42.2.71.102 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Hong Kong

Internet Service Provider: Hong Kong Telecommunications (HKT) Limited

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	port scan and connect, tcp 23 (telnet)	2019-11-18 23:20:53

Comments on same subnet:

IP	Type	Details	Datetime
42.2.71.83	attack	Honeypot attack, port: 5555, PTR: 42-2-71-083.static.netvigator.com.	2020-05-07 12:45:34
42.2.71.199	attackbotsspam	Unauthorized connection attempt detected from IP address 42.2.71.199 to port 5555 [J]	2020-01-27 00:53:51
42.2.71.94	attackbotsspam	Connection by 42.2.71.94 on port: 23 got caught by honeypot at 11/24/2019 5:24:41 AM	2019-11-24 18:05:09

Type

Details

Datetime

42.2.71.83

attack

Honeypot attack, port: 5555, PTR: 42-2-71-083.static.netvigator.com.

2020-05-07 12:45:34

42.2.71.199

attackbotsspam

Unauthorized connection attempt detected from IP address 42.2.71.199 to port 5555 [J]

2020-01-27 00:53:51

42.2.71.94

attackbotsspam

Connection by 42.2.71.94 on port: 23 got caught by honeypot at 11/24/2019 5:24:41 AM

2019-11-24 18:05:09

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.2.71.102
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23079
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.2.71.102.			IN	A

;; AUTHORITY SECTION:
.			484	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019111800 1800 900 604800 86400

;; Query time: 109 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Nov 18 23:20:45 CST 2019
;; MSG SIZE  rcvd: 115

Host info

102.71.2.42.in-addr.arpa domain name pointer 42-2-71-102.static.netvigator.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
102.71.2.42.in-addr.arpa	name = 42-2-71-102.static.netvigator.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
183.171.75.254	attack	183.171.75.254 - - \[27/Aug/2020:08:53:37 +0200\] "POST /wp-login.php HTTP/1.0" 200 6718 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 183.171.75.254 - - \[27/Aug/2020:08:53:41 +0200\] "POST /wp-login.php HTTP/1.0" 200 6548 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 183.171.75.254 - - \[27/Aug/2020:08:53:44 +0200\] "POST /wp-login.php HTTP/1.0" 200 6542 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-08-27 18:28:50
121.226.143.184	attack	/phpmyadmin/	2020-08-27 18:56:51
52.91.236.243	attackspam	Lines containing failures of 52.91.236.243 (max 1000) Aug 26 01:40:37 nexus sshd[3162]: Invalid user dxp from 52.91.236.243 port 57820 Aug 26 01:40:37 nexus sshd[3162]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.91.236.243 Aug 26 01:40:38 nexus sshd[3162]: Failed password for invalid user dxp from 52.91.236.243 port 57820 ssh2 Aug 26 01:40:39 nexus sshd[3162]: Received disconnect from 52.91.236.243 port 57820:11: Bye Bye [preauth] Aug 26 01:40:39 nexus sshd[3162]: Disconnected from 52.91.236.243 port 57820 [preauth] Aug 26 01:44:59 nexus sshd[3215]: Invalid user seed from 52.91.236.243 port 44282 Aug 26 01:44:59 nexus sshd[3215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.91.236.243 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=52.91.236.243	2020-08-27 18:59:38
8.24.110.196	attackbots	Brute forcing email accounts	2020-08-27 18:45:58
173.249.32.150	attack	Aug 27 06:46:42 hidden kernel: [UFW BLOCK] IN=ens192 OUT= MAC=00:50:56:bc:13:b8:00:07:7d:bd:41:7f:08:00 SRC=173.249.32.150 DST=217.198.117.163 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=58381 PROTO=TCP SPT=43516 DPT=8085 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 27 06:47:43 hidden kernel: [UFW BLOCK] IN=ens192 OUT= MAC=00:50:56:bc:13:b8:00:07:7d:bd:41:7f:08:00 SRC=173.249.32.150 DST=217.198.117.163 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=51831 PROTO=TCP SPT=43643 DPT=8086 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 27 06:50:21 hidden kernel: [UFW BLOCK] IN=ens192 OUT= MAC=00:50:56:bc:13:b8:00:07:7d:bd:41:7f:08:00 SRC=173.249.32.150 DST=217.198.117.163 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=33877 PROTO=TCP SPT=43766 DPT=8087 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 27 06:51:41 hidden kernel: [UFW BLOCK] IN=ens192 OUT= MAC=00:50:56:bc:13:b8:00:07:7d:bd:41:7f:08:00 SRC=173.249.32.150 DST=217.198.117.163 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=16847 PROTO=TCP SPT=43883 DPT=8088 WINDOW=1024 RES=0x00 SYN URGP=0 Aug ...	2020-08-27 18:59:12
218.4.172.234	attackspam	Aug 24 13:06:07 s5 sshd[13957]: Invalid user chs from 218.4.172.234 port 31828 Aug 24 13:06:07 s5 sshd[13957]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.4.172.234 Aug 24 13:06:09 s5 sshd[13957]: Failed password for invalid user chs from 218.4.172.234 port 31828 ssh2 Aug 24 13:14:51 s5 sshd[14914]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.4.172.234 user=r.r Aug 24 13:14:53 s5 sshd[14914]: Failed password for r.r from 218.4.172.234 port 52696 ssh2 Aug 24 13:17:17 s5 sshd[15214]: Invalid user rupesh from 218.4.172.234 port 28864 Aug 24 13:17:17 s5 sshd[15214]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.4.172.234 Aug 24 13:17:20 s5 sshd[15214]: Failed password for invalid user rupesh from 218.4.172.234 port 28864 ssh2 Aug 24 13:19:38 s5 sshd[15291]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh rus........ ------------------------------	2020-08-27 18:30:55
45.230.202.66	attack	Automatic report - Port Scan Attack	2020-08-27 19:15:20
73.204.192.86	attackbots	2020-08-27T03:43:40.115864abusebot-4.cloudsearch.cf sshd[24408]: Invalid user tortoise from 73.204.192.86 port 45670 2020-08-27T03:43:40.127247abusebot-4.cloudsearch.cf sshd[24408]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=c-73-204-192-86.hsd1.fl.comcast.net 2020-08-27T03:43:40.115864abusebot-4.cloudsearch.cf sshd[24408]: Invalid user tortoise from 73.204.192.86 port 45670 2020-08-27T03:43:42.536103abusebot-4.cloudsearch.cf sshd[24408]: Failed password for invalid user tortoise from 73.204.192.86 port 45670 ssh2 2020-08-27T03:43:43.577968abusebot-4.cloudsearch.cf sshd[24410]: Invalid user to from 73.204.192.86 port 45908 2020-08-27T03:43:43.583727abusebot-4.cloudsearch.cf sshd[24410]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=c-73-204-192-86.hsd1.fl.comcast.net 2020-08-27T03:43:43.577968abusebot-4.cloudsearch.cf sshd[24410]: Invalid user to from 73.204.192.86 port 45908 2020-08-27T03:43:45.7375 ...	2020-08-27 18:52:30
120.201.0.164	attack	Aug 26 05:38:06 ns01 sshd[3349]: Invalid user cdc from 120.201.0.164 Aug 26 05:38:06 ns01 sshd[3349]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.201.0.164 Aug 26 05:38:08 ns01 sshd[3349]: Failed password for invalid user cdc from 120.201.0.164 port 61678 ssh2 Aug 26 05:48:18 ns01 sshd[3754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.201.0.164 user=r.r Aug 26 05:48:20 ns01 sshd[3754]: Failed password for r.r from 120.201.0.164 port 47101 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=120.201.0.164	2020-08-27 18:58:23
34.67.40.88	attack	Aug 24 08:53:33 finn sshd[13151]: Invalid user odoo from 34.67.40.88 port 33836 Aug 24 08:53:33 finn sshd[13151]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.67.40.88 Aug 24 08:53:35 finn sshd[13151]: Failed password for invalid user odoo from 34.67.40.88 port 33836 ssh2 Aug 24 08:53:35 finn sshd[13151]: Received disconnect from 34.67.40.88 port 33836:11: Bye Bye [preauth] Aug 24 08:53:35 finn sshd[13151]: Disconnected from 34.67.40.88 port 33836 [preauth] Aug 24 09:03:11 finn sshd[15983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.67.40.88 user=r.r Aug 24 09:03:12 finn sshd[15983]: Failed password for r.r from 34.67.40.88 port 46050 ssh2 Aug 24 09:03:12 finn sshd[15983]: Received disconnect from 34.67.40.88 port 46050:11: Bye Bye [preauth] Aug 24 09:03:12 finn sshd[15983]: Disconnected from 34.67.40.88 port 46050 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.	2020-08-27 18:36:43
87.246.7.130	attackspambots	Attempted Brute Force (dovecot)	2020-08-27 18:39:27
219.155.93.77	attackbots	Lines containing failures of 219.155.93.77 Aug 26 05:03:50 shared01 sshd[25828]: Invalid user fer from 219.155.93.77 port 55041 Aug 26 05:03:50 shared01 sshd[25828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.155.93.77 Aug 26 05:03:51 shared01 sshd[25828]: Failed password for invalid user fer from 219.155.93.77 port 55041 ssh2 Aug 26 05:03:51 shared01 sshd[25828]: Received disconnect from 219.155.93.77 port 55041:11: Bye Bye [preauth] Aug 26 05:03:51 shared01 sshd[25828]: Disconnected from invalid user fer 219.155.93.77 port 55041 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=219.155.93.77	2020-08-27 19:01:51
187.209.251.226	attackbots	Brute Force	2020-08-27 19:09:04
91.229.112.5	attack	ET CINS Active Threat Intelligence Poor Reputation IP group 77 - port: 1994 proto: tcp cat: Misc Attackbytes: 60	2020-08-27 18:59:58
65.49.20.67	attackspam	Port 22 Scan, PTR: None	2020-08-27 19:10:40

Recently Reported IPs

14.177.154.2	159.146.28.2	145.14.145.54	196.149.177.209
129.211.18.7	88.203.158.8	42.200.76.1	131.0.95.2
105.225.61.206	51.68.124.1	51.38.57.1	49.235.196.118
249.71.16.170	61.52.197.28	187.228.84.1	0.120.138.144
167.250.162.1	63.113.93.122	95.121.20.2	78.137.8.1