103.141.138.117

Basic Info

City: unknown

Region: unknown

Country: Viet Nam

Internet Service Provider: PTV Telecom Services Company Limited

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	2019-12-05T07:29:35.815078scmdmz1 sshd\[30678\]: Invalid user user from 103.141.138.117 port 60532 2019-12-05T07:29:35.818814scmdmz1 sshd\[30678\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.141.138.117 2019-12-05T07:29:37.964302scmdmz1 sshd\[30678\]: Failed password for invalid user user from 103.141.138.117 port 60532 ssh2 ...	2019-12-05 16:52:47

Type

Details

Datetime

attackspam

2019-12-05T07:29:35.815078scmdmz1 sshd\[30678\]: Invalid user user from 103.141.138.117 port 60532
2019-12-05T07:29:35.818814scmdmz1 sshd\[30678\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.141.138.117
2019-12-05T07:29:37.964302scmdmz1 sshd\[30678\]: Failed password for invalid user user from 103.141.138.117 port 60532 ssh2
...

2019-12-05 16:52:47

Comments on same subnet:

IP	Type	Details	Datetime
103.141.138.124	attackspam	Postfix SMTP rejection	2020-09-22 03:05:08
103.141.138.124	attack	Postfix SMTP rejection	2020-09-21 18:50:40
103.141.138.228	attackspambots	Port scan denied	2020-08-28 17:15:41
103.141.138.228	attackspam	SmallBizIT.US 1 packets to tcp(3389)	2020-08-18 08:00:43
103.141.138.127	attackbotsspam	(smtpauth) Failed SMTP AUTH login from 103.141.138.127 (VN/Vietnam/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2020-08-13 08:25:29 login authenticator failed for (Q8VSmPHTN) [103.141.138.127]: 535 Incorrect authentication data (set_id=info)	2020-08-13 13:21:04
103.141.138.127	attackbotsspam	VN VN/Vietnam/- Failures: 5 smtpauth	2020-08-05 19:52:25
103.141.138.119	attackspambots	Oct 30 00:50:45 server sshd\[18755\]: Invalid user support from 103.141.138.119 Oct 30 00:50:45 server sshd\[18755\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.141.138.119 Oct 30 00:50:47 server sshd\[18755\]: Failed password for invalid user support from 103.141.138.119 port 53904 ssh2 Oct 30 00:51:17 server sshd\[18856\]: Invalid user support from 103.141.138.119 Oct 30 00:51:17 server sshd\[18856\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.141.138.119 ...	2019-10-30 07:47:22
103.141.138.119	attackbotsspam	Oct 29 04:54:20 mail sshd[11629]: Invalid user support from 103.141.138.119 ...	2019-10-29 14:51:03
103.141.138.131	attackspam	Oct 29 00:21:38 MK-Soft-VM3 sshd[14856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.141.138.131 Oct 29 00:21:40 MK-Soft-VM3 sshd[14856]: Failed password for invalid user admin from 103.141.138.131 port 63803 ssh2 ...	2019-10-29 08:09:00
103.141.138.121	attackspam	Oct 28 18:32:01 mail sshd\[31785\]: Invalid user 1234 from 103.141.138.121 Oct 28 18:32:01 mail sshd\[31785\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.141.138.121 Oct 28 18:32:03 mail sshd\[31785\]: Failed password for invalid user 1234 from 103.141.138.121 port 58347 ssh2 ...	2019-10-29 03:59:05
103.141.138.133	attackspam	Oct 28 10:31:13 vpn01 sshd[30004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.141.138.133 Oct 28 10:31:15 vpn01 sshd[30004]: Failed password for invalid user ftp from 103.141.138.133 port 53559 ssh2 ...	2019-10-28 19:49:42
103.141.138.125	attackspam	2019-10-27T19:08:21.076458enmeeting.mahidol.ac.th sshd\[1272\]: User root from 103.141.138.125 not allowed because not listed in AllowUsers 2019-10-27T19:08:21.199731enmeeting.mahidol.ac.th sshd\[1272\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.141.138.125 user=root 2019-10-27T19:08:23.359930enmeeting.mahidol.ac.th sshd\[1272\]: Failed password for invalid user root from 103.141.138.125 port 65086 ssh2 ...	2019-10-27 21:10:18
103.141.138.131	attackbots	Oct 26 22:38:40 debian64 sshd\[2982\]: Invalid user admin from 103.141.138.131 port 63076 Oct 26 22:38:40 debian64 sshd\[2982\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.141.138.131 Oct 26 22:38:42 debian64 sshd\[2982\]: Failed password for invalid user admin from 103.141.138.131 port 63076 ssh2 ...	2019-10-27 04:45:21
103.141.138.119	attackbots	[portscan] tcp/22 [SSH] [scan/connect: 4 time(s)] in blocklist.de:'listed [ssh]' in spfbl.net:'listed' *(RWIN=8192)(10261102)	2019-10-26 19:54:00
103.141.138.133	attackbots	Oct 26 05:49:54 vpn01 sshd[13711]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.141.138.133 Oct 26 05:49:56 vpn01 sshd[13711]: Failed password for invalid user ftp from 103.141.138.133 port 49806 ssh2 ...	2019-10-26 15:09:24

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 103.141.138.117
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27760
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;103.141.138.117.		IN	A

;; AUTHORITY SECTION:
.			212	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019120500 1800 900 604800 86400

;; Query time: 127 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Dec 05 16:52:42 CST 2019
;; MSG SIZE  rcvd: 119

Host info

Host 117.138.141.103.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 117.138.141.103.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
90.73.243.149	attack	Lines containing failures of 90.73.243.149 Jan 7 14:45:00 icinga sshd[30047]: Invalid user mb from 90.73.243.149 port 41602 Jan 7 14:45:00 icinga sshd[30047]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.73.243.149 Jan 7 14:45:01 icinga sshd[30047]: Failed password for invalid user mb from 90.73.243.149 port 41602 ssh2 Jan 7 14:45:01 icinga sshd[30047]: Received disconnect from 90.73.243.149 port 41602:11: Bye Bye [preauth] Jan 7 14:45:01 icinga sshd[30047]: Disconnected from invalid user mb 90.73.243.149 port 41602 [preauth] Jan 7 15:39:57 icinga sshd[12414]: Invalid user jira from 90.73.243.149 port 36032 Jan 7 15:39:57 icinga sshd[12414]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.73.243.149 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=90.73.243.149	2020-01-11 07:05:23
37.49.231.168	attackspam	Jan 10 22:09:40 debian-2gb-nbg1-2 kernel: \[949890.218838\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=37.49.231.168 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=56277 PROTO=TCP SPT=48486 DPT=8081 WINDOW=1024 RES=0x00 SYN URGP=0	2020-01-11 07:26:42
58.87.67.142	attackbots	2020-01-10T21:24:48.773205shield sshd\[15654\]: Invalid user P@ssw0rt123!@\# from 58.87.67.142 port 50250 2020-01-10T21:24:48.779210shield sshd\[15654\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.67.142 2020-01-10T21:24:51.199180shield sshd\[15654\]: Failed password for invalid user P@ssw0rt123!@\# from 58.87.67.142 port 50250 ssh2 2020-01-10T21:27:24.431572shield sshd\[16420\]: Invalid user zhaohuan from 58.87.67.142 port 39068 2020-01-10T21:27:24.435273shield sshd\[16420\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.87.67.142	2020-01-11 07:24:48
188.165.221.36	attackbots	[Aegis] @ 2020-01-10 21:09:27 0000 -> Attempt to use mail server as relay (550: Requested action not taken).	2020-01-11 07:31:25
88.248.183.7	attackspambots	Honeypot attack, port: 445, PTR: 88.248.183.7.static.ttnet.com.tr.	2020-01-11 07:20:14
139.59.22.169	attackspambots	Jan 10 22:09:44 mail sshd[15644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.22.169 user=root Jan 10 22:09:45 mail sshd[15644]: Failed password for root from 139.59.22.169 port 46936 ssh2 ...	2020-01-11 07:22:19
175.198.81.71	attackspambots	Jan 10 12:14:38 web1 sshd\[23203\]: Invalid user vl from 175.198.81.71 Jan 10 12:14:38 web1 sshd\[23203\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.198.81.71 Jan 10 12:14:40 web1 sshd\[23203\]: Failed password for invalid user vl from 175.198.81.71 port 53710 ssh2 Jan 10 12:22:56 web1 sshd\[23901\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.198.81.71 user=root Jan 10 12:22:58 web1 sshd\[23901\]: Failed password for root from 175.198.81.71 port 33538 ssh2	2020-01-11 07:35:36
117.102.68.188	attackspambots	Unauthorized connection attempt detected from IP address 117.102.68.188 to port 22	2020-01-11 07:19:59
77.42.88.155	attack	Unauthorized connection attempt detected from IP address 77.42.88.155 to port 23	2020-01-11 07:09:05
94.130.10.131	attackbotsspam	RDP Brute-Force (honeypot 7)	2020-01-11 07:30:25
61.54.207.152	attackbotsspam	Telnet Server BruteForce Attack	2020-01-11 07:12:03
24.237.99.120	attack	Automatic report - SSH Brute-Force Attack	2020-01-11 07:21:42
70.113.222.187	attack	Honeypot attack, port: 81, PTR: cpe-70-113-222-187.stx.res.rr.com.	2020-01-11 07:16:06
27.254.198.178	attack	Honeypot attack, port: 445, PTR: PTR record not found	2020-01-11 07:35:23
82.202.247.45	attack	Unauthorized connection attempt from IP address 82.202.247.45 on Port 3389(RDP)	2020-01-11 07:01:36

Recently Reported IPs

83.97.20.196	182.242.104.23	101.127.109.218	139.162.44.81
129.204.141.119	43.146.177.86	152.32.98.154	38.98.219.251
88.173.91.55	0.101.168.218	79.211.14.57	171.150.73.205
233.100.145.253	75.128.80.237	124.47.53.188	100.92.186.4
1.254.147.130	62.74.197.247	188.64.175.190	68.86.77.49