42.156.136.21 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Zhejiang Taobao Network Co. Ltd

Hostname: unknown

Organization: unknown

Usage Type: Search Engine Spider

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	The IP has triggered Cloudflare WAF. CF-Ray: 5415e8012f249821 \| WAF_Rule_ID: f6705d4933894b0583ba1042603083f6 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/2 \| Method: GET \| Host: disqus.skk.moe \| User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 YisouSpider/5.0 Safari/537.36 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 02:08:49

Type

Details

Datetime

attack

The IP has triggered Cloudflare WAF. CF-Ray: 5415e8012f249821 | WAF_Rule_ID: f6705d4933894b0583ba1042603083f6 | WAF_Kind: firewall | CF_Action: drop | Country: CN | CF_IPClass: noRecord | Protocol: HTTP/2 | Method: GET | Host: disqus.skk.moe | User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 YisouSpider/5.0 Safari/537.36 | CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-08 02:08:49

Comments on same subnet:

IP	Type	Details	Datetime
42.156.136.33	attack	Automated report (2020-07-12T11:50:23+08:00). Misbehaving bot detected at this address.	2020-07-12 17:33:40
42.156.136.98	bots	YisouSpider 就是神马搜索的爬虫 42.156.136.98 - - [29/Mar/2019:08:27:04 +0800] "GET /wp-includes/css/dist/block-library/style.min.css?ver=5.1.1 HTTP/1.1" 200 8104 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 YisouSpider/5.0 Safa ri/537.36"	2019-03-29 09:13:21

Type

Details

Datetime

42.156.136.33

attack

Automated report (2020-07-12T11:50:23+08:00). Misbehaving bot detected at this address.

2020-07-12 17:33:40

42.156.136.98

bots

YisouSpider 就是神马搜索的爬虫
42.156.136.98 - - [29/Mar/2019:08:27:04 +0800] "GET /wp-includes/css/dist/block-library/style.min.css?ver=5.1.1 HTTP/1.1" 200 8104 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 YisouSpider/5.0 Safa
ri/537.36"

2019-03-29 09:13:21

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.156.136.21
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56390
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.156.136.21.			IN	A

;; AUTHORITY SECTION:
.			581	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019120700 1800 900 604800 86400

;; Query time: 110 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Dec 08 02:08:45 CST 2019
;; MSG SIZE  rcvd: 117

Host info

21.136.156.42.in-addr.arpa domain name pointer shenmaspider-42-156-136-21.crawl.sm.cn.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
21.136.156.42.in-addr.arpa	name = shenmaspider-42-156-136-21.crawl.sm.cn.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
172.81.239.224	attackbotsspam	Brute-force attempt banned	2020-10-12 03:53:14
110.74.179.157	attack	Oct 12 02:30:09 itv-usvr-02 sshd[18749]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.74.179.157 user=root Oct 12 02:30:10 itv-usvr-02 sshd[18749]: Failed password for root from 110.74.179.157 port 51668 ssh2 Oct 12 02:35:39 itv-usvr-02 sshd[18998]: Invalid user pore from 110.74.179.157 port 56110 Oct 12 02:35:39 itv-usvr-02 sshd[18998]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.74.179.157 Oct 12 02:35:39 itv-usvr-02 sshd[18998]: Invalid user pore from 110.74.179.157 port 56110 Oct 12 02:35:41 itv-usvr-02 sshd[18998]: Failed password for invalid user pore from 110.74.179.157 port 56110 ssh2	2020-10-12 03:43:15
177.221.59.163	attackbotsspam	Unauthorized connection attempt from IP address 177.221.59.163 on Port 445(SMB)	2020-10-12 03:56:28
120.198.23.239	attack	Icarus honeypot on github	2020-10-12 03:34:14
216.155.94.51	attackspambots	firewall-block, port(s): 5679/tcp	2020-10-12 03:46:38
37.54.239.184	attackbots	Port Scan: TCP/443	2020-10-12 03:57:43
112.140.185.246	attackspambots	Oct 11 21:25:40 hidden sshd[6501]: Failed password for hidden from 112.140.185.246 port 50986 ssh2 Oct 11 21:27:42 hidden sshd[7207]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.140.185.246 user=root Oct 11 21:27:44 hidden sshd[7207]: Failed password for hidden from 112.140.185.246 port 60344 ssh2 Oct 11 21:29:27 hidden sshd[7807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.140.185.246 user=root Oct 11 21:29:29 hidden sshd[7807]: Failed password for hidden from 112.140.185.246 port 40202 ssh2	2020-10-12 03:43:01
188.131.156.125	attackspam	Oct 11 21:48:33 lnxmysql61 sshd[32016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.131.156.125 Oct 11 21:48:33 lnxmysql61 sshd[32016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.131.156.125	2020-10-12 03:58:01
49.234.43.39	attack	2020-10-11T19:17:06.554407abusebot-2.cloudsearch.cf sshd[26918]: Invalid user uy from 49.234.43.39 port 42092 2020-10-11T19:17:06.561582abusebot-2.cloudsearch.cf sshd[26918]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.43.39 2020-10-11T19:17:06.554407abusebot-2.cloudsearch.cf sshd[26918]: Invalid user uy from 49.234.43.39 port 42092 2020-10-11T19:17:08.635086abusebot-2.cloudsearch.cf sshd[26918]: Failed password for invalid user uy from 49.234.43.39 port 42092 ssh2 2020-10-11T19:20:32.325881abusebot-2.cloudsearch.cf sshd[26934]: Invalid user alin from 49.234.43.39 port 34906 2020-10-11T19:20:32.331800abusebot-2.cloudsearch.cf sshd[26934]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.43.39 2020-10-11T19:20:32.325881abusebot-2.cloudsearch.cf sshd[26934]: Invalid user alin from 49.234.43.39 port 34906 2020-10-11T19:20:34.018945abusebot-2.cloudsearch.cf sshd[26934]: Failed password for inva ...	2020-10-12 03:27:31
165.227.72.166	attack	DATE:2020-10-11 21:10:08, IP:165.227.72.166, PORT:ssh SSH brute force auth (docker-dc)	2020-10-12 03:31:08
118.89.163.105	attackbotsspam	Oct 11 18:30:37 hell sshd[8649]: Failed password for root from 118.89.163.105 port 46232 ssh2 ...	2020-10-12 03:29:05
183.215.150.233	attackspam	ET SCAN Suspicious inbound to MSSQL port 1433 - port: 1433 proto: tcp cat: Potentially Bad Trafficbytes: 66	2020-10-12 04:03:44
40.68.226.166	attack	(sshd) Failed SSH login from 40.68.226.166 (NL/Netherlands/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 11 15:09:49 server sshd[4697]: Invalid user rupert from 40.68.226.166 port 60214 Oct 11 15:09:51 server sshd[4697]: Failed password for invalid user rupert from 40.68.226.166 port 60214 ssh2 Oct 11 15:31:50 server sshd[10436]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.68.226.166 user=root Oct 11 15:31:52 server sshd[10436]: Failed password for root from 40.68.226.166 port 59336 ssh2 Oct 11 15:41:25 server sshd[14394]: Invalid user dupons from 40.68.226.166 port 38042	2020-10-12 03:45:08
167.248.133.66	attackbots	TCP (SYN) 167.248.133.66:62867 -> port 7537, len 44	2020-10-12 04:05:01
78.31.95.241	attackspam	Autoban 78.31.95.241 AUTH/CONNECT	2020-10-12 03:26:29

Recently Reported IPs

226.30.68.105	214.75.108.29	181.219.203.8	221.13.12.157
201.11.85.180	78.115.47.99	191.62.20.173	221.13.12.143
188.118.170.48	92.232.84.34	85.144.28.114	209.72.61.37
132.129.74.250	10.148.109.124	220.181.108.184	191.235.115.139
50.171.247.249	33.146.253.22	101.114.55.70	90.129.142.212