42.116.163.109

Basic Info

City: unknown

Region: unknown

Country: Viet Nam

Internet Service Provider: FPT Telecom Company

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	445/tcp [2019-06-21]1pkt	2019-06-22 07:05:51

Comments on same subnet:

IP	Type	Details	Datetime
42.116.163.199	attackspambots	Feb 4 14:47:57 grey postfix/smtpd\[17116\]: NOQUEUE: reject: RCPT from unknown\[42.116.163.199\]: 554 5.7.1 Service unavailable\; Client host \[42.116.163.199\] blocked using dul.dnsbl.sorbs.net\; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml\?42.116.163.199\; from=\ to=\ proto=ESMTP helo=\<\[42.116.163.199\]\> ...	2020-02-05 04:05:49
42.116.163.209	attack	[SMB remote code execution attempt: port tcp/445] *(RWIN=8192)(08041230)	2019-08-05 00:38:51

Type

Details

Datetime

42.116.163.199

attackspambots

Feb  4 14:47:57 grey postfix/smtpd\[17116\]: NOQUEUE: reject: RCPT from unknown\[42.116.163.199\]: 554 5.7.1 Service unavailable\; Client host \[42.116.163.199\] blocked using dul.dnsbl.sorbs.net\; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml\?42.116.163.199\; from=\ to=\ proto=ESMTP helo=\<\[42.116.163.199\]\>
...

2020-02-05 04:05:49

42.116.163.209

attack

[SMB remote code execution attempt: port tcp/445]
*(RWIN=8192)(08041230)

2019-08-05 00:38:51

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.116.163.109
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7090
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.116.163.109.			IN	A

;; AUTHORITY SECTION:
.			3341	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019062101 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Jun 22 07:05:44 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 109.163.116.42.in-addr.arpa not found: 2(SERVFAIL)

Nslookup info:

;; Got SERVFAIL reply from 67.207.67.2, trying next server
Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 109.163.116.42.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
123.21.3.200	attackbots	lfd: (smtpauth) Failed SMTP AUTH login from 123.21.3.200 (-): 5 in the last 3600 secs - Sat Jun 2 13:26:37 2018	2020-04-30 19:01:44
193.93.194.203	attackbots	Registration form abuse	2020-04-30 19:10:25
152.136.228.139	attackspam	2020-04-30T10:01:31.948548shield sshd\[26398\]: Invalid user aditya from 152.136.228.139 port 46182 2020-04-30T10:01:31.952684shield sshd\[26398\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.228.139 2020-04-30T10:01:34.085720shield sshd\[26398\]: Failed password for invalid user aditya from 152.136.228.139 port 46182 ssh2 2020-04-30T10:03:57.495242shield sshd\[26891\]: Invalid user lijin from 152.136.228.139 port 51528 2020-04-30T10:03:57.499664shield sshd\[26891\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.136.228.139	2020-04-30 19:22:12
222.186.175.202	attack	Apr 30 18:07:44 webhost01 sshd[24284]: Failed password for root from 222.186.175.202 port 20920 ssh2 Apr 30 18:07:57 webhost01 sshd[24284]: error: maximum authentication attempts exceeded for root from 222.186.175.202 port 20920 ssh2 [preauth] ...	2020-04-30 19:12:32
115.198.39.218	attackbots	lfd: (smtpauth) Failed SMTP AUTH login from 115.198.39.218 (-): 5 in the last 3600 secs - Sat Jun 2 23:46:26 2018	2020-04-30 18:52:14
124.109.35.115	attackspam	lfd: (smtpauth) Failed SMTP AUTH login from 124.109.35.115 (mbl-109-35-115.dsl.net.pk): 5 in the last 3600 secs - Sat Jun 2 13:34:14 2018	2020-04-30 18:57:06
125.122.170.56	attack	lfd: (smtpauth) Failed SMTP AUTH login from 125.122.170.56 (-): 5 in the last 3600 secs - Sat Jun 2 23:51:29 2018	2020-04-30 18:47:44
184.170.17.21	attack	lfd: (smtpauth) Failed SMTP AUTH login from 184.170.17.21 (digijmres-21-17-170-184.digicelbroadband.com): 5 in the last 3600 secs - Sat Jun 2 13:32:16 2018	2020-04-30 18:57:58
153.36.110.43	attack	Apr 29 19:42:43 auw2 sshd\[27934\]: Invalid user zb from 153.36.110.43 Apr 29 19:42:43 auw2 sshd\[27934\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.36.110.43 Apr 29 19:42:45 auw2 sshd\[27934\]: Failed password for invalid user zb from 153.36.110.43 port 22450 ssh2 Apr 29 19:46:02 auw2 sshd\[28195\]: Invalid user blade from 153.36.110.43 Apr 29 19:46:02 auw2 sshd\[28195\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.36.110.43	2020-04-30 19:27:30
3.91.174.9	attackspam	3.91.174.9 - - \[30/Apr/2020:09:22:22 +0200\] "POST /wp-login.php HTTP/1.0" 200 7021 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 3.91.174.9 - - \[30/Apr/2020:09:22:32 +0200\] "POST /wp-login.php HTTP/1.0" 200 6835 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 3.91.174.9 - - \[30/Apr/2020:09:22:42 +0200\] "POST /wp-login.php HTTP/1.0" 200 6844 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-04-30 19:17:48
54.68.7.236	attackbots	Apr 28 20:46:17 v26 sshd[16302]: Invalid user hermann from 54.68.7.236 port 56786 Apr 28 20:46:19 v26 sshd[16302]: Failed password for invalid user hermann from 54.68.7.236 port 56786 ssh2 Apr 28 20:46:20 v26 sshd[16302]: Received disconnect from 54.68.7.236 port 56786:11: Bye Bye [preauth] Apr 28 20:46:20 v26 sshd[16302]: Disconnected from 54.68.7.236 port 56786 [preauth] Apr 28 20:52:15 v26 sshd[17077]: Invalid user dongmyeong from 54.68.7.236 port 60400 Apr 28 20:52:17 v26 sshd[17077]: Failed password for invalid user dongmyeong from 54.68.7.236 port 60400 ssh2 Apr 28 20:52:17 v26 sshd[17077]: Received disconnect from 54.68.7.236 port 60400:11: Bye Bye [preauth] Apr 28 20:52:17 v26 sshd[17077]: Disconnected from 54.68.7.236 port 60400 [preauth] Apr 28 20:54:10 v26 sshd[17362]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.68.7.236 user=r.r Apr 28 20:54:13 v26 sshd[17362]: Failed password for r.r from 54.68.7.236 port 3760........ -------------------------------	2020-04-30 19:21:10
111.61.66.5	attackspambots	Brute force blocker - service: proftpd1 - aantal: 155 - Sat Jun 2 19:25:13 2018	2020-04-30 19:05:22
122.32.30.177	attackbots	lfd: (smtpauth) Failed SMTP AUTH login from 122.32.30.177 (-): 5 in the last 3600 secs - Sat Jun 2 13:33:02 2018	2020-04-30 18:57:31
178.32.205.2	attackbots	Apr 30 08:08:42 markkoudstaal sshd[12658]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.32.205.2 Apr 30 08:08:44 markkoudstaal sshd[12658]: Failed password for invalid user bot from 178.32.205.2 port 47942 ssh2 Apr 30 08:14:00 markkoudstaal sshd[13827]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.32.205.2	2020-04-30 19:13:09
115.204.28.253	attackbots	lfd: (smtpauth) Failed SMTP AUTH login from 115.204.28.253 (-): 5 in the last 3600 secs - Sat Jun 2 23:53:50 2018	2020-04-30 18:47:07

Recently Reported IPs

195.206.104.83	186.64.160.127	177.9.183.48	179.108.244.187
85.194.180.144	182.138.196.182	103.106.32.211	31.173.4.92
178.122.201.53	34.209.32.17	112.84.60.17	178.153.170.170
134.209.191.154	220.191.12.215	93.125.4.229	191.252.95.191
103.48.25.100	87.123.233.92	179.191.105.54	201.253.8.10