61.142.131.103

Basic Info

City: unknown

Region: Guangdong

Country: China

Internet Service Provider: ChinaNet Guangdong Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	DATE:2019-11-07 07:27:29, IP:61.142.131.103, PORT:1433 - MSSQL brute force auth on a honeypot server (epe-dc)	2019-11-07 17:02:25

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 61.142.131.103
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1820
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;61.142.131.103.			IN	A

;; AUTHORITY SECTION:
.			120	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019110700 1800 900 604800 86400

;; Query time: 128 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Nov 07 17:02:20 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 103.131.142.61.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 103.131.142.61.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
77.201.222.249	attackspam	$f2bV_matches	2020-01-17 06:13:18
222.186.30.218	attackspambots	Jan 16 22:51:22 dev0-dcde-rnet sshd[20890]: Failed password for root from 222.186.30.218 port 59334 ssh2 Jan 16 22:54:09 dev0-dcde-rnet sshd[20998]: Failed password for root from 222.186.30.218 port 56961 ssh2	2020-01-17 06:18:05
94.198.110.205	attackbotsspam	Unauthorized connection attempt detected from IP address 94.198.110.205 to port 2220 [J]	2020-01-17 06:09:47
37.114.190.157	attackspam	smtp probe/invalid login attempt	2020-01-17 06:17:12
104.244.74.97	attackbotsspam	xmlrpc attack	2020-01-17 06:20:19
222.186.173.238	attackbots	2020-01-14 09:46:45 -> 2020-01-16 15:04:37 : 81 login attempts (222.186.173.238)	2020-01-17 06:19:23
202.102.90.229	attackspam	Unauthorized connection attempt detected from IP address 202.102.90.229 to port 7001 [T]	2020-01-17 06:27:06
222.186.169.194	attackspam	2020-01-14 07:41:53 -> 2020-01-16 22:13:42 : 117 login attempts (222.186.169.194)	2020-01-17 06:15:52
171.38.221.156	attackbotsspam	Unauthorized connection attempt detected from IP address 171.38.221.156 to port 23 [T]	2020-01-17 06:30:08
121.229.7.115	attackspam	Unauthorized connection attempt detected from IP address 121.229.7.115 to port 1433 [J]	2020-01-17 06:34:44
106.12.59.23	attackspam	Jan 16 23:35:57 docs sshd\[32004\]: Invalid user johnson from 106.12.59.23Jan 16 23:36:00 docs sshd\[32004\]: Failed password for invalid user johnson from 106.12.59.23 port 46700 ssh2Jan 16 23:38:38 docs sshd\[32060\]: Failed password for root from 106.12.59.23 port 36636 ssh2Jan 16 23:41:10 docs sshd\[32113\]: Invalid user bill from 106.12.59.23Jan 16 23:41:12 docs sshd\[32113\]: Failed password for invalid user bill from 106.12.59.23 port 54816 ssh2Jan 16 23:43:59 docs sshd\[32176\]: Failed password for root from 106.12.59.23 port 44748 ssh2 ...	2020-01-17 06:18:44
42.99.117.44	attack	Jan 16 16:11:59 cumulus sshd[3872]: Invalid user mmm from 42.99.117.44 port 56058 Jan 16 16:11:59 cumulus sshd[3872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.99.117.44 Jan 16 16:12:01 cumulus sshd[3872]: Failed password for invalid user mmm from 42.99.117.44 port 56058 ssh2 Jan 16 16:12:02 cumulus sshd[3872]: Received disconnect from 42.99.117.44 port 56058:11: Bye Bye [preauth] Jan 16 16:12:02 cumulus sshd[3872]: Disconnected from 42.99.117.44 port 56058 [preauth] Jan 16 16:19:34 cumulus sshd[4171]: Invalid user mysql from 42.99.117.44 port 45312 Jan 16 16:19:34 cumulus sshd[4171]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.99.117.44 Jan 16 16:19:36 cumulus sshd[4171]: Failed password for invalid user mysql from 42.99.117.44 port 45312 ssh2 Jan 16 16:19:36 cumulus sshd[4171]: Received disconnect from 42.99.117.44 port 45312:11: Bye Bye [preauth] Jan 16 16:19:36 cumulus ss........ -------------------------------	2020-01-17 06:10:32
188.166.216.84	attack	Jan 16 22:04:41 klukluk sshd\[6036\]: Invalid user ftpuser from 188.166.216.84 Jan 16 22:12:12 klukluk sshd\[10609\]: Invalid user ubuntu from 188.166.216.84 Jan 16 22:19:47 klukluk sshd\[15306\]: Invalid user ftpuser from 188.166.216.84 ...	2020-01-17 06:14:33
42.228.2.150	attackspambots	Unauthorized connection attempt detected from IP address 42.228.2.150 to port 1433 [J]	2020-01-17 06:20:33
116.232.37.105	attackbots	Unauthorized connection attempt detected from IP address 116.232.37.105 to port 23 [J]	2020-01-17 06:36:49

Recently Reported IPs

218.77.107.84	150.255.2.223	58.174.126.184	14.186.63.131
91.203.193.84	189.123.234.183	117.7.95.57	103.23.102.111
123.59.195.125	114.32.81.49	103.241.227.106	123.135.124.238
203.195.201.129	118.24.213.126	223.223.188.226	211.171.128.253
85.117.115.38	167.172.89.110	189.199.106.202	177.220.177.180