61.42.20.128 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Korea (Republic of)

Internet Service Provider: LG Dacom Corporation

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	SSH bruteforce	2020-04-30 16:46:14
attack	Apr 27 03:59:13 work-partkepr sshd\[13117\]: Invalid user admin from 61.42.20.128 port 13296 Apr 27 03:59:13 work-partkepr sshd\[13117\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.42.20.128 ...	2020-04-27 12:50:59
attackbots	SSH Brute-Forcing (server1)	2020-04-16 15:51:22
attack	SSH Brute-Force. Ports scanning.	2020-04-14 03:05:26
attack	Apr 8 13:41:14 v22019038103785759 sshd\[25645\]: Invalid user wilder from 61.42.20.128 port 57284 Apr 8 13:41:14 v22019038103785759 sshd\[25645\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.42.20.128 Apr 8 13:41:16 v22019038103785759 sshd\[25645\]: Failed password for invalid user wilder from 61.42.20.128 port 57284 ssh2 Apr 8 13:49:31 v22019038103785759 sshd\[26153\]: Invalid user terraria from 61.42.20.128 port 10822 Apr 8 13:49:31 v22019038103785759 sshd\[26153\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.42.20.128 ...	2020-04-08 20:23:32
attackbotsspam	SSH auth scanning - multiple failed logins	2020-04-04 12:19:47
attack	Invalid user spl from 61.42.20.128 port 48952	2020-03-30 04:06:35
attackspambots	Invalid user epiconf from 61.42.20.128 port 10366	2020-03-14 09:25:17
attack	Mar 8 09:54:45 plusreed sshd[19147]: Invalid user agsadmin from 61.42.20.128 ...	2020-03-08 22:05:44
attack	Invalid user default from 61.42.20.128 port 21048	2020-02-19 08:34:33
attackbots	Feb 5 03:39:07 firewall sshd[31956]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.42.20.128 Feb 5 03:39:07 firewall sshd[31956]: Invalid user fn from 61.42.20.128 Feb 5 03:39:09 firewall sshd[31956]: Failed password for invalid user fn from 61.42.20.128 port 54640 ssh2 ...	2020-02-05 15:18:23
attackbotsspam	Invalid user alx from 61.42.20.128 port 42106	2020-01-18 22:19:45

Comments on same subnet:

IP	Type	Details	Datetime
61.42.20.36	attackspambots	Honeypot attack, port: 445, PTR: PTR record not found	2020-05-29 08:02:24
61.42.20.36	attackspambots	Unauthorized connection attempt detected from IP address 61.42.20.36 to port 445	2019-12-28 14:20:05
61.42.20.5	attackspambots	Dec 9 06:56:45 v22019058497090703 sshd[19894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.42.20.5 Dec 9 06:56:47 v22019058497090703 sshd[19894]: Failed password for invalid user smmsp from 61.42.20.5 port 56852 ssh2 Dec 9 07:08:16 v22019058497090703 sshd[21039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.42.20.5 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=61.42.20.5	2019-12-09 19:58:27
61.42.20.36	attack	Unauthorized connection attempt from IP address 61.42.20.36 on Port 445(SMB)	2019-09-06 08:46:59

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 61.42.20.128
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57504
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;61.42.20.128.			IN	A

;; AUTHORITY SECTION:
.			443	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020011800 1800 900 604800 86400

;; Query time: 623 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Jan 18 22:19:39 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 128.20.42.61.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 128.20.42.61.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
51.79.143.36	attack	51.79.143.36 - - [23/Oct/2019:11:43:05 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.79.143.36 - - [23/Oct/2019:11:43:07 +0200] "POST /wp-login.php HTTP/1.1" 200 1503 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.79.143.36 - - [23/Oct/2019:11:43:07 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.79.143.36 - - [23/Oct/2019:11:43:09 +0200] "POST /wp-login.php HTTP/1.1" 200 1486 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.79.143.36 - - [23/Oct/2019:11:43:10 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.79.143.36 - - [23/Oct/2019:11:43:11 +0200] "POST /wp-login.php HTTP/1.1" 200 1486 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-10-23 17:55:53
45.227.253.139	attack	Oct 23 11:38:07 relay postfix/smtpd\[14696\]: warning: unknown\[45.227.253.139\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 23 11:38:26 relay postfix/smtpd\[21013\]: warning: unknown\[45.227.253.139\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 23 11:38:33 relay postfix/smtpd\[19333\]: warning: unknown\[45.227.253.139\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 23 11:39:09 relay postfix/smtpd\[21013\]: warning: unknown\[45.227.253.139\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Oct 23 11:39:16 relay postfix/smtpd\[17953\]: warning: unknown\[45.227.253.139\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2019-10-23 17:49:35
92.222.34.211	attack	Oct 23 08:58:54 vps58358 sshd\[26752\]: Invalid user P@ssw0rd1 from 92.222.34.211Oct 23 08:58:56 vps58358 sshd\[26752\]: Failed password for invalid user P@ssw0rd1 from 92.222.34.211 port 43502 ssh2Oct 23 09:03:12 vps58358 sshd\[26774\]: Invalid user 1234567 from 92.222.34.211Oct 23 09:03:13 vps58358 sshd\[26774\]: Failed password for invalid user 1234567 from 92.222.34.211 port 54166 ssh2Oct 23 09:07:26 vps58358 sshd\[26801\]: Invalid user P@55w0rd@2019 from 92.222.34.211Oct 23 09:07:28 vps58358 sshd\[26801\]: Failed password for invalid user P@55w0rd@2019 from 92.222.34.211 port 36568 ssh2 ...	2019-10-23 18:04:53
165.227.223.104	attackbots	fail2ban honeypot	2019-10-23 17:45:23
218.23.57.244	attackbotsspam	Automatic report - FTP Brute Force	2019-10-23 17:57:25
80.211.88.70	attackbots	Oct 23 06:56:29 goofy sshd\[4204\]: Invalid user tech from 80.211.88.70 Oct 23 06:56:29 goofy sshd\[4204\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.88.70 Oct 23 06:56:31 goofy sshd\[4204\]: Failed password for invalid user tech from 80.211.88.70 port 33980 ssh2 Oct 23 07:43:52 goofy sshd\[6562\]: Invalid user admin from 80.211.88.70 Oct 23 07:43:52 goofy sshd\[6562\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.88.70	2019-10-23 18:07:00
77.247.110.173	attackbots	Port scan on 3 port(s): 21202 21204 31453	2019-10-23 17:51:01
212.237.31.228	attackspam	detected by Fail2Ban	2019-10-23 18:03:47
106.12.206.253	attack	Oct 23 11:12:25 vpn01 sshd[29355]: Failed password for root from 106.12.206.253 port 48060 ssh2 ...	2019-10-23 18:16:42
177.23.196.77	attack	Oct 22 19:15:29 sachi sshd\[16849\]: Invalid user beng from 177.23.196.77 Oct 22 19:15:29 sachi sshd\[16849\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.196.77 Oct 22 19:15:31 sachi sshd\[16849\]: Failed password for invalid user beng from 177.23.196.77 port 47624 ssh2 Oct 22 19:20:52 sachi sshd\[17249\]: Invalid user asdw from 177.23.196.77 Oct 22 19:20:52 sachi sshd\[17249\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.23.196.77	2019-10-23 18:23:11
5.101.87.140	attackbotsspam	Pinspb	2019-10-23 18:17:28
118.32.181.96	attack	Oct 21 13:32:49 tuxlinux sshd[13386]: Invalid user support from 118.32.181.96 port 54926 Oct 21 13:32:49 tuxlinux sshd[13386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.32.181.96 Oct 21 13:32:49 tuxlinux sshd[13386]: Invalid user support from 118.32.181.96 port 54926 Oct 21 13:32:49 tuxlinux sshd[13386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.32.181.96 Oct 21 13:32:49 tuxlinux sshd[13386]: Invalid user support from 118.32.181.96 port 54926 Oct 21 13:32:49 tuxlinux sshd[13386]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.32.181.96 Oct 21 13:32:51 tuxlinux sshd[13386]: Failed password for invalid user support from 118.32.181.96 port 54926 ssh2 ...	2019-10-23 18:25:08
46.101.151.51	attackspambots	$f2bV_matches	2019-10-23 18:07:17
103.44.18.68	attackspam	SSH bruteforce (Triggered fail2ban)	2019-10-23 17:45:39
149.56.109.57	attackspambots	(sshd) Failed SSH login from 149.56.109.57 (CA/Canada/57.ip-149-56-109.net): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 23 06:45:58 server2 sshd[4861]: Invalid user copie7 from 149.56.109.57 port 47612 Oct 23 06:46:00 server2 sshd[4861]: Failed password for invalid user copie7 from 149.56.109.57 port 47612 ssh2 Oct 23 07:02:25 server2 sshd[5236]: Failed password for root from 149.56.109.57 port 48600 ssh2 Oct 23 07:11:10 server2 sshd[5461]: Failed password for root from 149.56.109.57 port 55488 ssh2 Oct 23 07:20:37 server2 sshd[5652]: Invalid user scott from 149.56.109.57 port 36744	2019-10-23 17:47:53

Recently Reported IPs

106.12.84.63	102.129.175.142	91.40.153.19	200.99.240.35
142.130.52.37	78.101.208.139	62.245.46.165	51.254.143.190
88.164.191.186	91.220.81.213	49.232.78.176	46.152.113.140
43.226.165.196	35.184.20.161	27.128.172.232	13.58.41.200
220.63.38.215	222.124.117.3	156.190.220.110	186.214.194.124