157.245.34.59 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Port scan: Attack repeated for 24 hours	2020-06-08 01:13:37

Comments on same subnet:

IP	Type	Details	Datetime
157.245.34.72	attack	Automatic report - XMLRPC Attack	2020-05-28 03:39:59
157.245.34.72	attackspam	pixelfritteuse.de 157.245.34.72 [26/May/2020:01:25:58 +0200] "POST /wp-login.php HTTP/1.1" 200 5983 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" pixelfritteuse.de 157.245.34.72 [26/May/2020:01:25:58 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4087 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-26 10:20:56
157.245.34.72	attack	Lines containing failures of 157.245.34.72 Mar 6 22:13:02 cdb sshd[22029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.34.72 user=r.r Mar 6 22:13:04 cdb sshd[22029]: Failed password for r.r from 157.245.34.72 port 32818 ssh2 Mar 6 22:13:04 cdb sshd[22029]: Received disconnect from 157.245.34.72 port 32818:11: Bye Bye [preauth] Mar 6 22:13:04 cdb sshd[22029]: Disconnected from authenticating user r.r 157.245.34.72 port 32818 [preauth] Mar 6 22:21:38 cdb sshd[23260]: Invalid user alex from 157.245.34.72 port 34768 Mar 6 22:21:38 cdb sshd[23260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.34.72 Mar 6 22:21:40 cdb sshd[23260]: Failed password for invalid user alex from 157.245.34.72 port 34768 ssh2 Mar 6 22:21:40 cdb sshd[23260]: Received disconnect from 157.245.34.72 port 34768:11: Bye Bye [preauth] Mar 6 22:21:40 cdb sshd[23260]: Disconnected from invalid user........ ------------------------------	2020-03-07 23:33:29
157.245.34.72	attackbots	Mar 6 19:41:32 web1 sshd\[9031\]: Invalid user marr from 157.245.34.72 Mar 6 19:41:32 web1 sshd\[9031\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.34.72 Mar 6 19:41:33 web1 sshd\[9031\]: Failed password for invalid user marr from 157.245.34.72 port 60686 ssh2 Mar 6 19:45:18 web1 sshd\[9384\]: Invalid user P@SSW0RD1 from 157.245.34.72 Mar 6 19:45:18 web1 sshd\[9384\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.34.72	2020-03-07 13:58:03
157.245.34.72	attack	$f2bV_matches	2020-03-07 08:37:46
157.245.34.150	attack	Unauthorized connection attempt detected from IP address 157.245.34.150 to port 6000 [J]	2020-03-03 02:45:48
157.245.34.150	attackbots	Unauthorized connection attempt detected from IP address 157.245.34.150 to port 443 [J]	2020-01-20 20:14:46
157.245.34.150	attack	Unauthorized connection attempt detected from IP address 157.245.34.150 to port 3388 [J]	2020-01-19 05:56:10
157.245.34.63	attack	Honeypot attack, port: 23, PTR: PTR record not found	2019-10-23 04:27:04
157.245.34.63	attackspambots	MultiHost/MultiPort Probe, Scan, Hack -	2019-10-17 21:33:14

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 157.245.34.59
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33532
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;157.245.34.59.			IN	A

;; AUTHORITY SECTION:
.			407	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020060700 1800 900 604800 86400

;; Query time: 68 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Jun 08 01:13:32 CST 2020
;; MSG SIZE  rcvd: 117

Host info

59.34.245.157.in-addr.arpa domain name pointer kafe2.sjain.io.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
59.34.245.157.in-addr.arpa	name = kafe2.sjain.io.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
202.137.155.96	attack	202.137.155.96 - - [05/Jul/2020:04:52:14 +0100] "POST /wp-login.php HTTP/1.1" 302 5 "http://labradorfeed.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" 202.137.155.96 - - [05/Jul/2020:04:52:15 +0100] "POST /wp-login.php HTTP/1.1" 302 5 "http://labradorfeed.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" 202.137.155.96 - - [05/Jul/2020:04:52:16 +0100] "POST /wp-login.php HTTP/1.1" 302 5 "http://labradorfeed.com/wp-login.php" "Mozilla/5.0 (Windows NT 6.1; rv:60.0) Gecko/20100101 Firefox/60.0" ...	2020-07-05 16:17:55
200.105.183.118	attackspambots	Jul 4 20:52:56 propaganda sshd[3339]: Connection from 200.105.183.118 port 60417 on 10.0.0.160 port 22 rdomain "" Jul 4 20:52:56 propaganda sshd[3339]: Connection closed by 200.105.183.118 port 60417 [preauth]	2020-07-05 15:39:05
151.80.60.151	attack	2020-07-05T03:46:36.932124dmca.cloudsearch.cf sshd[27596]: Invalid user romano from 151.80.60.151 port 38490 2020-07-05T03:46:36.937535dmca.cloudsearch.cf sshd[27596]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.ip-151-80-60.eu 2020-07-05T03:46:36.932124dmca.cloudsearch.cf sshd[27596]: Invalid user romano from 151.80.60.151 port 38490 2020-07-05T03:46:39.105217dmca.cloudsearch.cf sshd[27596]: Failed password for invalid user romano from 151.80.60.151 port 38490 ssh2 2020-07-05T03:52:17.356314dmca.cloudsearch.cf sshd[27716]: Invalid user ewa from 151.80.60.151 port 37984 2020-07-05T03:52:17.361509dmca.cloudsearch.cf sshd[27716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.ip-151-80-60.eu 2020-07-05T03:52:17.356314dmca.cloudsearch.cf sshd[27716]: Invalid user ewa from 151.80.60.151 port 37984 2020-07-05T03:52:19.006982dmca.cloudsearch.cf sshd[27716]: Failed password for invalid user ewa from 1 ...	2020-07-05 16:15:29
117.40.138.151	attackspam	Unauthorised access (Jul 5) SRC=117.40.138.151 LEN=52 TTL=111 ID=28067 DF TCP DPT=445 WINDOW=8192 SYN	2020-07-05 15:33:16
194.26.29.32	attackbotsspam	Jul 5 09:50:17 debian-2gb-nbg1-2 kernel: \[16194031.395519\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=194.26.29.32 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=21295 PROTO=TCP SPT=53202 DPT=5277 WINDOW=1024 RES=0x00 SYN URGP=0	2020-07-05 15:56:20
20.185.231.189	attackspambots	Jul 5 09:17:09 localhost sshd\[19304\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.185.231.189 user=root Jul 5 09:17:10 localhost sshd\[19304\]: Failed password for root from 20.185.231.189 port 41532 ssh2 Jul 5 09:20:42 localhost sshd\[19532\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.185.231.189 user=root Jul 5 09:20:44 localhost sshd\[19532\]: Failed password for root from 20.185.231.189 port 40278 ssh2 Jul 5 09:24:06 localhost sshd\[19614\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=20.185.231.189 user=root ...	2020-07-05 15:41:36
1.209.171.34	attackbotsspam	2020-07-04T22:52:56.352268linuxbox-skyline sshd[588297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1.209.171.34 user=root 2020-07-04T22:52:58.566720linuxbox-skyline sshd[588297]: Failed password for root from 1.209.171.34 port 58884 ssh2 ...	2020-07-05 15:43:09
84.17.46.246	attackspam	(From edgardo.horsley@outlook.com) Good afternoon, I was just visiting your website and submitted this message via your feedback form. The contact page on your site sends you these messages via email which is why you are reading through my message at this moment correct? That's the most important accomplishment with any kind of online ad, getting people to actually READ your message and this is exactly what you're doing now! If you have an ad message you would like to blast out to thousands of websites via their contact forms in the US or to any country worldwide let me know, I can even focus on specific niches and my prices are very low. Write an email to: Bobue67hasy57@gmail.com unsubscribe these ad messages from your website https://bit.ly/3cvHuJC	2020-07-05 15:32:42
45.112.207.2	attack	VNC brute force attack detected by fail2ban	2020-07-05 15:44:35
46.38.150.132	attackspam	Jul 5 09:46:37 relay postfix/smtpd\[23914\]: warning: unknown\[46.38.150.132\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 5 09:47:44 relay postfix/smtpd\[28072\]: warning: unknown\[46.38.150.132\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 5 09:48:17 relay postfix/smtpd\[27037\]: warning: unknown\[46.38.150.132\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 5 09:48:49 relay postfix/smtpd\[27445\]: warning: unknown\[46.38.150.132\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 5 09:49:20 relay postfix/smtpd\[28071\]: warning: unknown\[46.38.150.132\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-07-05 15:50:14
109.162.242.177	attackspambots	VNC brute force attack detected by fail2ban	2020-07-05 16:11:43
59.115.9.220	attack	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-07-05 15:31:14
185.143.72.16	attackbotsspam	2020-07-05T01:55:13.534886linuxbox-skyline auth[593657]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=qweasd rhost=185.143.72.16 ...	2020-07-05 16:02:33
118.89.69.159	attackspambots	Repeated brute force against a port	2020-07-05 16:16:54
14.20.91.68	attackbots	20 attempts against mh-ssh on web2	2020-07-05 15:52:21

Recently Reported IPs

144.91.67.203	95.65.76.74	8.4.89.180	110.147.213.70
149.202.68.111	92.99.6.72	229.113.231.219	113.23.50.12
51.218.251.181	36.71.165.193	187.94.7.37	104.131.218.208
191.234.173.69	113.172.132.143	41.216.161.250	194.32.10.156
39.64.164.138	185.67.33.193	60.50.241.16	133.126.16.218