59.127.42.158 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Taiwan, China

Internet Service Provider: Chunghwa Telecom Co. Ltd.

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Telnet Server BruteForce Attack	2020-05-23 22:21:01

Comments on same subnet:

IP	Type	Details	Datetime
59.127.42.161	attack	Unauthorized connection attempt detected from IP address 59.127.42.161 to port 2323 [J]	2020-01-06 15:22:28
59.127.42.161	attack	Nov 2 12:53:41 h2177944 kernel: \[5571318.147353\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=59.127.42.161 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=37671 PROTO=TCP SPT=22664 DPT=23 WINDOW=30112 RES=0x00 SYN URGP=0 Nov 2 12:53:59 h2177944 kernel: \[5571336.083792\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=59.127.42.161 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=37671 PROTO=TCP SPT=22664 DPT=23 WINDOW=30112 RES=0x00 SYN URGP=0 Nov 2 12:55:06 h2177944 kernel: \[5571403.109164\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=59.127.42.161 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=37671 PROTO=TCP SPT=22664 DPT=23 WINDOW=30112 RES=0x00 SYN URGP=0 Nov 2 12:56:00 h2177944 kernel: \[5571457.817924\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=59.127.42.161 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=47 ID=37671 PROTO=TCP SPT=22664 DPT=23 WINDOW=30112 RES=0x00 SYN URGP=0 Nov 2 12:57:50 h2177944 kernel: \[5571567.477215\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=59.127.42.161 DST=85.214.117.9 LEN=40	2019-11-02 21:33:52
59.127.42.161	attackspam	Unauthorized SSH login attempts	2019-10-23 02:26:28
59.127.42.161	attackspambots	Seq 2995002506	2019-10-22 04:47:51

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 59.127.42.158
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65029
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;59.127.42.158.			IN	A

;; AUTHORITY SECTION:
.			579	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020052301 1800 900 604800 86400

;; Query time: 254 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat May 23 22:20:56 CST 2020
;; MSG SIZE  rcvd: 117

Host info

158.42.127.59.in-addr.arpa domain name pointer 59-127-42-158.HINET-IP.hinet.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
158.42.127.59.in-addr.arpa	name = 59-127-42-158.HINET-IP.hinet.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
114.115.238.147	attackspam	Honeypot attack, port: 23, PTR: ecs-114-115-238-147.compute.hwclouds-dns.com.	2019-11-12 05:21:52
124.152.76.213	attackbotsspam	Nov 11 20:09:00 root sshd[22561]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.152.76.213 Nov 11 20:09:02 root sshd[22561]: Failed password for invalid user vic from 124.152.76.213 port 11781 ssh2 Nov 11 20:13:47 root sshd[22669]: Failed password for sshd from 124.152.76.213 port 28835 ssh2 ...	2019-11-12 05:34:47
138.197.180.102	attackspam	F2B jail: sshd. Time: 2019-11-11 20:00:48, Reported by: VKReport	2019-11-12 05:03:42
154.8.212.215	attackbots	Nov 11 22:02:07 server sshd\[18756\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.8.212.215 user=root Nov 11 22:02:10 server sshd\[18756\]: Failed password for root from 154.8.212.215 port 50444 ssh2 Nov 11 22:19:58 server sshd\[23000\]: Invalid user jammu from 154.8.212.215 Nov 11 22:19:58 server sshd\[23000\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.8.212.215 Nov 11 22:20:00 server sshd\[23000\]: Failed password for invalid user jammu from 154.8.212.215 port 35516 ssh2 ...	2019-11-12 05:10:56
5.155.148.137	attack	Honeypot attack, port: 445, PTR: PTR record not found	2019-11-12 05:04:47
78.46.85.15	attackbotsspam	"GET /adminer.php HTTP/1.1" 404 "GET /ad.php HTTP/1.1" 404 "GET /adm.php HTTP/1.1" 404 "GET /connect.php HTTP/1.1" 404 "GET /_adminer.php HTTP/1.1" 404 "GET /pma.php HTTP/1.1" 404 "GET /db.php HTTP/1.1" 404 "GET /adminer-4.2.5.php HTTP/1.1" 404 "GET /adminer-4.6.2.php HTTP/1.1" 404 "GET /adminer-4.3.1.php HTTP/1.1" 404 "GET /adminer-4.2.4.php HTTP/1.1" 404 "GET /adminer-4.1.0.php HTTP/1.1" 404 "GET /adminer-4.2.5-mysql.php HTTP/1.1" 404 "GET /adminer-4.6.2-mysql.php HTTP/1.1" 404 "GET /adminer-4.3.1-mysql.php HTTP/1.1" 404	2019-11-12 05:04:26
202.29.56.202	attackbots	Nov 11 11:32:16 ws19vmsma01 sshd[244388]: Failed password for root from 202.29.56.202 port 8452 ssh2 Nov 11 11:37:20 ws19vmsma01 sshd[10264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.29.56.202 ...	2019-11-12 05:02:18
189.7.129.60	attack	SSH Brute Force	2019-11-12 05:07:14
177.43.72.253	attackspam	Spam trapped	2019-11-12 05:03:26
52.231.153.23	attack	"Fail2Ban detected SSH brute force attempt"	2019-11-12 05:06:54
1.170.5.39	attack	Honeypot attack, port: 23, PTR: 1-170-5-39.dynamic-ip.hinet.net.	2019-11-12 05:15:12
200.70.56.204	attack	$f2bV_matches	2019-11-12 05:21:24
5.135.223.35	attackspambots	Nov 11 18:25:51 sd-53420 sshd\[13422\]: Invalid user siona from 5.135.223.35 Nov 11 18:25:51 sd-53420 sshd\[13422\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.223.35 Nov 11 18:25:53 sd-53420 sshd\[13422\]: Failed password for invalid user siona from 5.135.223.35 port 33162 ssh2 Nov 11 18:29:25 sd-53420 sshd\[15054\]: User root from 5.135.223.35 not allowed because none of user's groups are listed in AllowGroups Nov 11 18:29:25 sd-53420 sshd\[15054\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.223.35 user=root ...	2019-11-12 05:29:13
159.203.201.47	attack	11/11/2019-15:36:26.252399 159.203.201.47 Protocol: 17 ET DROP Dshield Block Listed Source group 1	2019-11-12 05:37:59
190.145.39.36	attackspambots	Honeypot attack, port: 23, PTR: PTR record not found	2019-11-12 05:42:15

Recently Reported IPs

45.77.96.136	217.182.88.95	195.245.148.218	88.208.45.135
190.85.36.254	187.188.48.243	5.101.0.195	154.0.206.102
64.227.110.152	185.151.243.89	165.22.28.19	88.208.45.126
180.242.223.91	140.213.34.244	106.13.103.251	185.216.140.101
80.89.203.146	36.228.235.116	186.95.239.62	108.162.229.121