.47.203.			IN	A

;; AUTHORITY SECTION:
.			168	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020040801 1800 900 604800 86400

;; Query time: 96 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Apr 09 08:38:10 CST 2020
;; MSG SIZE  rcvd: 117

Host info

Host 203.47.42.104.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 203.47.42.104.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
116.73.23.39	attack	Automatic report - Port Scan Attack	2020-08-09 21:43:08
222.186.173.142	attackbots	Aug 9 03:07:46 php1 sshd\[4066\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.173.142 user=root Aug 9 03:07:48 php1 sshd\[4066\]: Failed password for root from 222.186.173.142 port 5210 ssh2 Aug 9 03:07:51 php1 sshd\[4066\]: Failed password for root from 222.186.173.142 port 5210 ssh2 Aug 9 03:07:54 php1 sshd\[4066\]: Failed password for root from 222.186.173.142 port 5210 ssh2 Aug 9 03:07:57 php1 sshd\[4066\]: Failed password for root from 222.186.173.142 port 5210 ssh2	2020-08-09 21:12:07
79.137.72.121	attackspambots	Aug 9 14:05:15 v22019038103785759 sshd\[19505\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.137.72.121 user=root Aug 9 14:05:17 v22019038103785759 sshd\[19505\]: Failed password for root from 79.137.72.121 port 58904 ssh2 Aug 9 14:10:00 v22019038103785759 sshd\[19718\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.137.72.121 user=root Aug 9 14:10:02 v22019038103785759 sshd\[19718\]: Failed password for root from 79.137.72.121 port 40280 ssh2 Aug 9 14:14:25 v22019038103785759 sshd\[19868\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.137.72.121 user=root ...	2020-08-09 21:30:13
112.85.42.173	attack	2020-08-09T15:19:34.055102centos sshd[30215]: Failed password for root from 112.85.42.173 port 59366 ssh2 2020-08-09T15:19:38.809022centos sshd[30215]: Failed password for root from 112.85.42.173 port 59366 ssh2 2020-08-09T15:19:42.444800centos sshd[30215]: Failed password for root from 112.85.42.173 port 59366 ssh2 ...	2020-08-09 21:20:39
61.177.172.41	attackbots	$f2bV_matches	2020-08-09 21:25:38
91.191.209.193	attackbots	2020-08-09 15:20:11 dovecot_login authenticator failed for $User$ \[91.191.209.193\]: 535 Incorrect authentication data $set_id=789456123@hosting1.no-server.de$ 2020-08-09 15:20:19 dovecot_login authenticator failed for $User$ \[91.191.209.193\]: 535 Incorrect authentication data $set_id=789456123@hosting1.no-server.de$ 2020-08-09 15:20:23 dovecot_login authenticator failed for $User$ \[91.191.209.193\]: 535 Incorrect authentication data $set_id=789456123@hosting1.no-server.de$ 2020-08-09 15:20:25 dovecot_login authenticator failed for $User$ \[91.191.209.193\]: 535 Incorrect authentication data $set_id=789456123@hosting1.no-server.de$ 2020-08-09 15:20:51 dovecot_login authenticator failed for $User$ \[91.191.209.193\]: 535 Incorrect authentication data $set_id=october@hosting1.no-server.de$ ...	2020-08-09 21:29:12
14.225.17.9	attackbots	Aug 9 15:12:29 ns37 sshd[3818]: Failed password for root from 14.225.17.9 port 40580 ssh2 Aug 9 15:12:29 ns37 sshd[3818]: Failed password for root from 14.225.17.9 port 40580 ssh2	2020-08-09 21:23:55
81.68.128.198	attackspam	Aug 9 14:06:35 abendstille sshd\[9127\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.68.128.198 user=root Aug 9 14:06:37 abendstille sshd\[9127\]: Failed password for root from 81.68.128.198 port 52628 ssh2 Aug 9 14:10:26 abendstille sshd\[13346\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.68.128.198 user=root Aug 9 14:10:28 abendstille sshd\[13346\]: Failed password for root from 81.68.128.198 port 38662 ssh2 Aug 9 14:14:24 abendstille sshd\[17172\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.68.128.198 user=root ...	2020-08-09 21:29:51
47.52.98.110	attack	(mod_security) mod_security (id:920350) triggered by 47.52.98.110 (CN/-/-): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/09 12:14:17 [error] 446523#0: 7085 [client 47.52.98.110] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/blog/xmlrpc.php"] [unique_id "15969752575.995731"] [ref "o0,13v37,13"], client: 47.52.98.110, [redacted] request: "POST /blog/xmlrpc.php HTTP/1.1" [redacted]	2020-08-09 21:32:52
140.206.242.83	attackspam	Aug 9 15:15:11 h2829583 sshd[25865]: Failed password for root from 140.206.242.83 port 59550 ssh2	2020-08-09 21:16:58
157.55.214.174	attack	Aug 9 12:14:38 scw-6657dc sshd[5335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.55.214.174 user=root Aug 9 12:14:38 scw-6657dc sshd[5335]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.55.214.174 user=root Aug 9 12:14:40 scw-6657dc sshd[5335]: Failed password for root from 157.55.214.174 port 40674 ssh2 ...	2020-08-09 21:18:30
14.200.1.238	attack	14.200.1.238 - - \[09/Aug/2020:14:14:53 +0200\] "POST /wp-login.php HTTP/1.1" 200 9954 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 14.200.1.238 - - \[09/Aug/2020:14:14:56 +0200\] "POST /wp-login.php HTTP/1.1" 200 9789 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" ...	2020-08-09 21:08:47
106.53.232.38	attackbots	2020-08-09T13:32:30.244408hostname sshd[47910]: Failed password for root from 106.53.232.38 port 57072 ssh2 ...	2020-08-09 21:24:38
2.57.122.186	attackspam	Brute-Force reported by Fail2Ban	2020-08-09 21:26:09
45.143.220.116	attack	[N10.H2.VM2] Port Scanner Detected Blocked by UFW	2020-08-09 21:34:40

Recently Reported IPs

152.98.254.74	177.69.13.53	2.109.179.4	107.181.166.56
98.136.205.13	187.135.246.70	140.233.23.2	8.216.2.197
126.168.188.28	89.56.45.232	89.151.213.5	31.140.59.95
48.75.48.185	109.211.58.137	229.174.10.137	110.133.103.141
66.247.216.114	28.132.183.54	164.232.171.241	225.140.236.217