42.159.104.37 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Shanghai Blue Cloud Technology Co. Ltd

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Port Scan ...	2020-07-28 05:40:32

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.159.104.37
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58879
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.159.104.37.			IN	A

;; AUTHORITY SECTION:
.			219	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020072702 1800 900 604800 86400

;; Query time: 69 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Jul 28 05:40:28 CST 2020
;; MSG SIZE  rcvd: 117

Host info

Host 37.104.159.42.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 37.104.159.42.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
89.36.50.128	attack	port scan and connect, tcp 23 (telnet)	2020-08-06 13:41:21
63.82.54.132	attack	Aug 6 07:09:58 online-web-1 postfix/smtpd[257749]: connect from circa.huzeshoes.com[63.82.54.132] Aug x@x Aug 6 07:10:04 online-web-1 postfix/smtpd[257749]: disconnect from circa.huzeshoes.com[63.82.54.132] ehlo=1 mail=1 rcpt=0/1 data=0/1 quhostname=1 commands=3/5 Aug 6 07:10:06 online-web-1 postfix/smtpd[253928]: connect from circa.huzeshoes.com[63.82.54.132] Aug x@x Aug 6 07:10:11 online-web-1 postfix/smtpd[253928]: disconnect from circa.huzeshoes.com[63.82.54.132] ehlo=1 mail=1 rcpt=0/1 data=0/1 quhostname=1 commands=3/5 Aug 6 07:13:06 online-web-1 postfix/smtpd[256525]: connect from circa.huzeshoes.com[63.82.54.132] Aug x@x Aug 6 07:13:12 online-web-1 postfix/smtpd[256525]: disconnect from circa.huzeshoes.com[63.82.54.132] ehlo=1 mail=1 rcpt=0/1 data=0/1 quhostname=1 commands=3/5 Aug 6 07:13:34 online-web-1 postfix/smtpd[253928]: connect from circa.huzeshoes.com[63.82.54.132] Aug x@x Aug 6 07:13:39 online-web-1 postfix/smtpd[253928]: disconnect from circa.hu........ -------------------------------	2020-08-06 13:27:52
112.85.42.104	attackspam	Aug 6 07:51:30 * sshd[32087]: Failed password for root from 112.85.42.104 port 20901 ssh2	2020-08-06 13:54:32
83.12.171.68	attackbotsspam	Aug 5 19:37:12 web9 sshd\[10027\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.12.171.68 user=root Aug 5 19:37:15 web9 sshd\[10027\]: Failed password for root from 83.12.171.68 port 31816 ssh2 Aug 5 19:41:24 web9 sshd\[10567\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.12.171.68 user=root Aug 5 19:41:26 web9 sshd\[10567\]: Failed password for root from 83.12.171.68 port 3348 ssh2 Aug 5 19:45:45 web9 sshd\[11160\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.12.171.68 user=root	2020-08-06 13:50:31
218.92.0.148	attackspambots	Aug 6 05:51:42 localhost sshd[61909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.148 user=root Aug 6 05:51:43 localhost sshd[61909]: Failed password for root from 218.92.0.148 port 10532 ssh2 Aug 6 05:51:47 localhost sshd[61909]: Failed password for root from 218.92.0.148 port 10532 ssh2 Aug 6 05:51:42 localhost sshd[61909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.148 user=root Aug 6 05:51:43 localhost sshd[61909]: Failed password for root from 218.92.0.148 port 10532 ssh2 Aug 6 05:51:47 localhost sshd[61909]: Failed password for root from 218.92.0.148 port 10532 ssh2 Aug 6 05:51:42 localhost sshd[61909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.148 user=root Aug 6 05:51:43 localhost sshd[61909]: Failed password for root from 218.92.0.148 port 10532 ssh2 Aug 6 05:51:47 localhost sshd[61909]: Failed password fo ...	2020-08-06 13:51:58
189.59.69.3	attackspam	(imapd) Failed IMAP login from 189.59.69.3 (BR/Brazil/trevisan.cba.gvt.net.br): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: Aug 6 08:24:18 ir1 dovecot[3110802]: imap-login: Disconnected (auth failed, 1 attempts in 5 secs): user=, method=PLAIN, rip=189.59.69.3, lip=5.63.12.44, TLS, session=	2020-08-06 13:18:56
188.93.235.237	attack	Aug 6 06:13:03 hidden sshd[14148]: Failed password for hidden from 188.93.235.237 port 58637 ssh2 Aug 6 06:14:51 hidden sshd[18984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.93.235.237 user=root Aug 6 06:14:54 hidden sshd[18984]: Failed password for hidden from 188.93.235.237 port 45429 ssh2 Aug 6 06:16:43 hidden sshd[23038]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.93.235.237 user=root Aug 6 06:16:45 hidden sshd[23038]: Failed password for hidden from 188.93.235.237 port 60450 ssh2	2020-08-06 13:12:39
145.239.87.35	attack	$f2bV_matches	2020-08-06 13:35:52
139.99.238.150	attackbots	2020-08-06T10:49:57.537972billing sshd[8247]: Failed password for root from 139.99.238.150 port 35190 ssh2 2020-08-06T10:54:23.793573billing sshd[18287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=syd-dbd2204b.bluella.net user=root 2020-08-06T10:54:25.632904billing sshd[18287]: Failed password for root from 139.99.238.150 port 45070 ssh2 ...	2020-08-06 13:16:47
104.155.76.131	attack	104.155.76.131 - - [06/Aug/2020:07:24:58 +0200] "GET /wp-login.php HTTP/1.1" 200 6398 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.155.76.131 - - [06/Aug/2020:07:25:00 +0200] "POST /wp-login.php HTTP/1.1" 200 6649 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.155.76.131 - - [06/Aug/2020:07:25:00 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-06 13:37:38
177.25.151.54	attackbotsspam	Fail2Ban Ban Triggered	2020-08-06 13:35:35
103.146.202.160	attackspambots	Aug 5 19:18:57 sachi sshd\[9710\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.146.202.160 user=root Aug 5 19:19:00 sachi sshd\[9710\]: Failed password for root from 103.146.202.160 port 54354 ssh2 Aug 5 19:21:55 sachi sshd\[9958\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.146.202.160 user=root Aug 5 19:21:57 sachi sshd\[9958\]: Failed password for root from 103.146.202.160 port 42874 ssh2 Aug 5 19:24:59 sachi sshd\[10228\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.146.202.160 user=root	2020-08-06 13:38:04
42.113.112.2	attackspambots	Automatic report - Port Scan Attack	2020-08-06 13:16:02
42.200.206.225	attack	Aug 6 10:40:13 lunarastro sshd[12285]: Failed password for root from 42.200.206.225 port 42626 ssh2 Aug 6 10:48:20 lunarastro sshd[12414]: Failed password for root from 42.200.206.225 port 37124 ssh2	2020-08-06 13:21:43
104.143.37.38	attackbots	Port Scan detected from 104.143.37.38 (HK/Hong Kong/Tsuen Wan/Kwai Chung/-). 4 hits in the last 25 seconds	2020-08-06 13:36:24

Recently Reported IPs

119.49.86.94	52.231.54.27	5.62.34.15	122.173.242.88
103.225.40.10	61.163.210.18	99.34.232.58	51.254.101.227
51.89.126.173	79.124.62.203	54.38.211.228	45.121.188.253
200.161.218.25	98.169.191.22	220.134.138.171	5.154.243.131
139.255.100.234	37.232.34.240	35.244.18.63	105.128.255.97