157.230.103.52

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	TCP port : 9875	2020-07-25 20:03:44
attack	Jul 12 23:50:39 debian-2gb-nbg1-2 kernel: \[16849217.061396\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=157.230.103.52 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=43849 PROTO=TCP SPT=51675 DPT=24869 WINDOW=1024 RES=0x00 SYN URGP=0	2020-07-13 07:51:07
attack	unauthorized connection attempt	2020-06-25 22:54:55

Type

Details

Datetime

attack

TCP port : 9875

2020-07-25 20:03:44

attack

Jul 12 23:50:39 debian-2gb-nbg1-2 kernel: \[16849217.061396\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=157.230.103.52 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=43849 PROTO=TCP SPT=51675 DPT=24869 WINDOW=1024 RES=0x00 SYN URGP=0

2020-07-13 07:51:07

attack

unauthorized connection attempt

2020-06-25 22:54:55

Comments on same subnet:

IP	Type	Details	Datetime
157.230.103.4	attack	Sep 30 00:20:10 host2 sshd[144689]: Invalid user dennis from 157.230.103.4 port 55026 Sep 30 00:20:10 host2 sshd[144689]: Invalid user dennis from 157.230.103.4 port 55026 Sep 30 00:20:10 host2 sshd[144689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.103.4 Sep 30 00:20:10 host2 sshd[144689]: Invalid user dennis from 157.230.103.4 port 55026 Sep 30 00:20:12 host2 sshd[144689]: Failed password for invalid user dennis from 157.230.103.4 port 55026 ssh2 ...	2020-09-30 06:33:24
157.230.103.4	attack	Invalid user git from 157.230.103.4 port 59444	2020-09-29 22:47:13
157.230.103.39	attackbots	firewall-block, port(s): 84/tcp	2020-03-24 07:22:40
157.230.103.135	attackspambots	May 2 02:29:13 server sshd\[216588\]: Invalid user ftpuser from 157.230.103.135 May 2 02:29:13 server sshd\[216588\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.103.135 May 2 02:29:15 server sshd\[216588\]: Failed password for invalid user ftpuser from 157.230.103.135 port 43836 ssh2 ...	2019-10-09 19:16:56
157.230.103.135	attackbots	Sep 22 20:11:40 XXXXXX sshd[64345]: Invalid user admin from 157.230.103.135 port 36814	2019-09-23 09:03:03
157.230.103.135	attackbotsspam	2019-09-21T12:56:05.053065abusebot-4.cloudsearch.cf sshd\[16376\]: Invalid user us from 157.230.103.135 port 51644	2019-09-21 23:50:02
157.230.103.135	attackbotsspam	Sep 6 04:44:00 XXX sshd[53827]: Invalid user node from 157.230.103.135 port 34670	2019-09-06 19:57:43
157.230.103.158	attackbots	Splunk® : port scan detected: Aug 26 16:49:41 testbed kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=82:c6:52:d1:6e:53:64:c3:d6:0b:ef:f0:08:00 SRC=157.230.103.158 DST=104.248.11.191 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=41410 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0	2019-08-27 05:06:29
157.230.103.135	attackspambots	Invalid user czarek from 157.230.103.135 port 53826	2019-08-23 16:30:52
157.230.103.158	attackbots	Splunk® : port scan detected: Aug 22 20:04:55 testbed kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=82:c6:52:d1:6e:53:64:c3:d6:0b:ef:f0:08:00 SRC=157.230.103.158 DST=104.248.11.191 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=54321 PROTO=TCP SPT=44858 DPT=8088 WINDOW=65535 RES=0x00 SYN URGP=0	2019-08-23 08:29:14
157.230.103.135	attack	May 2 02:29:13 server sshd\[216588\]: Invalid user ftpuser from 157.230.103.135 May 2 02:29:13 server sshd\[216588\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.103.135 May 2 02:29:15 server sshd\[216588\]: Failed password for invalid user ftpuser from 157.230.103.135 port 43836 ssh2 ...	2019-07-12 01:47:11
157.230.103.200	attack	Apr 19 10:29:48 yesfletchmain sshd\[18787\]: Invalid user confluence from 157.230.103.200 port 59508 Apr 19 10:29:48 yesfletchmain sshd\[18787\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.103.200 Apr 19 10:29:50 yesfletchmain sshd\[18787\]: Failed password for invalid user confluence from 157.230.103.200 port 59508 ssh2 Apr 19 10:32:14 yesfletchmain sshd\[18819\]: Invalid user jira from 157.230.103.200 port 58280 Apr 19 10:32:14 yesfletchmain sshd\[18819\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.103.200 ...	2019-07-05 06:12:13

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 157.230.103.52
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34537
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;157.230.103.52.			IN	A

;; AUTHORITY SECTION:
.			336	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020062500 1800 900 604800 86400

;; Query time: 106 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Jun 25 22:54:44 CST 2020
;; MSG SIZE  rcvd: 118

Host info

Host 52.103.230.157.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 52.103.230.157.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
184.105.247.211	attackspambots	Honeypot hit.	2019-06-26 15:23:23
46.3.96.67	attackspam	26.06.2019 07:00:08 Connection to port 7403 blocked by firewall	2019-06-26 15:02:38
159.203.26.248	attackspam	Scanning and Vuln Attempts	2019-06-26 14:22:48
167.86.120.109	attackspam	Scanning (more than 2 packets) random ports - tries to find possible vulnerable services	2019-06-26 14:45:31
185.209.0.26	attack	Scanning (more than 2 packets) random ports - tries to find possible vulnerable services	2019-06-26 15:16:47
162.243.144.166	attack	2019-06-26 01:06:09,618 fail2ban.actions [5037]: NOTICE [portsentry] Ban 162.243.144.166 ...	2019-06-26 15:26:53
185.66.14.104	attack	Return-Path: Received: from onlinelege.no (piquet.glandeler.org.uk. [185.66.14.104]) Subject: BitCoins - Tricks are secret, but theres no secret on how to join the party To: Thinks he is an online legend for being a spammer online.lege.no what a tosser ryanair.com goodridge.net bezeqint.net singlehosti.com itlgopk.uk - Non existent domain used in header info rf-cheats.ru efianalytics.com regainedcontrols.com mydns.jp botruck.com vevida.net TERRORIST CELL SPAMMERS. SCAMMERS, FRAUDSTERS, SPOOFING, EXTORTIONISTS, BLACKMAILERS, HUMAN TRAFFICKERS,GAMBLING SPAM Cannot unsubscribe. Spam generator. Illegal spam Changes Received: when detected and alters spam attack headers. Falsifies domains	2019-06-26 14:41:36
45.221.73.94	attack	Honeypot attack, port: 23, PTR: PTR record not found	2019-06-26 14:14:08
120.52.152.18	attackbotsspam	Scanning (more than 2 packets) random ports - tries to find possible vulnerable services	2019-06-26 15:29:53
212.179.40.2	attackspam	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-06-26 00:13:06,664 INFO [shellcode_manager] (212.179.40.2) no match, writing hexdump (1e331b0880bbcc5b0bdb02544b9ee207 :2113961) - MS17010 (EternalBlue)	2019-06-26 14:12:49
46.3.96.71	attack	26.06.2019 05:50:53 Connection to port 47014 blocked by firewall	2019-06-26 14:29:02
117.3.67.7	attackbotsspam	Unauthorized connection attempt from IP address 117.3.67.7 on Port 445(SMB)	2019-06-26 14:15:37
77.247.110.166	attackspambots	SIPVicious Scanner Detection	2019-06-26 14:55:30
185.222.211.66	attack	CloudCIX Reconnaissance Scan Detected, PTR: hosting-by.nstorage.org.	2019-06-26 14:38:55
77.247.108.114	attackbots	Trying to (more than 3 packets) bruteforce (not in use) VoIP/SIP port 5060	2019-06-26 14:58:12

Recently Reported IPs

62.165.8.61	104.129.194.239	43.224.182.84	163.110.145.142
213.149.154.213	89.88.121.234	31.214.243.18	177.11.115.60
113.59.162.138	82.146.40.245	195.62.32.154	2405:9800:b530:a197:3460:e542:cd56:153
191.123.46.214	153.202.132.103	115.20.174.233	178.62.103.44
192.241.232.124	51.83.132.203	181.46.80.183	1.53.52.142