27.100.42.2 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Thailand

Internet Service Provider: Advanced Info Service Public Company Limited

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Attempt to attack host OS, exploiting network vulnerabilities, on 16-11-2019 06:20:33.	2019-11-16 20:17:48

Comments on same subnet:

IP	Type	Details	Datetime
27.100.42.1	attackspambots	Unauthorized connection attempt from IP address 27.100.42.1 on Port 445(SMB)	2020-02-10 01:39:56
27.100.42.0	attack	Unauthorized connection attempt from IP address 27.100.42.0 on Port 445(SMB)	2019-10-20 00:08:39

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 27.100.42.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46118
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;27.100.42.2.			IN	A

;; AUTHORITY SECTION:
.			595	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019111600 1800 900 604800 86400

;; Query time: 112 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Nov 16 20:17:38 CST 2019
;; MSG SIZE  rcvd: 115

Host info

Host 2.42.100.27.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 2.42.100.27.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
36.112.104.194	attack	Coordinated SSH brute-force attack from different IPs. pam_unix(sshd:auth):	2020-07-25 13:28:15
193.32.161.147	attackspam	Port scan: Attack repeated for 24 hours	2020-07-25 13:17:47
163.172.167.225	attackbotsspam	Jul 25 05:06:22 web8 sshd\[32594\]: Invalid user we from 163.172.167.225 Jul 25 05:06:22 web8 sshd\[32594\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.167.225 Jul 25 05:06:24 web8 sshd\[32594\]: Failed password for invalid user we from 163.172.167.225 port 57942 ssh2 Jul 25 05:10:03 web8 sshd\[2014\]: Invalid user git from 163.172.167.225 Jul 25 05:10:03 web8 sshd\[2014\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.167.225	2020-07-25 13:13:48
219.137.53.23	attack	Jul 25 06:59:48 PorscheCustomer sshd[5275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.137.53.23 Jul 25 06:59:50 PorscheCustomer sshd[5275]: Failed password for invalid user aar from 219.137.53.23 port 22328 ssh2 Jul 25 07:04:30 PorscheCustomer sshd[5405]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.137.53.23 ...	2020-07-25 13:10:39
152.136.17.25	attackspambots	Jul 25 08:00:00 journals sshd\[3981\]: Invalid user nicole from 152.136.17.25 Jul 25 08:00:00 journals sshd\[3981\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.17.25 Jul 25 08:00:02 journals sshd\[3981\]: Failed password for invalid user nicole from 152.136.17.25 port 43156 ssh2 Jul 25 08:06:30 journals sshd\[4665\]: Invalid user ema from 152.136.17.25 Jul 25 08:06:30 journals sshd\[4665\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.17.25 ...	2020-07-25 13:18:58
115.171.86.128	attack	Automatic Fail2ban report - Trying login SSH	2020-07-25 13:23:57
111.72.194.105	attackspambots	Jul 25 06:49:42 srv01 postfix/smtpd\[7689\]: warning: unknown\[111.72.194.105\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 25 06:53:11 srv01 postfix/smtpd\[7689\]: warning: unknown\[111.72.194.105\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 25 06:53:23 srv01 postfix/smtpd\[7689\]: warning: unknown\[111.72.194.105\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 25 06:53:39 srv01 postfix/smtpd\[7689\]: warning: unknown\[111.72.194.105\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 25 06:54:01 srv01 postfix/smtpd\[7689\]: warning: unknown\[111.72.194.105\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-07-25 13:09:15
79.129.117.118	attack	Attempting to exploit via a http POST	2020-07-25 13:24:24
186.96.199.218	attackspam	Brute force attempt	2020-07-25 13:18:39
181.59.252.136	attack	Invalid user hewenlong from 181.59.252.136 port 40208	2020-07-25 13:08:10
106.12.205.137	attack	Jul 25 06:06:35 rocket sshd[5082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.205.137 Jul 25 06:06:37 rocket sshd[5082]: Failed password for invalid user contactus from 106.12.205.137 port 37842 ssh2 ...	2020-07-25 13:14:40
193.35.51.13	attack	Jul 25 07:23:00 srv1 postfix/smtpd[19700]: warning: unknown[193.35.51.13]: SASL LOGIN authentication failed: authentication failure Jul 25 07:23:02 srv1 postfix/smtpd[19700]: warning: unknown[193.35.51.13]: SASL LOGIN authentication failed: authentication failure Jul 25 07:37:22 srv1 postfix/smtpd[32306]: warning: unknown[193.35.51.13]: SASL LOGIN authentication failed: authentication failure Jul 25 07:37:24 srv1 postfix/smtpd[32306]: warning: unknown[193.35.51.13]: SASL LOGIN authentication failed: authentication failure Jul 25 07:47:20 srv1 postfix/smtpd[25512]: warning: unknown[193.35.51.13]: SASL LOGIN authentication failed: authentication failure ...	2020-07-25 13:49:39
37.187.7.95	attack	$f2bV_matches	2020-07-25 13:26:37
61.72.255.26	attack	Jul 25 05:46:51 ajax sshd[10836]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.72.255.26 Jul 25 05:46:53 ajax sshd[10836]: Failed password for invalid user joanna from 61.72.255.26 port 52744 ssh2	2020-07-25 13:46:56
123.56.26.222	attackspambots	123.56.26.222 - - \[25/Jul/2020:05:54:07 +0200\] "POST /wp-login.php HTTP/1.0" 200 5924 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 123.56.26.222 - - \[25/Jul/2020:05:54:10 +0200\] "POST /wp-login.php HTTP/1.0" 200 5737 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 123.56.26.222 - - \[25/Jul/2020:05:54:11 +0200\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-07-25 13:52:09

Recently Reported IPs

119.27.165.198	170.83.240.225	130.0.35.62	120.29.77.165
118.69.116.52	118.194.226.100	151.184.170.193	117.241.247.239
245.101.228.55	24.157.143.154	113.254.211.100	103.233.122.55
103.99.37.39	148.121.103.20	1.55.227.84	112.225.253.170
216.6.152.52	213.39.181.205	204.132.77.54	173.245.52.79