111.42.102.80 - IPInfo

Basic Info

City: Harbin

Region: Heilongjiang

Country: China

Internet Service Provider: China Mobile

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
111.42.102.79	attackspam	User agent spoofing, Connecting to IP instead of domain name, Page: /HNAP1/	2020-05-07 01:14:37
111.42.102.67	attackspambots	Honeypot attack, port: 5555, PTR: PTR record not found	2020-04-25 03:32:16
111.42.102.127	attackspambots	GPON Home Routers Remote Code Execution Vulnerability	2020-04-02 05:51:06
111.42.102.153	attackbots	Unauthorized connection attempt detected from IP address 111.42.102.153 to port 2323 [J]	2020-01-23 00:28:39
111.42.102.142	attack	unauthorized connection attempt	2020-01-09 17:44:14
111.42.102.65	attack	Unauthorized connection attempt detected from IP address 111.42.102.65 to port 23 [T]	2020-01-09 01:59:28
111.42.102.128	attackspam	Jan 5 22:51:44 debian-2gb-nbg1-2 kernel: \[520425.417666\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=111.42.102.128 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0xE0 TTL=49 ID=36552 PROTO=TCP SPT=1600 DPT=23 WINDOW=57023 RES=0x00 SYN URGP=0	2020-01-06 05:54:28
111.42.102.129	attackbots	Honeypot attack, port: 23, PTR: PTR record not found	2020-01-05 00:45:19
111.42.102.81	attackbots	Dec 26 15:50:33 h2177944 kernel: \[570559.418076\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=111.42.102.81 DST=85.214.117.9 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=40763 DF PROTO=TCP SPT=33462 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0 Dec 26 15:50:33 h2177944 kernel: \[570559.418089\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=111.42.102.81 DST=85.214.117.9 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=40763 DF PROTO=TCP SPT=33462 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0 Dec 26 15:50:36 h2177944 kernel: \[570562.569922\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=111.42.102.81 DST=85.214.117.9 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=40764 DF PROTO=TCP SPT=33462 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0 Dec 26 15:50:36 h2177944 kernel: \[570562.569936\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=111.42.102.81 DST=85.214.117.9 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=40764 DF PROTO=TCP SPT=33462 DPT=23 WINDOW=5840 RES=0x00 SYN URGP=0 Dec 26 15:50:43 h2177944 kernel: \[570568.878485\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=111.42.102.81 DST=85.214.117.9 LEN=	2019-12-27 03:21:44
111.42.102.134	attack	5060/udp [2019-12-13]1pkt	2019-12-14 00:53:02
111.42.102.140	attackspam	23/tcp [2019-12-12]1pkt	2019-12-13 00:29:39
111.42.102.145	attack	Automatic report - Port Scan Attack	2019-12-11 13:17:16
111.42.102.74	attack	Mirai and Reaper Exploitation Traffic	2019-11-23 05:19:47

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 111.42.102.80
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28570
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;111.42.102.80.			IN	A

;; AUTHORITY SECTION:
.			413	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022092700 1800 900 604800 86400

;; Query time: 104 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Sep 27 17:47:01 CST 2022
;; MSG SIZE  rcvd: 106

Host info

b'Host 80.102.42.111.in-addr.arpa not found: 2(SERVFAIL)
'

Nslookup info:

server can't find 111.42.102.80.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
92.222.88.30	attackbots	Oct 14 18:58:10 vpn01 sshd[4374]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.222.88.30 Oct 14 18:58:12 vpn01 sshd[4374]: Failed password for invalid user lourenco from 92.222.88.30 port 44372 ssh2 ...	2019-10-15 01:57:13
118.122.77.193	attackbotsspam	Oct 14 15:16:21 xeon sshd[55583]: Failed password for root from 118.122.77.193 port 54710 ssh2	2019-10-15 01:53:51
212.237.58.253	attack	Oct 14 13:44:19 mail postfix/smtpd\[4321\]: warning: unknown\[212.237.58.253\]: SASL PLAIN authentication failed: Connection lost to authentication server Oct 14 13:44:30 mail postfix/smtpd\[4321\]: warning: unknown\[212.237.58.253\]: SASL PLAIN authentication failed: Connection lost to authentication server Oct 14 13:44:59 mail postfix/smtpd\[4321\]: warning: unknown\[212.237.58.253\]: SASL PLAIN authentication failed: Connection lost to authentication server	2019-10-15 01:42:00
116.230.48.46	attackbots	Attempt to attack host OS, exploiting network vulnerabilities, on 14-10-2019 12:45:17.	2019-10-15 02:00:51
115.68.207.48	attackspambots	Lines containing failures of 115.68.207.48 Oct 14 12:15:56 mx-in-01 sshd[11231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.68.207.48 user=r.r Oct 14 12:15:58 mx-in-01 sshd[11231]: Failed password for r.r from 115.68.207.48 port 60048 ssh2 Oct 14 12:15:59 mx-in-01 sshd[11231]: Received disconnect from 115.68.207.48 port 60048:11: Bye Bye [preauth] Oct 14 12:15:59 mx-in-01 sshd[11231]: Disconnected from authenticating user r.r 115.68.207.48 port 60048 [preauth] Oct 14 12:30:26 mx-in-01 sshd[12382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.68.207.48 user=r.r Oct 14 12:30:28 mx-in-01 sshd[12382]: Failed password for r.r from 115.68.207.48 port 55370 ssh2 Oct 14 12:30:29 mx-in-01 sshd[12382]: Received disconnect from 115.68.207.48 port 55370:11: Bye Bye [preauth] Oct 14 12:30:29 mx-in-01 sshd[12382]: Disconnected from authenticating user r.r 115.68.207.48 port 55370 [preauth........ ------------------------------	2019-10-15 01:34:41
195.46.20.146	attack	Brute force attempt	2019-10-15 01:20:47
121.234.236.134	attackbotsspam	Port Scan: TCP/443	2019-10-15 01:36:01
117.194.80.89	attackspam	Attempt to attack host OS, exploiting network vulnerabilities, on 14-10-2019 12:45:17.	2019-10-15 02:00:24
104.244.75.93	attackspam	Telnet Server BruteForce Attack	2019-10-15 01:36:55
177.36.8.226	attackspambots	WordPress wp-login brute force :: 177.36.8.226 0.076 BYPASS [15/Oct/2019:04:19:22 1100] [censored_4] "POST /wp-login.php HTTP/1.1" 200 3989 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-10-15 01:28:01
51.83.76.36	attackbotsspam	Oct 14 13:42:43 XXX sshd[24889]: Invalid user rator from 51.83.76.36 port 34670	2019-10-15 01:31:36
61.250.149.222	attackspam	Oct 14 15:38:11 jupiter sshd\[20293\]: Invalid user www from 61.250.149.222 Oct 14 15:38:11 jupiter sshd\[20293\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.250.149.222 Oct 14 15:38:14 jupiter sshd\[20293\]: Failed password for invalid user www from 61.250.149.222 port 11204 ssh2 ...	2019-10-15 01:19:33
129.213.122.26	attackspambots	Oct 8 17:30:55 heissa sshd\[6846\]: Invalid user 123 from 129.213.122.26 port 42928 Oct 8 17:30:55 heissa sshd\[6846\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.213.122.26 Oct 8 17:30:57 heissa sshd\[6846\]: Failed password for invalid user 123 from 129.213.122.26 port 42928 ssh2 Oct 8 17:34:51 heissa sshd\[7427\]: Invalid user Iolanda@321 from 129.213.122.26 port 53512 Oct 8 17:34:51 heissa sshd\[7427\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.213.122.26	2019-10-15 01:29:59
190.217.185.74	attackbotsspam	Automatic report - Port Scan Attack	2019-10-15 01:55:49
103.26.99.114	attack	Oct 12 06:38:53 heissa sshd\[5874\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.99.114 user=root Oct 12 06:38:56 heissa sshd\[5874\]: Failed password for root from 103.26.99.114 port 21029 ssh2 Oct 12 06:42:50 heissa sshd\[6568\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.99.114 user=root Oct 12 06:42:51 heissa sshd\[6568\]: Failed password for root from 103.26.99.114 port 59921 ssh2 Oct 12 06:46:59 heissa sshd\[7211\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.26.99.114 user=root	2019-10-15 01:25:10

Recently Reported IPs

222.78.61.87	221.54.225.144	176.242.12.94	229.33.170.103
86.208.204.117	202.108.66.80	210.42.71.108	20.171.32.45
118.246.190.114	36.253.201.85	67.101.21.178	197.184.38.121
2.233.242.38	91.230.68.161	111.160.163.167	78.25.57.130
228.126.30.20	240.133.84.178	157.57.179.175	44.13.79.114