1.1.1.142 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Australia

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
1.1.1.1	attack	-	2025-02-08 18:33:31
1.1.132.69	attackspam	2019-11-27T01:38:44.085801suse-nuc sshd[24675]: Invalid user admin from 1.1.132.69 port 56311 ...	2020-09-27 06:00:08
1.1.192.221	attackbotsspam	2020-09-14T21:17:26.139038suse-nuc sshd[19525]: Invalid user admin1 from 1.1.192.221 port 49686 ...	2020-09-27 05:59:57
1.1.132.69	attackbots	2019-11-27T01:38:44.085801suse-nuc sshd[24675]: Invalid user admin from 1.1.132.69 port 56311 ...	2020-09-26 22:20:29
1.1.192.221	attackspambots	2020-09-14T21:17:26.139038suse-nuc sshd[19525]: Invalid user admin1 from 1.1.192.221 port 49686 ...	2020-09-26 22:19:59
1.1.132.69	attack	2019-11-27T01:38:44.085801suse-nuc sshd[24675]: Invalid user admin from 1.1.132.69 port 56311 ...	2020-09-26 14:04:55
1.1.192.221	attackspam	2020-09-14T21:17:26.139038suse-nuc sshd[19525]: Invalid user admin1 from 1.1.192.221 port 49686 ...	2020-09-26 14:04:27
1.1.132.115	attack	1598851277 - 08/31/2020 07:21:17 Host: 1.1.132.115/1.1.132.115 Port: 445 TCP Blocked	2020-08-31 20:16:25
1.1.123.141	attack	Port probing on unauthorized port 5555	2020-08-28 06:13:26
1.1.185.43	attackbots	1597925066 - 08/20/2020 14:04:26 Host: 1.1.185.43/1.1.185.43 Port: 445 TCP Blocked	2020-08-20 23:46:50
1.1.154.193	attackspam	Port probing on unauthorized port 445	2020-07-14 19:35:03
1.1.166.98	attackspambots	Unauthorized IMAP connection attempt	2020-07-06 12:16:59
1.1.128.19	attackspam	Jun 23 21:40:17 mercury wordpress(www.learnargentinianspanish.com)[15078]: XML-RPC authentication failure for josh from 1.1.128.19 ...	2020-06-24 05:28:08
1.1.1.1	attackspambots	19-Jun-2020 05:58:22.995 client @0xafdda6a0 1.1.1.1#20402 (.): query (cache) './ANY/IN' denied 19-Jun-2020 05:58:22.996 client @0xafdda6a0 1.1.1.1#20402 (.): query (cache) './ANY/IN' denied 19-Jun-2020 05:58:22.997 client @0xafdda6a0 1.1.1.1#20402 (.): query (cache) './ANY/IN' denied 19-Jun-2020 05:58:22.997 client @0xb01d63e8 1.1.1.1#20402 (.): query (cache) './ANY/IN' denied 19-Jun-2020 05:58:22.997 client @0xb009f248 1.1.1.1#20402 (.): query (cache) './ANY/IN' denied ...	2020-06-19 12:02:28
1.1.171.79	attackbots	spam form 2020-06-15 20:34	2020-06-16 05:33:37

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 1.1.1.142
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61137
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;1.1.1.142.			IN	A

;; AUTHORITY SECTION:
.			593	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022022500 1800 900 604800 86400

;; Query time: 64 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Feb 25 14:18:09 CST 2022
;; MSG SIZE  rcvd: 102

Host info

Host 142.1.1.1.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 142.1.1.1.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
51.178.30.102	attack	Oct 9 21:32:24 php1 sshd\[25251\]: Invalid user download from 51.178.30.102 Oct 9 21:32:24 php1 sshd\[25251\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.30.102 Oct 9 21:32:26 php1 sshd\[25251\]: Failed password for invalid user download from 51.178.30.102 port 50068 ssh2 Oct 9 21:34:29 php1 sshd\[25376\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.178.30.102 user=root Oct 9 21:34:31 php1 sshd\[25376\]: Failed password for root from 51.178.30.102 port 40510 ssh2	2020-10-10 17:06:36
59.90.30.197	attackbotsspam	SSH login attempts.	2020-10-10 16:41:10
49.234.99.246	attackspambots	Oct 10 10:43:16 vps8769 sshd[12555]: Failed password for root from 49.234.99.246 port 39120 ssh2 ...	2020-10-10 17:19:26
176.221.188.192	attackbotsspam	Automatic report - Banned IP Access	2020-10-10 16:59:29
177.107.68.18	attackbots	Unauthorised connection attempt detected at AUO MAIN. System is sshd. Protected by AUO Stack Web Application Firewall (WAF)	2020-10-10 17:07:04
62.210.113.228	attackbots	62.210.113.228 - - [10/Oct/2020:07:42:56 +0100] "POST /wp-login.php HTTP/1.1" 200 2175 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 62.210.113.228 - - [10/Oct/2020:07:42:57 +0100] "POST /wp-login.php HTTP/1.1" 200 2227 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 62.210.113.228 - - [10/Oct/2020:07:42:58 +0100] "POST /wp-login.php HTTP/1.1" 200 2225 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-10 17:18:53
162.142.125.35	attackspam	Connection to SSH Honeypot - Detected by HoneypotDB	2020-10-10 16:51:41
167.248.133.50	attackspam	Sep 13 04:16:53 hidden postfix/postscreen[38885]: DNSBL rank 3 for [167.248.133.50]:42410	2020-10-10 16:35:41
118.24.8.99	attack	2020-10-09T23:02:08.658249abusebot-3.cloudsearch.cf sshd[27216]: Invalid user wwwrun from 118.24.8.99 port 32954 2020-10-09T23:02:08.662541abusebot-3.cloudsearch.cf sshd[27216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.8.99 2020-10-09T23:02:08.658249abusebot-3.cloudsearch.cf sshd[27216]: Invalid user wwwrun from 118.24.8.99 port 32954 2020-10-09T23:02:10.560203abusebot-3.cloudsearch.cf sshd[27216]: Failed password for invalid user wwwrun from 118.24.8.99 port 32954 ssh2 2020-10-09T23:06:49.369773abusebot-3.cloudsearch.cf sshd[27232]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.8.99 user=root 2020-10-09T23:06:52.178900abusebot-3.cloudsearch.cf sshd[27232]: Failed password for root from 118.24.8.99 port 39570 ssh2 2020-10-09T23:11:25.601739abusebot-3.cloudsearch.cf sshd[27244]: Invalid user support from 118.24.8.99 port 46182 ...	2020-10-10 17:15:45
222.73.215.81	attackspambots	Oct 9 18:35:29 kapalua sshd\[28795\]: Invalid user sales from 222.73.215.81 Oct 9 18:35:29 kapalua sshd\[28795\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.215.81 Oct 9 18:35:31 kapalua sshd\[28795\]: Failed password for invalid user sales from 222.73.215.81 port 59075 ssh2 Oct 9 18:39:12 kapalua sshd\[29187\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.73.215.81 user=root Oct 9 18:39:14 kapalua sshd\[29187\]: Failed password for root from 222.73.215.81 port 49854 ssh2	2020-10-10 16:43:56
156.96.56.51	attackbots	Sep 29 19:31:53 hidden postfix/postscreen[37294]: DNSBL rank 4 for [156.96.56.51]:52719	2020-10-10 16:55:25
218.92.0.185	attackspam	Oct 10 10:39:06 pve1 sshd[25151]: Failed password for root from 218.92.0.185 port 64249 ssh2 Oct 10 10:39:10 pve1 sshd[25151]: Failed password for root from 218.92.0.185 port 64249 ssh2 ...	2020-10-10 16:58:23
193.228.91.123	attackbots	Oct 9 22:56:34 web1 sshd\[32121\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.228.91.123 user=root Oct 9 22:56:37 web1 sshd\[32121\]: Failed password for root from 193.228.91.123 port 33672 ssh2 Oct 9 22:57:00 web1 sshd\[32175\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.228.91.123 user=root Oct 9 22:57:02 web1 sshd\[32175\]: Failed password for root from 193.228.91.123 port 47220 ssh2 Oct 9 22:57:26 web1 sshd\[32236\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.228.91.123 user=root	2020-10-10 16:57:34
156.96.56.37	attackspam	Sep 10 03:56:51 hidden postfix/postscreen[29943]: DNSBL rank 4 for [156.96.56.37]:50330	2020-10-10 17:04:23
201.49.226.30	attackbotsspam	srvr2: (mod_security) mod_security (id:920350) triggered by 201.49.226.30 (201-49-226-30.spdlink.com.br): 1 in the last 600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/10/09 22:47:07 [error] 3679#0: 39343 [client 201.49.226.30] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "160227642721.781913"] [ref "o0,15v21,15"], client: 201.49.226.30, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-10-10 16:52:56

Recently Reported IPs

1.1.1.140	1.1.1.143	1.1.1.145	1.1.128.108
1.1.1.144	1.1.128.120	1.1.128.155	101.109.108.232
1.1.1.99	1.1.128.20	1.1.128.211	1.1.128.214
1.1.128.234	1.1.128.245	1.1.128.27	1.1.128.230
1.1.128.3	1.1.128.33	101.109.108.246	1.1.128.46