42.112.166.157

Basic Info

City: unknown

Region: unknown

Country: Viet Nam

Internet Service Provider: FPT Telecom Company

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Jan 3 14:05:16 debian-2gb-nbg1-2 kernel: \[316043.135600\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=42.112.166.157 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=1409 PROTO=TCP SPT=43185 DPT=23 WINDOW=17985 RES=0x00 SYN URGP=0	2020-01-03 23:46:34

Type

Details

Datetime

attack

Jan  3 14:05:16 debian-2gb-nbg1-2 kernel: \[316043.135600\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=42.112.166.157 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=1409 PROTO=TCP SPT=43185 DPT=23 WINDOW=17985 RES=0x00 SYN URGP=0

2020-01-03 23:46:34

Comments on same subnet:

IP	Type	Details	Datetime
42.112.166.22	attack	Unauthorized connection attempt detected from IP address 42.112.166.22 to port 23	2019-12-31 03:17:11

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.112.166.157
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26354
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.112.166.157.			IN	A

;; AUTHORITY SECTION:
.			543	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020010300 1800 900 604800 86400

;; Query time: 110 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Jan 03 23:46:29 CST 2020
;; MSG SIZE  rcvd: 118

Host info

157.166.112.42.in-addr.arpa has no PTR record

Nslookup info:

;; Got SERVFAIL reply from 100.100.2.136, trying next server
;; Got SERVFAIL reply from 100.100.2.138, trying next server
Server:		100.100.2.138
Address:	100.100.2.138#53

** server can't find 157.166.112.42.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
51.75.144.43	attackbotsspam	Aug 30 11:11:26 srv3 sshd\[46688\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.144.43 user=root Aug 30 11:11:28 srv3 sshd\[46688\]: Failed password for root from 51.75.144.43 port 58212 ssh2 Aug 30 11:11:30 srv3 sshd\[46688\]: Failed password for root from 51.75.144.43 port 58212 ssh2 Aug 30 11:11:32 srv3 sshd\[46688\]: Failed password for root from 51.75.144.43 port 58212 ssh2 Aug 30 11:11:32 srv3 sshd\[46688\]: Failed password for root from 51.75.144.43 port 58212 ssh2 ...	2020-08-30 18:10:30
46.229.168.152	attackspam	Unauthorized access detected from black listed ip!	2020-08-30 18:31:54
159.65.149.139	attackbots	Aug 29 23:50:16 propaganda sshd[22447]: Connection from 159.65.149.139 port 37766 on 10.0.0.161 port 22 rdomain "" Aug 29 23:50:17 propaganda sshd[22447]: Connection closed by 159.65.149.139 port 37766 [preauth]	2020-08-30 18:05:40
98.121.122.212	attackbots	1598759065 - 08/30/2020 05:44:25 Host: 98.121.122.212/98.121.122.212 Port: 445 TCP Blocked	2020-08-30 18:15:47
112.65.125.190	attackspambots	(sshd) Failed SSH login from 112.65.125.190 (CN/China/-): 5 in the last 3600 secs	2020-08-30 17:52:58
167.114.103.140	attack	Aug 30 05:55:20 rocket sshd[11598]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.114.103.140 Aug 30 05:55:22 rocket sshd[11598]: Failed password for invalid user testwww from 167.114.103.140 port 60041 ssh2 ...	2020-08-30 18:05:01
176.250.246.132	attack	20/8/29@23:44:08: FAIL: Alarm-Telnet address from=176.250.246.132 ...	2020-08-30 18:26:13
93.174.93.195	attack	UDP ports : 40848 / 40851 / 40855 / 40856 / 40858 / 40861 / 40862 / 40863 / 40864 / 40868 / 40869 / 40871	2020-08-30 18:20:00
206.189.235.139	attack	WordPress wp-login brute force :: 206.189.235.139 0.156 - [30/Aug/2020:03:44:15 0000] [censored_1] "POST /wp-login.php HTTP/1.1" 200 2411 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "HTTP/1.1"	2020-08-30 18:22:04
31.192.248.116	attackbots	Icarus honeypot on github	2020-08-30 18:24:22
103.131.71.167	attackbotsspam	(mod_security) mod_security (id:210730) triggered by 103.131.71.167 (VN/Vietnam/bot-103-131-71-167.coccoc.com): 5 in the last 3600 secs	2020-08-30 18:15:23
223.223.187.2	attackbots	Unauthorized SSH login attempts	2020-08-30 18:22:50
156.206.164.152	attack	1598759072 - 08/30/2020 05:44:32 Host: 156.206.164.152/156.206.164.152 Port: 23 TCP Blocked	2020-08-30 18:10:12
45.142.120.166	attackbots	2020-08-30 12:55:16 dovecot_login authenticator failed for \(User\) \[45.142.120.166\]: 535 Incorrect authentication data \(set_id=sally@org.ua\)2020-08-30 12:55:55 dovecot_login authenticator failed for \(User\) \[45.142.120.166\]: 535 Incorrect authentication data \(set_id=three@org.ua\)2020-08-30 12:56:34 dovecot_login authenticator failed for \(User\) \[45.142.120.166\]: 535 Incorrect authentication data \(set_id=k1@org.ua\) ...	2020-08-30 18:17:32
195.228.80.166	attackspam	Automatic Fail2ban report - Trying login SSH	2020-08-30 18:32:25

Recently Reported IPs

100.136.200.204	36.63.204.180	173.124.214.35	176.181.15.114
99.240.226.117	109.218.75.55	94.244.153.174	58.115.37.200
23.66.91.23	142.127.172.145	98.51.136.212	57.127.11.251
183.6.107.68	66.189.67.177	121.91.97.3	158.211.178.255
109.252.247.230	2.182.18.154	37.49.230.124	71.92.86.115