42.117.24.21 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Viet Nam

Internet Service Provider: FPT Telecom Company

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Unauthorized connection attempt detected from IP address 42.117.24.21 to port 23	2020-01-02 21:01:11

Comments on same subnet:

IP	Type	Details	Datetime
42.117.243.21	attackspam	MultiHost/MultiPort Probe, Scan, Hack -	2020-03-03 04:33:07
42.117.24.124	attackspambots	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-28 22:46:22
42.117.24.212	attackspambots	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-28 22:40:04
42.117.241.160	attackspambots	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-28 22:37:58
42.117.243.21	attackspambots	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-28 22:31:51
42.117.244.232	attackspambots	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-28 22:28:20
42.117.246.27	attackbotsspam	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-28 22:25:04
42.117.246.76	attackspam	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-28 22:23:34
42.117.246.98	attackbots	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-28 22:16:41
42.117.243.190	attackbots	suspicious action Mon, 24 Feb 2020 20:22:04 -0300	2020-02-25 11:19:55
42.117.247.167	attack	Unauthorized connection attempt detected from IP address 42.117.247.167 to port 23 [J]	2020-02-23 13:45:06
42.117.242.70	attackbots	Port probing on unauthorized port 26	2020-02-23 05:03:19
42.117.24.227	attackspambots	unauthorized connection attempt	2020-02-19 16:07:12
42.117.241.219	attackbots	unauthorized connection attempt	2020-02-16 17:06:37
42.117.243.37	attackbotsspam	Unauthorized connection attempt detected from IP address 42.117.243.37 to port 23 [J]	2020-01-28 21:13:41

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.117.24.21
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55679
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.117.24.21.			IN	A

;; AUTHORITY SECTION:
.			597	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020010200 1800 900 604800 86400

;; Query time: 620 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Jan 02 21:01:07 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 21.24.117.42.in-addr.arpa not found: 2(SERVFAIL)

Nslookup info:

;; Got SERVFAIL reply from 100.100.2.136, trying next server
;; Got SERVFAIL reply from 100.100.2.138, trying next server
Server:		100.100.2.138
Address:	100.100.2.138#53

** server can't find 21.24.117.42.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
185.86.164.110	attack	WordPress login Brute force / Web App Attack on client site.	2019-12-22 17:05:39
51.158.120.115	attack	Dec 22 09:30:01 root sshd[23212]: Failed password for root from 51.158.120.115 port 42134 ssh2 Dec 22 09:34:47 root sshd[23259]: Failed password for mysql from 51.158.120.115 port 46052 ssh2 ...	2019-12-22 16:43:50
180.250.115.93	attack	Dec 22 10:10:25 legacy sshd[12660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.250.115.93 Dec 22 10:10:27 legacy sshd[12660]: Failed password for invalid user test from 180.250.115.93 port 34743 ssh2 Dec 22 10:17:12 legacy sshd[12909]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.250.115.93 ...	2019-12-22 17:19:34
193.70.38.80	attack	Invalid user sheppard from 193.70.38.80 port 45206	2019-12-22 17:16:43
87.246.7.35	attackspam	2019-12-22T09:39:17.394652www postfix/smtpd[12275]: warning: unknown[87.246.7.35]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-12-22T09:39:49.171534www postfix/smtpd[12275]: warning: unknown[87.246.7.35]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-12-22T09:40:20.135654www postfix/smtpd[12275]: warning: unknown[87.246.7.35]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2019-12-22 16:44:29
115.79.60.104	attack	Dec 22 06:21:37 yesfletchmain sshd\[28366\]: Invalid user steeves from 115.79.60.104 port 47844 Dec 22 06:21:37 yesfletchmain sshd\[28366\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.79.60.104 Dec 22 06:21:39 yesfletchmain sshd\[28366\]: Failed password for invalid user steeves from 115.79.60.104 port 47844 ssh2 Dec 22 06:28:20 yesfletchmain sshd\[28858\]: User sshd from 115.79.60.104 not allowed because not listed in AllowUsers Dec 22 06:28:20 yesfletchmain sshd\[28858\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.79.60.104 user=sshd ...	2019-12-22 17:02:19
101.71.28.72	attackspambots	Dec 22 10:00:42 meumeu sshd[28694]: Failed password for root from 101.71.28.72 port 39181 ssh2 Dec 22 10:05:48 meumeu sshd[29376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.71.28.72 Dec 22 10:05:49 meumeu sshd[29376]: Failed password for invalid user makayla from 101.71.28.72 port 57816 ssh2 ...	2019-12-22 17:11:58
52.142.216.102	attack	$f2bV_matches	2019-12-22 16:49:23
175.22.167.76	attack	Port Scan	2019-12-22 16:53:00
191.7.152.13	attackbots	Dec 22 08:34:57 zeus sshd[6989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.7.152.13 Dec 22 08:34:59 zeus sshd[6989]: Failed password for invalid user wip from 191.7.152.13 port 44968 ssh2 Dec 22 08:41:50 zeus sshd[7239]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.7.152.13 Dec 22 08:41:53 zeus sshd[7239]: Failed password for invalid user guest from 191.7.152.13 port 51518 ssh2	2019-12-22 16:51:04
148.251.48.231	attackspam	Dec 22 07:19:45 vmd46246 kernel: [906969.597971] [UFW AUDIT INVALID] IN=eth0 OUT= MAC=00:50:56:3e:fb:88:28:99:3a:4d:23:91:08:00 SRC=148.251.48.231 DST=144.91.112.181 LEN=44 TOS=0x00 PREC=0x00 TTL=61 ID=26514 PROTO=TCP SPT=50002 DPT=51437 WINDOW=16384 RES=0x00 ACK SYN URGP=0 Dec 22 07:19:45 vmd46246 kernel: [906969.598004] [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3e:fb:88:28:99:3a:4d:23:91:08:00 SRC=148.251.48.231 DST=144.91.112.181 LEN=44 TOS=0x00 PREC=0x00 TTL=61 ID=26514 PROTO=TCP SPT=50002 DPT=51437 WINDOW=16384 RES=0x00 ACK SYN URGP=0 Dec 22 07:28:20 vmd46246 kernel: [907485.363715] [UFW AUDIT INVALID] IN=eth0 OUT= MAC=00:50:56:3e:fb:88:28:99:3a:4d:23:91:08:00 SRC=148.251.48.231 DST=144.91.112.181 LEN=44 TOS=0x00 PREC=0x00 TTL=61 ID=55993 PROTO=TCP SPT=50002 DPT=41231 WINDOW=16384 RES=0x00 ACK SYN URGP=0 Dec 22 07:28:20 vmd46246 kernel: [907485.363755] [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3e:fb:88:28:99:3a:4d:23:91:08:00 SRC=148.251.48.231 DST=144.91.112.181 LEN=44 TOS=0x00 PREC=0 ...	2019-12-22 17:03:52
162.243.61.72	attack	Dec 22 08:11:44 unicornsoft sshd\[12165\]: Invalid user toyooka from 162.243.61.72 Dec 22 08:11:44 unicornsoft sshd\[12165\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.243.61.72 Dec 22 08:11:46 unicornsoft sshd\[12165\]: Failed password for invalid user toyooka from 162.243.61.72 port 36646 ssh2	2019-12-22 17:13:54
183.253.23.208	attack	Dec 19 18:58:13 sanyalnet-awsem3-1 sshd[10493]: Connection from 183.253.23.208 port 30966 on 172.30.0.184 port 22 Dec 19 18:58:22 sanyalnet-awsem3-1 sshd[10493]: Invalid user fnjoroge from 183.253.23.208 Dec 19 18:58:22 sanyalnet-awsem3-1 sshd[10493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.253.23.208 Dec 19 18:58:24 sanyalnet-awsem3-1 sshd[10493]: Failed password for invalid user fnjoroge from 183.253.23.208 port 30966 ssh2 Dec 19 18:58:25 sanyalnet-awsem3-1 sshd[10493]: Received disconnect from 183.253.23.208: 11: Bye Bye [preauth] Dec 19 19:28:56 sanyalnet-awsem3-1 sshd[11507]: Connection from 183.253.23.208 port 31688 on 172.30.0.184 port 22 Dec 19 19:29:07 sanyalnet-awsem3-1 sshd[11507]: User r.r from 183.253.23.208 not allowed because not listed in AllowUsers Dec 19 19:29:07 sanyalnet-awsem3-1 sshd[11507]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.253.23.208 use........ -------------------------------	2019-12-22 16:52:36
218.92.0.131	attack	Dec 22 09:37:03 SilenceServices sshd[9149]: Failed password for root from 218.92.0.131 port 32551 ssh2 Dec 22 09:37:16 SilenceServices sshd[9149]: error: maximum authentication attempts exceeded for root from 218.92.0.131 port 32551 ssh2 [preauth] Dec 22 09:37:22 SilenceServices sshd[9235]: Failed password for root from 218.92.0.131 port 40203 ssh2	2019-12-22 16:54:46
103.123.160.199	attackbotsspam	[SunDec2207:28:33.8723452019][:error][pid13866:tid47392735508224][client103.123.160.199:1969][client103.123.160.199]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"$\?:\\\\\\\\\(chr\?\\\\\\\\\(\?[0-9]{1\,3}\?\\\\\\\\$\\|\?=\?f$\?:open\\|write$\?\\\\\\\\$\\|\\\\\\\\b\(\?:passthru\\|serialize\\|php_uname\\|phpinfo\\|shell_exec\\|preg_\\\\\\\\w \\|mysql_query\\|exec\\|eval\\|base64_decode\\|decode_base64\\|rot13\\|base64_url_decode\\|gz\(\?:inflate\\|decode\\|uncompress$\\|strrev\\|zlib_\\\\\\\\w \)\\\\\\\\b\?\(\?..."atARGS:admin.[file"/usr/local/apache.ea3/conf/modsec_rules/10_asl_rules.conf"][line"767"][id"340095"][rev"53"][msg"Atomicorp.comWAFRules:AttackBlocked-PHPfunctioninArgument-thismaybeanattack."][data"die\(@md5\,ARGS:admin"][severity"CRITICAL"][hostname"148.251.104.80"][uri"/Admin5068fb94/Login.php"][unique_id"Xf8NEbIdLe-B1tqMzDVtlQAAAJg"][SunDec2207:28:35.9977392019][:error][pid13624:tid47392725001984][client103.123.160.199:2568][client103.123.160.199]ModSecurity:Accessdeniedwithco	2019-12-22 16:47:49

Recently Reported IPs

1.53.242.65	44.29.143.181	106.109.69.68	2.99.61.105
39.116.198.231	217.97.17.40	218.108.36.183	81.129.0.23
85.51.186.19	106.89.220.112	218.6.244.186	216.177.83.9
215.121.120.105	81.188.211.96	81.251.86.220	79.46.196.83
98.217.111.96	191.205.146.181	214.242.19.80	47.214.58.166