42.200.117.159

Basic Info

City: Kowloon

Region: Kowloon City

Country: Hong Kong

Internet Service Provider: PCCW IMS Ltd

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	The IP has triggered Cloudflare WAF. CF-Ray: 540fadae296ad1b3 \| WAF_Rule_ID: 1aff1cdfeb5c4074965d7cd85bfc1d4e \| WAF_Kind: firewall \| CF_Action: challenge \| Country: HK \| CF_IPClass: noRecord \| Protocol: HTTP/2 \| Method: GET \| Host: d.skk.moe \| User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 \| CF_DC: HKG. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 03:23:26

Type

Details

Datetime

attack

The IP has triggered Cloudflare WAF. CF-Ray: 540fadae296ad1b3 | WAF_Rule_ID: 1aff1cdfeb5c4074965d7cd85bfc1d4e | WAF_Kind: firewall | CF_Action: challenge | Country: HK | CF_IPClass: noRecord | Protocol: HTTP/2 | Method: GET | Host: d.skk.moe | User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36 | CF_DC: HKG. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-08 03:23:26

Comments on same subnet:

IP	Type	Details	Datetime
42.200.117.201	attack	82/tcp [2019-09-28]1pkt	2019-09-28 19:59:09
42.200.117.25	attack	Honeypot attack, port: 23, PTR: 42-200-117-25.static.imsbiz.com.	2019-08-23 12:33:32

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.200.117.159
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19372
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.200.117.159.			IN	A

;; AUTHORITY SECTION:
.			544	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019120700 1800 900 604800 86400

;; Query time: 116 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Dec 08 03:23:23 CST 2019
;; MSG SIZE  rcvd: 118

Host info

159.117.200.42.in-addr.arpa domain name pointer 42-200-117-159.static.imsbiz.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
159.117.200.42.in-addr.arpa	name = 42-200-117-159.static.imsbiz.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
142.4.209.40	attackbots	WordPress login Brute force / Web App Attack on client site.	2020-02-25 08:27:20
51.83.98.104	attackbotsspam	Feb 25 00:24:47 mail sshd\[26002\]: Invalid user vnc from 51.83.98.104 Feb 25 00:24:47 mail sshd\[26002\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.104 Feb 25 00:24:49 mail sshd\[26002\]: Failed password for invalid user vnc from 51.83.98.104 port 58580 ssh2 ...	2020-02-25 08:15:29
2.194.4.188	attackbots	1582586676 - 02/25/2020 00:24:36 Host: 2.194.4.188/2.194.4.188 Port: 445 TCP Blocked	2020-02-25 08:25:22
106.13.190.122	attackbotsspam	Feb 25 00:24:50 pornomens sshd\[8397\]: Invalid user ken from 106.13.190.122 port 34422 Feb 25 00:24:50 pornomens sshd\[8397\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.190.122 Feb 25 00:24:52 pornomens sshd\[8397\]: Failed password for invalid user ken from 106.13.190.122 port 34422 ssh2 ...	2020-02-25 08:15:13
217.182.68.93	attackbotsspam	Feb 25 00:24:53 ourumov-web sshd\[12892\]: Invalid user user from 217.182.68.93 port 34922 Feb 25 00:24:53 ourumov-web sshd\[12892\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.182.68.93 Feb 25 00:24:55 ourumov-web sshd\[12892\]: Failed password for invalid user user from 217.182.68.93 port 34922 ssh2 ...	2020-02-25 08:12:53
59.127.236.228	attackbotsspam	Feb 25 00:24:29 jane sshd[1988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.127.236.228 Feb 25 00:24:31 jane sshd[1988]: Failed password for invalid user cpanel from 59.127.236.228 port 48648 ssh2 ...	2020-02-25 08:29:41
118.173.233.149	attackbots	suspicious action Mon, 24 Feb 2020 20:24:34 -0300	2020-02-25 08:26:43
51.68.123.198	attack	Feb 25 01:21:10 MK-Soft-VM7 sshd[28034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.123.198 Feb 25 01:21:13 MK-Soft-VM7 sshd[28034]: Failed password for invalid user anton from 51.68.123.198 port 45180 ssh2 ...	2020-02-25 08:34:25
45.136.108.85	attackbots	Feb 24 06:00:11 server sshd\[2516\]: Failed password for invalid user 22 from 45.136.108.85 port 1044 ssh2 Feb 25 03:06:25 server sshd\[24287\]: Invalid user 0 from 45.136.108.85 Feb 25 03:06:25 server sshd\[24287\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.136.108.85 Feb 25 03:06:26 server sshd\[24288\]: Invalid user 0 from 45.136.108.85 Feb 25 03:06:26 server sshd\[24288\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.136.108.85 ...	2020-02-25 08:07:11
51.178.16.227	attackbotsspam	Feb 25 00:24:45 ks10 sshd[566145]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.16.227 Feb 25 00:24:46 ks10 sshd[566145]: Failed password for invalid user ashok from 51.178.16.227 port 58286 ssh2 ...	2020-02-25 08:19:13
51.254.97.25	attackspambots	Ssh brute force	2020-02-25 08:18:43
139.99.238.48	attackbotsspam	Feb 24 13:38:44 hpm sshd\[27797\]: Invalid user sandbox from 139.99.238.48 Feb 24 13:38:44 hpm sshd\[27797\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=48.ip-139-99-238.net Feb 24 13:38:46 hpm sshd\[27797\]: Failed password for invalid user sandbox from 139.99.238.48 port 36084 ssh2 Feb 24 13:45:48 hpm sshd\[28416\]: Invalid user digital from 139.99.238.48 Feb 24 13:45:48 hpm sshd\[28416\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=48.ip-139-99-238.net	2020-02-25 07:58:38
80.244.187.181	attackbotsspam	Feb 25 00:55:13 lnxded63 sshd[23086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.244.187.181 Feb 25 00:55:13 lnxded63 sshd[23086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.244.187.181 Feb 25 00:55:16 lnxded63 sshd[23086]: Failed password for invalid user steam from 80.244.187.181 port 39070 ssh2	2020-02-25 08:12:21
92.119.160.143	attackbotsspam	Feb 24 23:31:01 h2177944 kernel: \[5781255.261009\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=92.119.160.143 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=40040 PROTO=TCP SPT=51103 DPT=6501 WINDOW=1024 RES=0x00 SYN URGP=0 Feb 24 23:31:01 h2177944 kernel: \[5781255.261023\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=92.119.160.143 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=40040 PROTO=TCP SPT=51103 DPT=6501 WINDOW=1024 RES=0x00 SYN URGP=0 Feb 24 23:59:45 h2177944 kernel: \[5782978.232172\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=92.119.160.143 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=36864 PROTO=TCP SPT=51103 DPT=5617 WINDOW=1024 RES=0x00 SYN URGP=0 Feb 24 23:59:45 h2177944 kernel: \[5782978.232185\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=92.119.160.143 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=36864 PROTO=TCP SPT=51103 DPT=5617 WINDOW=1024 RES=0x00 SYN URGP=0 Feb 25 00:24:47 h2177944 kernel: \[5784480.365772\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=92.119.160.143 DST=85.214.	2020-02-25 08:17:47
187.167.196.48	attack	Automatic report - Port Scan Attack	2020-02-25 07:57:52

Recently Reported IPs

184.204.137.204	107.12.232.119	42.2.220.152	218.145.3.204
109.115.124.45	2400:dd0d:2000:0:29e8:40c9:1127:487	179.70.125.97	105.111.85.179
160.3.144.59	90.49.9.48	100.12.84.193	1.58.197.55
126.97.108.189	223.166.75.121	144.181.163.172	223.166.75.63
81.59.30.194	149.28.1.201	80.8.159.18	223.166.75.62