113.42.142.197

Basic Info

City: Kawaguchi

Region: Saitama

Country: Japan

Internet Service Provider: Nisshinandco. Ltd.

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	29.03.2020 21:34:23 Recursive DNS scan	2020-03-30 05:34:29

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 113.42.142.197
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6204
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;113.42.142.197.			IN	A

;; AUTHORITY SECTION:
.			161	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020032901 1800 900 604800 86400

;; Query time: 111 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Mar 30 05:34:26 CST 2020
;; MSG SIZE  rcvd: 118

Host info

197.142.42.113.in-addr.arpa is an alias for 197.192/29.142.42.113.in-addr.arpa.
197.192/29.142.42.113.in-addr.arpa domain name pointer wp1.nissin-kasei.co.jp.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
197.142.42.113.in-addr.arpa	canonical name = 197.192/29.142.42.113.in-addr.arpa.
197.192/29.142.42.113.in-addr.arpa	name = wp1.nissin-kasei.co.jp.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
177.38.10.112	attackbots	" "	2020-03-08 03:40:21
182.184.108.221	attack	Honeypot attack, port: 81, PTR: PTR record not found	2020-03-08 03:24:16
77.232.100.246	attack	2020-03-07T18:37:34.021317dmca.cloudsearch.cf sshd[17762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.100.246 user=root 2020-03-07T18:37:36.215422dmca.cloudsearch.cf sshd[17762]: Failed password for root from 77.232.100.246 port 42968 ssh2 2020-03-07T18:42:01.284163dmca.cloudsearch.cf sshd[18116]: Invalid user svnuser from 77.232.100.246 port 59472 2020-03-07T18:42:01.289811dmca.cloudsearch.cf sshd[18116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.100.246 2020-03-07T18:42:01.284163dmca.cloudsearch.cf sshd[18116]: Invalid user svnuser from 77.232.100.246 port 59472 2020-03-07T18:42:03.469159dmca.cloudsearch.cf sshd[18116]: Failed password for invalid user svnuser from 77.232.100.246 port 59472 ssh2 2020-03-07T18:46:18.395197dmca.cloudsearch.cf sshd[18397]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.232.100.246 user=root 2020-03-07T18: ...	2020-03-08 03:29:30
118.216.118.74	attackbots	Honeypot attack, port: 4567, PTR: PTR record not found	2020-03-08 03:49:39
222.186.15.10	attackbotsspam	Brute-force attempt banned	2020-03-08 03:39:22
181.112.216.3	attackbots	Unauthorized connection attempt from IP address 181.112.216.3 on Port 445(SMB)	2020-03-08 03:55:08
92.63.196.8	attackbots	Mar 7 20:17:31 debian-2gb-nbg1-2 kernel: \[5867811.142493\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=92.63.196.8 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=49448 PROTO=TCP SPT=42130 DPT=44484 WINDOW=1024 RES=0x00 SYN URGP=0	2020-03-08 03:24:37
43.230.196.34	attackspam	Honeypot attack, port: 445, PTR: PTR record not found	2020-03-08 03:27:09
34.87.185.57	attackspam	Mar 6 05:13:50 cumulus sshd[17077]: Did not receive identification string from 34.87.185.57 port 59384 Mar 6 05:14:18 cumulus sshd[17094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.87.185.57 user=r.r Mar 6 05:14:21 cumulus sshd[17094]: Failed password for r.r from 34.87.185.57 port 37338 ssh2 Mar 6 05:14:21 cumulus sshd[17094]: Received disconnect from 34.87.185.57 port 37338:11: Normal Shutdown, Thank you for playing [preauth] Mar 6 05:14:21 cumulus sshd[17094]: Disconnected from 34.87.185.57 port 37338 [preauth] Mar 6 05:14:57 cumulus sshd[17115]: Invalid user oracle from 34.87.185.57 port 40022 Mar 6 05:14:57 cumulus sshd[17115]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.87.185.57 Mar 6 05:14:59 cumulus sshd[17115]: Failed password for invalid user oracle from 34.87.185.57 port 40022 ssh2 Mar 6 05:14:59 cumulus sshd[17115]: Received disconnect from 34.87.185.57........ -------------------------------	2020-03-08 03:47:31
78.155.184.203	attackspam	03/07/2020-08:29:28.012257 78.155.184.203 Protocol: 6 ET SCAN Suspicious inbound to MSSQL port 1433	2020-03-08 03:46:51
113.254.180.240	attackbotsspam	Honeypot attack, port: 5555, PTR: 240-180-254-113-on-nets.com.	2020-03-08 03:36:30
185.173.224.24	attack	[SatMar0714:29:47.2964852020][:error][pid13880:tid47434858833664][client185.173.224.24:60470][client185.173.224.24]ModSecurity:Accessdeniedwithcode404$phase2$.Matchof"rx$/cache/timthumb\\\\\\\\.php\$$"against"REQUEST_FILENAME"required.[file"/etc/apache2/conf.d/modsec_rules/50_asl_rootkits.conf"][line"244"][id"318811"][rev"5"][msg"Atomicorp.comWAFRules:PossibleAttempttoAccessunauthorizedshellorexploitinWPcachedirectory"][data"/wp-content/uploads/2020/01/simple.php5"][severity"CRITICAL"][hostname"appetit-sa.ch"][uri"/wp-content/uploads/2020/01/simple.php5"][unique_id"XmOhyxWlZCVpu8YGiBIwSgAAAMY"]\,referer:http://site.ru[SatMar0714:29:48.7443812020][:error][pid13954:tid47434850428672][client185.173.224.24:32798][client185.173.224.24]ModSecurity:Accessdeniedwithcode404$phase2$.Matchof"rx$/cache/timthumb\\\\\\\\.php\$$"against"REQUEST_FILENAME"required.[file"/etc/apache2/conf.d/modsec_rules/50_asl_rootkits.conf"][line"244"][id"318811"][rev"5"][msg"Atomicorp.comWAFRules:	2020-03-08 03:28:06
134.209.58.45	attack	134.209.58.45 - - [07/Mar/2020:17:52:06 +0100] "POST /wp-login.php HTTP/1.1" 200 6167 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.209.58.45 - - [07/Mar/2020:17:52:07 +0100] "POST /xmlrpc.php HTTP/1.1" 200 438 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.209.58.45 - - [07/Mar/2020:20:41:59 +0100] "GET /wp-login.php HTTP/1.1" 200 5387 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-03-08 03:48:19
191.55.132.64	attack	suspicious action Sat, 07 Mar 2020 10:29:12 -0300	2020-03-08 03:57:10
58.164.12.14	attackspam	firewall-block, port(s): 8000/tcp	2020-03-08 03:22:37

Recently Reported IPs

124.149.139.134	109.191.7.145	79.221.148.32	72.238.116.199
132.255.78.193	120.241.206.210	40.82.35.86	165.231.106.7
69.12.94.122	115.217.186.47	212.120.238.44	174.138.47.183
191.167.141.231	68.161.2.228	141.24.49.115	218.27.234.211
60.9.217.29	46.217.140.230	178.9.157.28	88.160.228.67