42.156.254.114

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
42.156.254.61	attackspambots	The IP has triggered Cloudflare WAF. CF-Ray: 543801a1b9a4eb3d \| WAF_Rule_ID: f6705d4933894b0583ba1042603083f6 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/2 \| Method: GET \| Host: disqus.skk.moe \| User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 YisouSpider/5.0 Safari/537.36 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-12 03:40:35
42.156.254.59	attack	The IP has triggered Cloudflare WAF. CF-Ray: 54103abf9e13e7e1 \| WAF_Rule_ID: f6705d4933894b0583ba1042603083f6 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/2 \| Method: GET \| Host: disqus.skk.moe \| User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 YisouSpider/5.0 Safari/537.36 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 05:52:49
42.156.254.115	attackspam	The IP has triggered Cloudflare WAF. CF-Ray: 5411e9258bcf9965 \| WAF_Rule_ID: f6705d4933894b0583ba1042603083f6 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/2 \| Method: GET \| Host: disqus.skk.moe \| User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 YisouSpider/5.0 Safari/537.36 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 04:00:21
42.156.254.99	attack	The IP has triggered Cloudflare WAF. CF-Ray: 54134038ec37d392 \| WAF_Rule_ID: f6705d4933894b0583ba1042603083f6 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/2 \| Method: GET \| Host: disqus.skk.moe \| User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 YisouSpider/5.0 Safari/537.36 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 03:23:53
42.156.254.59	bots	应该是yisou爬虫，但是不知道为啥400 42.156.254.59 - - [09/Apr/2019:14:25:31 +0800] "GET /wp-content/themes/twentyfifteen/genericons/genericons.css?ver=3.2 HTTP/1.1" 400 3429 "-" "-" 42.156.254.57 - - [09/Apr/2019:14:25:31 +0800] "GET /wp-content/plugins/wp-quicklatex/css/quicklatex-format.css?ver=5.1.1 HTTP/1.1" 400 3429 "-" "-" 42.156.254.59 - - [09/Apr/2019:14:25:31 +0800] "GET /wp-includes/css/dist/block-library/style.min.css?ver=5.1.1 HTTP/1.1" 400 3429 "-" "-" 42.156.254.60 - - [09/Apr/2019:14:25:32 +0800] "GET /wp-content/themes/twentyfifteen-child/style.css?ver=5.1.1 HTTP/1.1" 400 3429 "-" "-"	2019-04-09 14:46:10

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.156.254.114
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2316
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;42.156.254.114.			IN	A

;; AUTHORITY SECTION:
.			166	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022062900 1800 900 604800 86400

;; Query time: 71 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Jun 29 17:35:57 CST 2022
;; MSG SIZE  rcvd: 107

Host info

114.254.156.42.in-addr.arpa domain name pointer shenmaspider-42-156-254-114.crawl.sm.cn.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
114.254.156.42.in-addr.arpa	name = shenmaspider-42-156-254-114.crawl.sm.cn.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
203.56.4.104	attackspambots	Apr 2 02:38:08 legacy sshd[13046]: Failed password for root from 203.56.4.104 port 33100 ssh2 Apr 2 02:41:02 legacy sshd[13159]: Failed password for root from 203.56.4.104 port 52860 ssh2 Apr 2 02:44:02 legacy sshd[13242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.56.4.104 ...	2020-04-02 08:51:19
185.232.65.111	attack	" "	2020-04-02 08:57:50
195.210.172.43	attackspambots	TCP src-port=43450 dst-port=25 Listed on dnsbl-sorbs abuseat-org barracuda (Project Honey Pot rated Suspicious) (304)	2020-04-02 08:51:44
103.86.134.194	attack	Apr 1 20:53:33 mail sshd\[64610\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.86.134.194 user=root ...	2020-04-02 09:19:25
185.202.1.164	attackspambots	SSH-BruteForce	2020-04-02 09:03:36
45.125.65.42	attackspambots	Apr 2 02:58:23 localhost postfix/smtpd[3840]: warning: unknown[45.125.65.42]: SASL LOGIN authentication failed: authentication failure Apr 2 03:16:15 localhost postfix/smtpd[3965]: warning: unknown[45.125.65.42]: SASL LOGIN authentication failed: authentication failure Apr 2 03:34:08 localhost postfix/smtpd[4540]: warning: unknown[45.125.65.42]: SASL LOGIN authentication failed: authentication failure ...	2020-04-02 08:44:31
144.217.34.147	attack	Multiport scan 28 ports : 17(x4) 53 81(x17) 123(x3) 137(x2) 161 177 389(x8) 427 2362 3283(x15) 3478 3702(x12) 5060 5093(x6) 5353(x4) 5683(x4) 6881(x4) 7001(x6) 10001(x7) 11211 27036(x4) 27960 30718(x5) 33848(x5) 37810(x3) 41794(x7) 47808	2020-04-02 08:59:47
185.156.73.38	attack	04/01/2020-20:51:44.707141 185.156.73.38 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-04-02 09:11:05
207.182.135.164	attackspam	Apr 2 02:53:37 lock-38 sshd[449065]: Failed password for root from 207.182.135.164 port 54096 ssh2 Apr 2 02:56:53 lock-38 sshd[449141]: Invalid user oo from 207.182.135.164 port 56974 Apr 2 02:56:53 lock-38 sshd[449141]: Invalid user oo from 207.182.135.164 port 56974 Apr 2 02:56:53 lock-38 sshd[449141]: Failed password for invalid user oo from 207.182.135.164 port 56974 ssh2 Apr 2 03:00:09 lock-38 sshd[449243]: Failed password for root from 207.182.135.164 port 59826 ssh2 ...	2020-04-02 09:22:12
128.199.194.77	attackbots	$f2bV_matches	2020-04-02 09:01:50
170.247.1.156	attackspam	TCP src-port=53719 dst-port=25 Listed on dnsbl-sorbs abuseat-org spamcop (Project Honey Pot rated Suspicious & Spammer) (305)	2020-04-02 08:49:21
14.29.239.215	attackspambots	Apr 2 00:11:03 nextcloud sshd\[29309\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.29.239.215 user=root Apr 2 00:11:04 nextcloud sshd\[29309\]: Failed password for root from 14.29.239.215 port 47710 ssh2 Apr 2 00:14:38 nextcloud sshd\[2767\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.29.239.215 user=root	2020-04-02 08:55:31
222.186.15.166	attackbots	Apr 2 03:03:04 server sshd[31056]: Failed password for root from 222.186.15.166 port 44307 ssh2 Apr 2 03:03:07 server sshd[31056]: Failed password for root from 222.186.15.166 port 44307 ssh2 Apr 2 03:03:11 server sshd[31056]: Failed password for root from 222.186.15.166 port 44307 ssh2	2020-04-02 09:24:12
14.17.110.58	attackspambots	Apr 1 02:15:42 hgb10502 sshd[18215]: User r.r from 14.17.110.58 not allowed because not listed in AllowUsers Apr 1 02:15:42 hgb10502 sshd[18215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.17.110.58 user=r.r Apr 1 02:15:44 hgb10502 sshd[18215]: Failed password for invalid user r.r from 14.17.110.58 port 54728 ssh2 Apr 1 02:15:44 hgb10502 sshd[18215]: Received disconnect from 14.17.110.58 port 54728:11: Bye Bye [preauth] Apr 1 02:15:44 hgb10502 sshd[18215]: Disconnected from 14.17.110.58 port 54728 [preauth] Apr 1 02:36:38 hgb10502 sshd[20275]: Invalid user cxx from 14.17.110.58 port 60800 Apr 1 02:36:40 hgb10502 sshd[20275]: Failed password for invalid user cxx from 14.17.110.58 port 60800 ssh2 Apr 1 02:36:40 hgb10502 sshd[20275]: Received disconnect from 14.17.110.58 port 60800:11: Bye Bye [preauth] Apr 1 02:36:40 hgb10502 sshd[20275]: Disconnected from 14.17.110.58 port 60800 [preauth] Apr 1 02:39:59 hgb10502 ........ -------------------------------	2020-04-02 08:45:08
178.128.244.215	attack	DATE:2020-04-02 00:25:46, IP:178.128.244.215, PORT:telnet Telnet brute force auth on honeypot server (epe-honey1-hq)	2020-04-02 08:39:36

Recently Reported IPs

180.76.189.221	89.159.95.0	156.87.234.69	9.120.7.228
7.45.65.191	96.66.83.87	169.229.245.237	169.229.254.121
169.229.252.7	180.76.75.213	86.85.28.216	180.76.161.55
94.102.62.189	193.3.40.250	23.224.230.164	180.76.156.215
131.161.10.5	72.90.241.68	180.76.158.79	131.161.8.164