42.239.80.68 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: China Unicom Henan Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Unauthorised access (Nov 12) SRC=42.239.80.68 LEN=40 TTL=50 ID=59138 TCP DPT=23 WINDOW=29985 SYN	2019-11-13 00:30:15

Comments on same subnet:

IP	Type	Details	Datetime
42.239.80.102	attackspam	Jul 5 00:36:57 xxxxxxx0 sshd[27781]: Invalid user admin from 42.239.80.102 port 47393 Jul 5 00:36:57 xxxxxxx0 sshd[27781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.239.80.102 Jul 5 00:36:59 xxxxxxx0 sshd[27781]: Failed password for invalid user admin from 42.239.80.102 port 47393 ssh2 Jul 5 00:37:01 xxxxxxx0 sshd[27781]: Failed password for invalid user admin from 42.239.80.102 port 47393 ssh2 Jul 5 00:37:03 xxxxxxx0 sshd[27781]: Failed password for invalid user admin from 42.239.80.102 port 47393 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=42.239.80.102	2019-07-05 15:08:19

Type

Details

Datetime

42.239.80.102

attackspam

Jul  5 00:36:57 xxxxxxx0 sshd[27781]: Invalid user admin from 42.239.80.102 port 47393
Jul  5 00:36:57 xxxxxxx0 sshd[27781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.239.80.102
Jul  5 00:36:59 xxxxxxx0 sshd[27781]: Failed password for invalid user admin from 42.239.80.102 port 47393 ssh2
Jul  5 00:37:01 xxxxxxx0 sshd[27781]: Failed password for invalid user admin from 42.239.80.102 port 47393 ssh2
Jul  5 00:37:03 xxxxxxx0 sshd[27781]: Failed password for invalid user admin from 42.239.80.102 port 47393 ssh2

........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=42.239.80.102

2019-07-05 15:08:19

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.239.80.68
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27811
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.239.80.68.			IN	A

;; AUTHORITY SECTION:
.			564	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019111200 1800 900 604800 86400

;; Query time: 58 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Nov 13 00:30:04 CST 2019
;; MSG SIZE  rcvd: 116

Host info

68.80.239.42.in-addr.arpa domain name pointer hn.kd.ny.adsl.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
68.80.239.42.in-addr.arpa	name = hn.kd.ny.adsl.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
187.216.2.146	attack	Autoban 187.216.2.146 AUTH/CONNECT	2019-07-22 10:54:31
185.222.211.237	attackbotsspam	Jul 22 05:14:52 relay postfix/smtpd\[13433\]: NOQUEUE: reject: RCPT from unknown\[185.222.211.237\]: 554 5.7.1 \: Relay access denied\; from=\ to=\ proto=ESMTP helo=\ Jul 22 05:14:52 relay postfix/smtpd\[13433\]: NOQUEUE: reject: RCPT from unknown\[185.222.211.237\]: 554 5.7.1 \: Relay access denied\; from=\ to=\ proto=ESMTP helo=\ Jul 22 05:14:52 relay postfix/smtpd\[13433\]: NOQUEUE: reject: RCPT from unknown\[185.222.211.237\]: 554 5.7.1 \: Relay access denied\; from=\ to=\ proto=ESMTP helo=\ Jul 22 05:14:52 relay postfix/smtpd\[13433\]: NOQUEUE: reject: RCPT from unknown\[185.222.211.237\]: 554 5.7.1 \: Relay access denied\; from=\	2019-07-22 11:17:28
13.115.249.125	attackbots	Jul 21 16:26:21 euve59663 sshd[5431]: Invalid user ben from 13.115.249.= 125 Jul 21 16:26:21 euve59663 sshd[5431]: pam_unix(sshd:auth): authenticati= on failure; logname=3D uid=3D0 euid=3D0 tty=3Dssh ruser=3D rhost=3Dem3-= 13-115-249-125.ap-northeast-1.compute.amazonaws.com=20 Jul 21 16:26:23 euve59663 sshd[5431]: Failed password for invalid user = ben from 13.115.249.125 port 38380 ssh2 Jul 21 16:26:23 euve59663 sshd[5431]: Received disconnect from 13.115.2= 49.125: 11: Bye Bye [preauth] Jul 21 16:53:06 euve59663 sshd[1138]: Connection closed by 13.115.249.1= 25 [preauth] Jul 21 16:58:49 euve59663 sshd[1211]: Connection closed by 13.115.249.1= 25 [preauth] Jul 21 17:05:35 euve59663 sshd[29395]: Connection closed by 13.115.249.= 125 [preauth] Jul 21 17:11:34 euve59663 sshd[29461]: Connection closed by 13.115.249.= 125 [preauth] Jul 21 17:17:46 euve59663 sshd[29513]: Connection closed by 13.115.249.= 125 [preauth] Jul 21 17:24:26 euve59663 sshd[29565]: Connection closed ........ -------------------------------	2019-07-22 10:50:58
187.44.88.22	attack	Autoban 187.44.88.22 AUTH/CONNECT	2019-07-22 10:47:30
187.254.105.111	attackbots	Autoban 187.254.105.111 AUTH/CONNECT	2019-07-22 10:51:27
42.51.195.214	attackbots	SASL broute force	2019-07-22 11:29:35
187.237.130.98	attackspambots	Jul 22 05:14:11 fr01 sshd[26988]: Invalid user moodle from 187.237.130.98 ...	2019-07-22 11:34:17
103.206.230.2	attack	Jul 22 12:25:58 our-server-hostname postfix/smtpd[4292]: connect from unknown[103.206.230.2] Jul x@x Jul x@x Jul x@x Jul x@x Jul x@x Jul x@x Jul x@x Jul x@x Jul x@x Jul x@x Jul x@x Jul x@x ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=103.206.230.2	2019-07-22 11:32:39
170.76.182.251	attack	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-20 12:24:04,340 INFO [shellcode_manager] (170.76.182.251) no match, writing hexdump (e59264d9740c97e0183cd514592e43c6 :2384733) - MS17010 (EternalBlue)	2019-07-22 11:24:17
165.90.21.49	attackbots	Jul 22 05:14:24 ArkNodeAT sshd\[14012\]: Invalid user backup2 from 165.90.21.49 Jul 22 05:14:24 ArkNodeAT sshd\[14012\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.90.21.49 Jul 22 05:14:26 ArkNodeAT sshd\[14012\]: Failed password for invalid user backup2 from 165.90.21.49 port 31739 ssh2	2019-07-22 11:27:48
187.17.174.245	attackspam	Autoban 187.17.174.245 AUTH/CONNECT	2019-07-22 11:11:07
51.83.33.156	attackbots	Jul 22 05:09:44 SilenceServices sshd[22690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.33.156 Jul 22 05:09:46 SilenceServices sshd[22690]: Failed password for invalid user james from 51.83.33.156 port 44494 ssh2 Jul 22 05:14:10 SilenceServices sshd[27241]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.33.156	2019-07-22 11:34:51
109.100.138.62	attack	Jul 22 12:24:20 our-server-hostname postfix/smtpd[21375]: connect from unknown[109.100.138.62] Jul x@x Jul x@x Jul x@x Jul x@x Jul x@x Jul x@x Jul x@x Jul x@x Jul x@x Jul x@x Jul x@x Jul x@x ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=109.100.138.62	2019-07-22 11:19:30
187.163.75.57	attackbots	Autoban 187.163.75.57 AUTH/CONNECT	2019-07-22 11:10:43
45.35.201.171	attack	Jul 22 05:14:19 mars sshd\[27275\]: Invalid user ok from 45.35.201.171 Jul 22 05:14:19 mars sshd\[27275\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.35.201.171 Jul 22 05:14:21 mars sshd\[27275\]: Failed password for invalid user ok from 45.35.201.171 port 34642 ssh2 ...	2019-07-22 11:30:05

Recently Reported IPs

219.155.247.27	173.230.226.254	217.164.64.186	223.81.65.62
200.31.253.65	54.218.27.191	30.113.236.62	45.119.215.68
141.8.68.110	43.57.153.189	154.209.197.117	161.251.16.100
170.238.195.19	31.219.214.169	90.225.104.255	87.21.212.73
0.231.206.168	58.90.70.36	150.245.190.163	199.141.36.165