42.2.156.6 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Hong Kong

Internet Service Provider: Hong Kong Telecommunications (HKT) Limited

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Unauthorized connection attempt detected from IP address 42.2.156.6 to port 5555 [J]	2020-01-13 20:08:18

Comments on same subnet:

IP	Type	Details	Datetime
42.2.156.124	attack	Port probing on unauthorized port 5555	2020-02-08 01:29:12
42.2.156.28	attackbots	Unauthorized connection attempt detected from IP address 42.2.156.28 to port 5555 [J]	2020-01-22 23:11:50

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.2.156.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46711
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.2.156.6.			IN	A

;; AUTHORITY SECTION:
.			554	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020011300 1800 900 604800 86400

;; Query time: 108 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Jan 13 20:08:15 CST 2020
;; MSG SIZE  rcvd: 114

Host info

6.156.2.42.in-addr.arpa domain name pointer 42-2-156-006.static.netvigator.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
6.156.2.42.in-addr.arpa	name = 42-2-156-006.static.netvigator.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
210.121.223.61	attack	$f2bV_matches	2020-08-06 04:03:57
134.122.72.221	attackbotsspam	srv02 Mass scanning activity detected Target: 28837 ..	2020-08-06 03:43:14
80.82.78.82	attackspam	TCP (SYN) 80.82.78.82:45271 -> port 4628, len 44	2020-08-06 03:47:05
120.214.174.72	attackspam	TCP (SYN) 120.214.174.72:31829 -> port 23, len 40	2020-08-06 04:17:44
129.213.38.54	attackbots	Aug 5 00:15:14 roki sshd[27512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.213.38.54 user=root Aug 5 00:15:16 roki sshd[27512]: Failed password for root from 129.213.38.54 port 50150 ssh2 Aug 5 20:52:48 roki sshd[20876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.213.38.54 user=root Aug 5 20:52:50 roki sshd[20876]: Failed password for root from 129.213.38.54 port 33332 ssh2 Aug 5 20:59:38 roki sshd[21333]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.213.38.54 user=root ...	2020-08-06 03:52:36
164.68.110.55	attackspambots	ET SCAN Suspicious inbound to MSSQL port 1433 - port: 1433 proto: tcp cat: Potentially Bad Trafficbytes: 66	2020-08-06 04:18:43
185.175.93.14	attack	Attempted to establish connection to non opened port 53694	2020-08-06 04:10:56
14.121.147.76	attackbots	Port probing on unauthorized port 1433	2020-08-06 04:21:37
185.104.219.96	attack	(mod_security) mod_security (id:210740) triggered by 185.104.219.96 (IE/Ireland/-): 5 in the last 3600 secs	2020-08-06 04:11:19
168.90.204.31	attackbotsspam	TCP (SYN) 168.90.204.31:27669 -> port 23, len 44	2020-08-06 03:50:41
153.201.51.6	attack	Automatic report - Port Scan Attack	2020-08-06 04:15:11
151.252.13.68	attackbotsspam	151.252.13.68 - - [05/Aug/2020:15:24:02 +0200] "GET /wp-login.php HTTP/1.1" 200 6310 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 151.252.13.68 - - [05/Aug/2020:15:24:03 +0200] "POST /wp-login.php HTTP/1.1" 200 6561 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 151.252.13.68 - - [05/Aug/2020:15:24:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-06 04:05:57
201.187.99.212	attackbotsspam	TCP (SYN) 201.187.99.212:48644 -> port 80, len 44	2020-08-06 03:51:31
85.14.251.242	attackbotsspam	Lines containing failures of 85.14.251.242 Aug 3 04:27:35 nbi-636 sshd[15457]: User r.r from 85.14.251.242 not allowed because not listed in AllowUsers Aug 3 04:27:35 nbi-636 sshd[15457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.14.251.242 user=r.r Aug 3 04:27:37 nbi-636 sshd[15457]: Failed password for invalid user r.r from 85.14.251.242 port 9789 ssh2 Aug 3 04:27:37 nbi-636 sshd[15457]: Received disconnect from 85.14.251.242 port 9789:11: Bye Bye [preauth] Aug 3 04:27:37 nbi-636 sshd[15457]: Disconnected from invalid user r.r 85.14.251.242 port 9789 [preauth] Aug 3 04:42:13 nbi-636 sshd[19010]: User r.r from 85.14.251.242 not allowed because not listed in AllowUsers Aug 3 04:42:13 nbi-636 sshd[19010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.14.251.242 user=r.r Aug 3 04:42:15 nbi-636 sshd[19010]: Failed password for invalid user r.r from 85.14.251.242 port 1268........ ------------------------------	2020-08-06 04:14:12
178.128.61.101	attackbotsspam	Aug 5 21:48:02 vpn01 sshd[18754]: Failed password for root from 178.128.61.101 port 56342 ssh2 ...	2020-08-06 04:17:16

Recently Reported IPs

113.162.81.154	91.237.84.161	103.131.16.42	36.77.27.58
116.108.250.230	24.89.229.195	181.199.122.16	49.145.237.122
42.112.108.253	159.192.232.136	114.36.165.47	112.158.118.159
60.248.160.1	1.10.198.176	180.218.26.155	120.133.131.62
195.54.210.203	82.63.213.128	113.104.242.34	171.37.105.174