42.112.108.4 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Viet Nam

Internet Service Provider: FPT Telecom Company

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Unauthorized connection attempt from IP address 42.112.108.4 on Port 445(SMB)	2019-10-30 06:31:58

Comments on same subnet:

IP	Type	Details	Datetime
42.112.108.255	attack	1598702863 - 08/29/2020 14:07:43 Host: 42.112.108.255/42.112.108.255 Port: 445 TCP Blocked	2020-08-30 00:43:56
42.112.108.204	attackbotsspam	03/20/2020-23:47:42.049216 42.112.108.204 Protocol: 6 ET SCAN Suspicious inbound to MSSQL port 1433	2020-03-21 18:48:02
42.112.108.80	attackbotsspam	Unauthorized connection attempt from IP address 42.112.108.80 on Port 445(SMB)	2020-03-07 09:41:34
42.112.108.68	attack	Honeypot attack, port: 445, PTR: PTR record not found	2020-02-11 02:40:02
42.112.108.253	attack	Unauthorized connection attempt from IP address 42.112.108.253 on Port 445(SMB)	2020-01-13 20:20:17
42.112.108.14	attackbotsspam	" "	2020-01-13 16:34:08
42.112.108.51	attack	Unauthorized connection attempt from IP address 42.112.108.51 on Port 445(SMB)	2019-11-06 04:26:20

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.112.108.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24139
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.112.108.4.			IN	A

;; AUTHORITY SECTION:
.			539	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019102901 1800 900 604800 86400

;; Query time: 110 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Oct 30 06:31:54 CST 2019
;; MSG SIZE  rcvd: 116

Host info

Host 4.108.112.42.in-addr.arpa not found: 2(SERVFAIL)

Nslookup info:

;; Got SERVFAIL reply from 183.60.83.19, trying next server
Server:		183.60.82.98
Address:	183.60.82.98#53

** server can't find 4.108.112.42.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
154.125.92.16	attack	Nov 6 00:04:53 finn sshd[31697]: Invalid user btftp from 154.125.92.16 port 59386 Nov 6 00:04:53 finn sshd[31697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.125.92.16 Nov 6 00:04:55 finn sshd[31697]: Failed password for invalid user btftp from 154.125.92.16 port 59386 ssh2 Nov 6 00:04:55 finn sshd[31697]: Received disconnect from 154.125.92.16 port 59386:11: Bye Bye [preauth] Nov 6 00:04:55 finn sshd[31697]: Disconnected from 154.125.92.16 port 59386 [preauth] Nov 6 00:13:05 finn sshd[1259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.125.92.16 user=r.r Nov 6 00:13:06 finn sshd[1259]: Failed password for r.r from 154.125.92.16 port 33077 ssh2 Nov 6 00:13:07 finn sshd[1259]: Received disconnect from 154.125.92.16 port 33077:11: Bye Bye [preauth] Nov 6 00:13:07 finn sshd[1259]: Disconnected from 154.125.92.16 port 33077 [preauth] ........ ----------------------------------------------- https://www.block	2019-11-06 20:30:22
114.67.80.39	attackspam	Nov 6 06:55:14 plusreed sshd[31076]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.80.39 user=root Nov 6 06:55:16 plusreed sshd[31076]: Failed password for root from 114.67.80.39 port 38462 ssh2 ...	2019-11-06 20:25:00
212.34.246.73	attackbots	2019-11-06T10:01:57.299528abusebot-5.cloudsearch.cf sshd\[6090\]: Invalid user test from 212.34.246.73 port 48690	2019-11-06 20:05:29
168.232.198.18	attackspam	SSH Brute-Force reported by Fail2Ban	2019-11-06 20:20:39
162.243.164.246	attackbots	Nov 6 06:22:35 *** sshd[15048]: User root from 162.243.164.246 not allowed because not listed in AllowUsers	2019-11-06 20:31:52
58.216.159.178	attack	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/58.216.159.178/ CN - 1H : (604) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : CN NAME ASN : ASN4134 IP : 58.216.159.178 CIDR : 58.216.128.0/17 PREFIX COUNT : 5430 UNIQUE IP COUNT : 106919680 ATTACKS DETECTED ASN4134 : 1H - 8 3H - 27 6H - 63 12H - 170 24H - 288 DateTime : 2019-11-06 07:22:26 INFO : Port MAX SCAN Scan Detected and Blocked by ADMIN - data recovery	2019-11-06 20:41:37
193.23.160.14	attackbots	2019-11-06T21:39:01.911079luisaranguren sshd[3156981]: Connection from 193.23.160.14 port 45000 on 10.10.10.6 port 22 2019-11-06T21:39:03.341794luisaranguren sshd[3156981]: Invalid user mongo from 193.23.160.14 port 45000 2019-11-06T21:39:03.354237luisaranguren sshd[3156981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.23.160.14 2019-11-06T21:39:01.911079luisaranguren sshd[3156981]: Connection from 193.23.160.14 port 45000 on 10.10.10.6 port 22 2019-11-06T21:39:03.341794luisaranguren sshd[3156981]: Invalid user mongo from 193.23.160.14 port 45000 2019-11-06T21:39:05.438672luisaranguren sshd[3156981]: Failed password for invalid user mongo from 193.23.160.14 port 45000 ssh2 ...	2019-11-06 20:26:04
93.39.104.224	attackbotsspam	Nov 6 14:04:27 server sshd\[32132\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=93-39-104-224.ip75.fastwebnet.it user=root Nov 6 14:04:29 server sshd\[32132\]: Failed password for root from 93.39.104.224 port 53082 ssh2 Nov 6 14:13:02 server sshd\[1977\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=93-39-104-224.ip75.fastwebnet.it user=root Nov 6 14:13:04 server sshd\[1977\]: Failed password for root from 93.39.104.224 port 44514 ssh2 Nov 6 14:16:33 server sshd\[2982\]: Invalid user sysop from 93.39.104.224 Nov 6 14:16:33 server sshd\[2982\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=93-39-104-224.ip75.fastwebnet.it ...	2019-11-06 20:41:17
164.68.112.178	attackbotsspam	CloudCIX Reconnaissance Scan Detected, PTR: ip-178-112-68-164.static.contabo.net.	2019-11-06 20:16:06
5.12.174.169	attack	SSH,FTP,8080, Web management Port Scan	2019-11-06 20:31:26
106.13.23.149	attack	Nov 6 19:13:51 itv-usvr-01 sshd[15015]: Invalid user 123 from 106.13.23.149 Nov 6 19:13:51 itv-usvr-01 sshd[15015]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.23.149 Nov 6 19:13:51 itv-usvr-01 sshd[15015]: Invalid user 123 from 106.13.23.149 Nov 6 19:13:53 itv-usvr-01 sshd[15015]: Failed password for invalid user 123 from 106.13.23.149 port 44678 ssh2 Nov 6 19:19:46 itv-usvr-01 sshd[15253]: Invalid user asdfasdfasdf from 106.13.23.149	2019-11-06 20:39:43
142.147.97.171	attackbots	Multiple tries to relay mail to martinlujan997@gmail.com	2019-11-06 20:09:25
45.82.153.35	attackspam	11/06/2019-06:02:35.481854 45.82.153.35 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-11-06 20:00:10
209.99.171.206	attackbotsspam	Automatic report - Banned IP Access	2019-11-06 20:12:04
159.203.201.250	attackspambots	159.203.201.250 was recorded 5 times by 5 hosts attempting to connect to the following ports: 8983,39584. Incident counter (4h, 24h, all-time): 5, 6, 14	2019-11-06 20:40:50

Recently Reported IPs

113.201.13.26	204.224.158.247	12.108.254.128	207.180.203.51
177.83.228.157	204.198.218.138	116.186.246.19	150.123.134.211
95.64.119.106	104.179.240.114	44.63.114.215	71.71.49.235
60.202.45.188	163.73.52.220	16.236.113.247	161.182.249.87
116.226.12.250	147.102.164.29	189.47.25.82	41.61.136.248