42.112.20.100 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Viet Nam

Internet Service Provider: FPT Telecom Company

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	42.112.20.100 - - \[31/Jul/2019:01:10:49 +0200\] "POST /wp-login.php HTTP/1.1" 200 2110 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 42.112.20.100 - - \[31/Jul/2019:01:10:51 +0200\] "POST /wp-login.php HTTP/1.1" 200 2091 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" ...	2019-07-31 08:43:22
attack	Automatic report - Banned IP Access	2019-07-15 00:36:01
attackspam	WordPress login Brute force / Web App Attack on client site.	2019-07-05 00:28:57
attackbotsspam	42.112.20.100 - - [02/Jul/2019:16:28:17 +0200] "GET /wp-login.php HTTP/1.1" 200 4403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 42.112.20.100 - - [02/Jul/2019:16:28:25 +0200] "POST /wp-login.php HTTP/1.1" 200 4403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 42.112.20.100 - - [02/Jul/2019:16:28:26 +0200] "GET /wp-login.php HTTP/1.1" 200 4403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 42.112.20.100 - - [02/Jul/2019:16:28:27 +0200] "POST /wp-login.php HTTP/1.1" 200 4403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 42.112.20.100 - - [02/Jul/2019:16:28:28 +0200] "GET /wp-login.php HTTP/1.1" 200 4403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 42.112.20.100 - - [02/Jul/2019:16:28:31 +0200] "POST /wp-login.php HTTP/1.1" 200 4403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-07-03 03:17:03
attackbots	42.112.20.100 - - \[23/Jun/2019:15:44:24 +0200\] "GET /wp-login.php HTTP/1.1" 200 1237 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 42.112.20.100 - - \[23/Jun/2019:15:44:25 +0200\] "POST /wp-login.php HTTP/1.1" 200 1632 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 42.112.20.100 - - \[23/Jun/2019:15:44:26 +0200\] "GET /wp-login.php HTTP/1.1" 200 1237 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 42.112.20.100 - - \[23/Jun/2019:15:44:28 +0200\] "POST /wp-login.php HTTP/1.1" 200 1631 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 42.112.20.100 - - \[23/Jun/2019:15:44:29 +0200\] "GET /wp-login.php HTTP/1.1" 200 1237 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 42.112.20.100 - - \[23/Jun/2019:15:44:30 +0200\] "POST /wp-login.php HTTP/1.1" 200 1630 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$	2019-06-23 23:28:51

Comments on same subnet:

IP	Type	Details	Datetime
42.112.201.39	attackspam	port scan and connect, tcp 23 (telnet)	2020-09-23 22:47:14
42.112.201.39	attackspambots	port scan and connect, tcp 23 (telnet)	2020-09-23 15:03:41
42.112.201.39	attackbots	port scan and connect, tcp 23 (telnet)	2020-09-23 06:56:07
42.112.20.32	attackbots	Sep 6 00:35:00 gospond sshd[31864]: Invalid user ftpuser from 42.112.20.32 port 52436 Sep 6 00:35:02 gospond sshd[31864]: Failed password for invalid user ftpuser from 42.112.20.32 port 52436 ssh2 Sep 6 00:35:24 gospond sshd[31874]: Invalid user clamav from 42.112.20.32 port 55880 ...	2020-09-06 21:39:45
42.112.20.32	attackspambots	Sep 6 00:35:00 gospond sshd[31864]: Invalid user ftpuser from 42.112.20.32 port 52436 Sep 6 00:35:02 gospond sshd[31864]: Failed password for invalid user ftpuser from 42.112.20.32 port 52436 ssh2 Sep 6 00:35:24 gospond sshd[31874]: Invalid user clamav from 42.112.20.32 port 55880 ...	2020-09-06 13:13:53
42.112.20.32	attack	SSH brute force attempt (f)	2020-09-06 05:30:56
42.112.205.63	attackbots	trying to access non-authorized port	2020-08-06 16:54:45
42.112.205.26	attackbots	Automatic report - Port Scan Attack	2020-07-26 18:25:24
42.112.20.32	attackspam	Report by https://patrick-binder.de ...	2020-06-16 18:42:32
42.112.205.214	attack	Honeypot attack, port: 81, PTR: PTR record not found	2020-05-21 00:29:44
42.112.203.0	attackbots	42.112.203.0 - - [15/May/2020:22:48:10 +0200] "GET / HTTP/1.1" 400 0 "-" "-"	2020-05-16 07:13:03
42.112.209.92	attackbotsspam	Unauthorized connection attempt detected from IP address 42.112.209.92 to port 445 [T]	2020-04-15 04:45:15
42.112.209.92	attackspambots	Unauthorized connection attempt from IP address 42.112.209.92 on Port 445(SMB)	2020-04-10 01:21:38
42.112.20.32	attackbots	<6 unauthorized SSH connections	2020-03-30 18:37:44
42.112.20.32	attackspam	Invalid user admin from 42.112.20.32 port 59148	2020-03-26 07:19:43

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.112.20.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33445
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.112.20.100.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019060701 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Jun 08 05:24:45 CST 2019
;; MSG SIZE  rcvd: 117

Host info

Host 100.20.112.42.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 100.20.112.42.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
181.41.216.143	attack	Nov 28 07:16:06 staklim-malang postfix/smtpd[20431]: 57C4D227CE: reject: RCPT from unknown[181.41.216.143]: 550 5.1.1 : Recipient address rejected: User unknown in local recipient table; from=<27cm1ch9dwnre@zspo.ru> to= proto=ESMTP helo=<[181.41.216.131]> ...	2019-11-28 08:40:04
51.75.207.61	attack	$f2bV_matches	2019-11-28 08:58:42
104.248.159.69	attack	Automatic report - Banned IP Access	2019-11-28 08:28:12
206.189.165.94	attackbotsspam	Nov 28 01:15:11 ns381471 sshd[8542]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.165.94 Nov 28 01:15:13 ns381471 sshd[8542]: Failed password for invalid user janczyn from 206.189.165.94 port 48048 ssh2	2019-11-28 08:56:25
113.234.48.39	attack	Nov 27 23:56:55 host proftpd[44709]: 0.0.0.0 (113.234.48.39[113.234.48.39]) - USER anonymous: no such user found from 113.234.48.39 [113.234.48.39] to 62.210.146.38:21 ...	2019-11-28 08:56:59
157.100.234.45	attackbots	2019-11-27T23:35:25.222120ns386461 sshd\[14056\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.100.234.45 user=root 2019-11-27T23:35:27.174597ns386461 sshd\[14056\]: Failed password for root from 157.100.234.45 port 41474 ssh2 2019-11-27T23:49:54.506174ns386461 sshd\[26421\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.100.234.45 user=ftp 2019-11-27T23:49:56.086599ns386461 sshd\[26421\]: Failed password for ftp from 157.100.234.45 port 38832 ssh2 2019-11-27T23:56:57.692457ns386461 sshd\[32669\]: Invalid user rpm from 157.100.234.45 port 46322 2019-11-27T23:56:57.697285ns386461 sshd\[32669\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.100.234.45 ...	2019-11-28 08:55:40
34.73.39.215	attackspam	Nov 28 01:02:26 MK-Soft-VM4 sshd[32419]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.73.39.215 Nov 28 01:02:28 MK-Soft-VM4 sshd[32419]: Failed password for invalid user yxh123789 from 34.73.39.215 port 38324 ssh2 ...	2019-11-28 09:03:29
139.18.76.108	attackbotsspam	Nov 27 19:50:54 firewall sshd[17158]: Invalid user server from 139.18.76.108 Nov 27 19:50:57 firewall sshd[17158]: Failed password for invalid user server from 139.18.76.108 port 57304 ssh2 Nov 27 19:56:49 firewall sshd[17281]: Invalid user server from 139.18.76.108 ...	2019-11-28 09:00:17
61.6.247.92	attack	(imapd) Failed IMAP login from 61.6.247.92 (BN/Brunei/92-247.adsl.static.espeed.com.bn): 1 in the last 3600 secs	2019-11-28 08:54:07
46.166.151.47	attackbots	\[2019-11-27 19:19:11\] SECURITY\[2765\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-11-27T19:19:11.546-0500",Severity="Error",Service="SIP",EventVersion="1",AccountID="001146462607501",SessionID="0x7f26c445f668",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/46.166.151.47/52396",ACLName="no_extension_match" \[2019-11-27 19:20:37\] SECURITY\[2765\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-11-27T19:20:37.736-0500",Severity="Error",Service="SIP",EventVersion="1",AccountID="0001146462607501",SessionID="0x7f26c4bb3d98",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/46.166.151.47/59936",ACLName="no_extension_match" \[2019-11-27 19:22:07\] SECURITY\[2765\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-11-27T19:22:07.045-0500",Severity="Error",Service="SIP",EventVersion="1",AccountID="001546462607501",SessionID="0x7f26c4bb3d98",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/46.166.151.47/58231",ACLName="no_ex	2019-11-28 08:29:46
146.196.55.181	attackbots	Detected by Maltrail	2019-11-28 08:48:57
178.128.234.200	attackspambots	Masscan Port Scanning Tool Detection	2019-11-28 08:46:24
122.154.56.206	attack	2019-11-27 16:56:54 H=(customer.worldstream.nl) [122.154.56.206]:44195 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3, 127.0.0.4) (https://www.spamhaus.org/sbl/query/SBLCSS) 2019-11-27 16:56:55 H=(customer.worldstream.nl) [122.154.56.206]:44195 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.4, 127.0.0.3) (https://www.spamhaus.org/query/ip/122.154.56.206) 2019-11-27 16:56:56 H=(customer.worldstream.nl) [122.154.56.206]:44195 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.4, 127.0.0.3) (https://www.spamhaus.org/query/ip/122.154.56.206) ...	2019-11-28 08:56:44
159.89.165.36	attackspam	Nov 27 14:20:03 web9 sshd\[22732\]: Invalid user ident from 159.89.165.36 Nov 27 14:20:03 web9 sshd\[22732\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.165.36 Nov 27 14:20:05 web9 sshd\[22732\]: Failed password for invalid user ident from 159.89.165.36 port 34890 ssh2 Nov 27 14:26:59 web9 sshd\[23622\]: Invalid user truus from 159.89.165.36 Nov 27 14:26:59 web9 sshd\[23622\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.165.36	2019-11-28 08:35:27
115.85.218.224	attackspambots	port scan/probe/communication attempt; port 23	2019-11-28 09:02:15

Recently Reported IPs

114.242.245.251	211.62.147.132	114.225.67.176	198.235.159.51
188.60.152.20	91.207.60.21	85.90.234.79	93.82.217.188
70.120.4.196	51.203.211.220	151.194.54.4	207.156.96.250
66.197.10.88	54.33.1.67	123.241.207.71	36.20.6.131
106.160.35.166	50.82.95.167	82.252.128.68	120.187.71.150