112.140.16.92 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Japan

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
112.140.160.254	normal	Issue is fixed	2020-08-28 23:19:26
112.140.160.254	attack	WordPress (CMS) attack attempts. Date: 2019 Oct 14. 21:41:51 Source IP: 112.140.160.254 Portion of the log(s): 112.140.160.254 - [14/Oct/2019:21:41:49 +0200] "POST /wp-login.php HTTP/1.1" 200 2389 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 112.140.160.254 - [14/Oct/2019:21:41:46 +0200] "POST /wp-login.php HTTP/1.1" 200 2388 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 112.140.160.254 - [14/Oct/2019:21:41:43 +0200] "POST /wp-login.php HTTP/1.1" 200 2385 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 112.140.160.254 - [14/Oct/2019:21:41:40 +0200] "POST /wp-login.php HTTP/1.1" 200 2394 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 112.140.160.254 - [14/Oct/2019:21:41:38 +0200] "POST /wp-login.php HTTP/1.1" 200 2385 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ....	2019-10-15 07:09:20

Type

Details

Datetime

112.140.160.254

normal

Issue is fixed

2020-08-28 23:19:26

112.140.160.254

attack

WordPress (CMS) attack attempts.
Date: 2019 Oct 14. 21:41:51
Source IP: 112.140.160.254

Portion of the log(s):
112.140.160.254 - [14/Oct/2019:21:41:49 +0200] "POST /wp-login.php HTTP/1.1" 200 2389 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
112.140.160.254 - [14/Oct/2019:21:41:46 +0200] "POST /wp-login.php HTTP/1.1" 200 2388 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
112.140.160.254 - [14/Oct/2019:21:41:43 +0200] "POST /wp-login.php HTTP/1.1" 200 2385 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
112.140.160.254 - [14/Oct/2019:21:41:40 +0200] "POST /wp-login.php HTTP/1.1" 200 2394 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
112.140.160.254 - [14/Oct/2019:21:41:38 +0200] "POST /wp-login.php HTTP/1.1" 200 2385 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ....

2019-10-15 07:09:20

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 112.140.16.92
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41989
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;112.140.16.92.			IN	A

;; AUTHORITY SECTION:
.			142	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022032900 1800 900 604800 86400

;; Query time: 73 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Mar 29 18:19:46 CST 2022
;; MSG SIZE  rcvd: 106

Host info

92.16.140.112.in-addr.arpa domain name pointer nz092.net112140016.thn.ne.jp.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
92.16.140.112.in-addr.arpa	name = nz092.net112140016.thn.ne.jp.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
46.140.151.66	attack	Apr 15 20:16:51 XXX sshd[40723]: Invalid user test1 from 46.140.151.66 port 23207	2020-04-16 05:12:33
5.135.253.172	attackspam	ET CINS Active Threat Intelligence Poor Reputation IP group 4 - port: 28274 proto: TCP cat: Misc Attack	2020-04-16 04:48:47
134.209.63.140	attackbotsspam	Port Scan: Events[2] countPorts[2]: 13647 25770 ..	2020-04-16 05:09:00
92.118.160.1	attackbotsspam	Port Scan: Events[2] countPorts[2]: 4002 554 ..	2020-04-16 04:42:53
68.183.85.116	attackbots	ET CINS Active Threat Intelligence Poor Reputation IP group 57 - port: 17051 proto: TCP cat: Misc Attack	2020-04-16 04:38:48
45.143.220.141	attack	Apr 15 22:47:26 vps339862 kernel: \[6202561.697248\] \[iptables\] PORT DENIED: IN=eth0 OUT= MAC=fa:16:3e:65:a1:f6:06:39:8f:aa:3b:a2:08:00 SRC=45.143.220.141 DST=51.254.206.43 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=1012 PROTO=TCP SPT=42022 DPT=84 SEQ=67358091 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 Apr 15 22:47:42 vps339862 kernel: \[6202577.936014\] \[iptables\] PORT DENIED: IN=eth0 OUT= MAC=fa:16:3e:65:a1:f6:06:39:8f:aa:3b:a2:08:00 SRC=45.143.220.141 DST=51.254.206.43 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=54094 PROTO=TCP SPT=42022 DPT=8295 SEQ=3779935490 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 Apr 15 22:50:25 vps339862 kernel: \[6202740.776972\] \[iptables\] PORT DENIED: IN=eth0 OUT= MAC=fa:16:3e:65:a1:f6:06:39:8f:aa:3b:a2:08:00 SRC=45.143.220.141 DST=51.254.206.43 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=62655 PROTO=TCP SPT=42022 DPT=89 SEQ=1032469197 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 Apr 15 22:50:26 vps339862 kernel: \[6202741.801829\] \[iptables\] PORT DENIED: IN=eth0 OUT= MAC=fa:16:3e ...	2020-04-16 05:07:51
141.98.81.83	attackbotsspam	Apr 15 23:05:07 ks10 sshd[437479]: Failed password for root from 141.98.81.83 port 33641 ssh2 Apr 15 23:05:36 ks10 sshd[438064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.81.83 ...	2020-04-16 05:14:42
10.19.40.65	attackspambots	Port Scan: Events[3] countPorts[3]: 50458 46006 57239 ..	2020-04-16 04:53:41
47.99.130.27	attackspambots	Unauthorized connection attempt detected from IP address 47.99.130.27 to port 8080	2020-04-16 04:58:02
106.13.93.199	attackspambots	Apr 15 23:36:10 Enigma sshd[15523]: Invalid user cvsuser from 106.13.93.199 port 33764 Apr 15 23:36:10 Enigma sshd[15523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.93.199 Apr 15 23:36:10 Enigma sshd[15523]: Invalid user cvsuser from 106.13.93.199 port 33764 Apr 15 23:36:12 Enigma sshd[15523]: Failed password for invalid user cvsuser from 106.13.93.199 port 33764 ssh2 Apr 15 23:39:36 Enigma sshd[15716]: Invalid user kodi from 106.13.93.199 port 57610	2020-04-16 05:01:17
106.13.140.83	attackbots	Apr 15 22:22:11 mail sshd[401]: Invalid user teacher1 from 106.13.140.83 Apr 15 22:22:11 mail sshd[401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.140.83 Apr 15 22:22:11 mail sshd[401]: Invalid user teacher1 from 106.13.140.83 Apr 15 22:22:13 mail sshd[401]: Failed password for invalid user teacher1 from 106.13.140.83 port 43668 ssh2 Apr 15 22:25:54 mail sshd[792]: Invalid user files from 106.13.140.83 ...	2020-04-16 04:49:55
180.76.136.81	attack	2020-04-15T20:39:18.197014shield sshd\[25185\]: Invalid user shaca from 180.76.136.81 port 54170 2020-04-15T20:39:18.201153shield sshd\[25185\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.136.81 2020-04-15T20:39:19.831043shield sshd\[25185\]: Failed password for invalid user shaca from 180.76.136.81 port 54170 ssh2 2020-04-15T20:47:51.456335shield sshd\[26606\]: Invalid user admin from 180.76.136.81 port 54048 2020-04-15T20:47:51.460173shield sshd\[26606\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.136.81	2020-04-16 04:58:19
74.56.131.113	attackbotsspam	Apr 15 22:37:35 h1745522 sshd[5074]: Invalid user wpadmin from 74.56.131.113 port 54262 Apr 15 22:37:35 h1745522 sshd[5074]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.56.131.113 Apr 15 22:37:35 h1745522 sshd[5074]: Invalid user wpadmin from 74.56.131.113 port 54262 Apr 15 22:37:36 h1745522 sshd[5074]: Failed password for invalid user wpadmin from 74.56.131.113 port 54262 ssh2 Apr 15 22:41:02 h1745522 sshd[5326]: Invalid user ods_server from 74.56.131.113 port 33572 Apr 15 22:41:02 h1745522 sshd[5326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.56.131.113 Apr 15 22:41:02 h1745522 sshd[5326]: Invalid user ods_server from 74.56.131.113 port 33572 Apr 15 22:41:04 h1745522 sshd[5326]: Failed password for invalid user ods_server from 74.56.131.113 port 33572 ssh2 Apr 15 22:44:25 h1745522 sshd[5437]: Invalid user userftp from 74.56.131.113 port 40828 ...	2020-04-16 04:48:06
183.62.170.245	attack	2020-04-15T20:36:32.755838shield sshd\[24746\]: Invalid user john from 183.62.170.245 port 35138 2020-04-15T20:36:32.761154shield sshd\[24746\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.62.170.245 2020-04-15T20:36:35.269253shield sshd\[24746\]: Failed password for invalid user john from 183.62.170.245 port 35138 ssh2 2020-04-15T20:38:35.637724shield sshd\[25062\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.62.170.245 user=root 2020-04-15T20:38:37.701735shield sshd\[25062\]: Failed password for root from 183.62.170.245 port 53730 ssh2	2020-04-16 04:49:32
165.22.101.76	attackspam	Apr 15 22:54:15 srv01 sshd[23381]: Invalid user nadine from 165.22.101.76 port 40010 Apr 15 22:54:15 srv01 sshd[23381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.101.76 Apr 15 22:54:15 srv01 sshd[23381]: Invalid user nadine from 165.22.101.76 port 40010 Apr 15 22:54:17 srv01 sshd[23381]: Failed password for invalid user nadine from 165.22.101.76 port 40010 ssh2 Apr 15 22:58:05 srv01 sshd[23613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.101.76 user=root Apr 15 22:58:07 srv01 sshd[23613]: Failed password for root from 165.22.101.76 port 47950 ssh2 ...	2020-04-16 05:15:14

Recently Reported IPs

89.252.163.169	52.128.22.41	95.55.237.87	87.245.65.94
94.194.87.62	202.116.221.17	113.160.97.38	245.117.238.2
218.161.182.92	48.23.96.8	122.26.42.37	91.240.118.250
103.231.167.77	160.213.247.9	87.197.109.177	144.165.209.169
161.58.49.86	186.101.220.100	241.145.63.157	126.3.184.56