107.170.196.142

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	[SMB remote code execution attempt: port tcp/445] *(RWIN=65535)(08050931)	2019-08-05 19:43:51
attackbotsspam	4899/tcp 31274/tcp 118/tcp... [2019-05-12/07-05]49pkt,40pt.(tcp),4pt.(udp)	2019-07-06 07:48:45

Comments on same subnet:

IP	Type	Details	Datetime
107.170.196.87	attackspam	9000/tcp 8083/tcp 137/udp... [2019-06-27/08-27]67pkt,54pt.(tcp),6pt.(udp)	2019-08-28 10:11:09
107.170.196.63	attackspambots	Portscan or hack attempt detected by psad/fwsnort	2019-08-24 20:14:10
107.170.196.102	attackbots	" "	2019-08-20 06:55:20
107.170.196.235	attack	" "	2019-08-20 02:33:36
107.170.196.87	attack	62679/tcp 5900/tcp 5357/tcp... [2019-06-12/08-12]73pkt,60pt.(tcp),5pt.(udp)	2019-08-13 03:02:04
107.170.196.101	attackspambots	webserver:80 [11/Aug/2019] "GET /manager/text/list HTTP/1.1" 403 0 "-" "Mozilla/5.0 zgrab/0.x"	2019-08-11 10:54:09
107.170.196.63	attackspam	Jul 31 19:40:26 mercury smtpd[1187]: 17a8bb94eb7d698a smtp event=bad-input address=107.170.196.63 host=zg-0301e-22.stretchoid.com result="500 5.5.1 Invalid command: Pipelining not supported" ...	2019-08-01 09:08:11
107.170.196.63	attackbotsspam	" "	2019-07-28 19:07:37
107.170.196.241	attack	Port scan attempt detected by AWS-CCS, CTS, India	2019-07-28 18:01:59
107.170.196.72	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-07-25 21:55:35
107.170.196.72	attackbots	firewall-block, port(s): 27018/tcp	2019-07-24 11:35:53
107.170.196.63	attack	firewall-block, port(s): 119/tcp	2019-07-23 13:02:30
107.170.196.102	attackspambots	RDP Scan	2019-07-21 16:32:33
107.170.196.87	attack	Port scan attempt detected by AWS-CCS, CTS, India	2019-07-20 13:16:59
107.170.196.101	attackbotsspam	Scan or attack attempt on email service.	2019-07-12 04:14:27

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 107.170.196.142
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11942
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;107.170.196.142.		IN	A

;; AUTHORITY SECTION:
.			2865	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019051300 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Mon May 13 18:30:37 CST 2019
;; MSG SIZE  rcvd: 119

Host info

142.196.170.107.in-addr.arpa domain name pointer zg-0301e-35.stretchoid.com.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
142.196.170.107.in-addr.arpa	name = zg-0301e-35.stretchoid.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
94.177.229.96	attackbots	Mar 30 19:09:25 tdfoods sshd\[28544\]: Invalid user christopher from 94.177.229.96 Mar 30 19:09:25 tdfoods sshd\[28544\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.229.96 Mar 30 19:09:27 tdfoods sshd\[28544\]: Failed password for invalid user christopher from 94.177.229.96 port 49580 ssh2 Mar 30 19:13:27 tdfoods sshd\[28832\]: Invalid user capture from 94.177.229.96 Mar 30 19:13:27 tdfoods sshd\[28832\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.177.229.96	2020-03-31 13:14:30
51.15.226.137	attackspam	$f2bV_matches	2020-03-31 13:19:00
106.54.66.122	attack	ssh brute force	2020-03-31 13:26:23
189.62.136.109	attackbotsspam	Mar 31 06:45:19 silence02 sshd[19919]: Failed password for root from 189.62.136.109 port 41651 ssh2 Mar 31 06:47:52 silence02 sshd[20079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.62.136.109 Mar 31 06:47:54 silence02 sshd[20079]: Failed password for invalid user zhangzh from 189.62.136.109 port 57564 ssh2	2020-03-31 13:10:58
222.186.31.135	attack	Mar 31 07:22:06 localhost sshd[3906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.31.135 user=root Mar 31 07:22:07 localhost sshd[3906]: Failed password for root from 222.186.31.135 port 59409 ssh2 ...	2020-03-31 13:24:13
119.50.179.72	attack	21/tcp 1433/tcp... [2020-03-31]15pkt,2pt.(tcp)	2020-03-31 13:06:38
14.160.145.141	attack	SMTP-SASL bruteforce attempt	2020-03-31 13:02:03
206.189.222.181	attackspam	Mar 31 06:53:06 vps647732 sshd[12808]: Failed password for root from 206.189.222.181 port 50308 ssh2 ...	2020-03-31 13:02:33
189.32.139.7	attack	Mar 31 04:49:02 yesfletchmain sshd\[24492\]: User root from 189.32.139.7 not allowed because not listed in AllowUsers Mar 31 04:49:02 yesfletchmain sshd\[24492\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.32.139.7 user=root Mar 31 04:49:04 yesfletchmain sshd\[24492\]: Failed password for invalid user root from 189.32.139.7 port 51910 ssh2 Mar 31 04:55:04 yesfletchmain sshd\[24615\]: User root from 189.32.139.7 not allowed because not listed in AllowUsers Mar 31 04:55:04 yesfletchmain sshd\[24615\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.32.139.7 user=root ...	2020-03-31 12:57:03
163.172.178.153	attack	Mar 31 12:06:44 webhost01 sshd[27363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163.172.178.153 Mar 31 12:06:46 webhost01 sshd[27363]: Failed password for invalid user oracle from 163.172.178.153 port 54528 ssh2 ...	2020-03-31 13:11:27
190.147.139.216	attackspam	Mar 31 06:48:18 vps647732 sshd[12660]: Failed password for root from 190.147.139.216 port 45270 ssh2 ...	2020-03-31 13:04:14
106.13.227.104	attack	2020-03-29 12:25:36 server sshd[7925]: Failed password for invalid user kuw from 106.13.227.104 port 41458 ssh2	2020-03-31 13:09:59
125.191.31.67	attackbotsspam	Mar 31 05:54:26 debian-2gb-nbg1-2 kernel: \[7885921.325700\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=125.191.31.67 DST=195.201.40.59 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=0 DF PROTO=TCP SPT=80 DPT=3880 WINDOW=29200 RES=0x00 ACK SYN URGP=0	2020-03-31 13:21:35
14.29.249.248	attackspam	Mar 31 04:27:12 ws26vmsma01 sshd[205610]: Failed password for root from 14.29.249.248 port 43683 ssh2 ...	2020-03-31 13:08:25
2001:558:5014:80:4c84:9c95:1dba:bb6f	attackbots	IP address logged by my Netflix account after the individual hacked into and locked me out of my account. Individual also changed my account settings to the most expensive plan, which allows multiple people (profiles) to watch, and several profiles were added. The name on my account was changed to "Juan". I contacted Netflix to have my account restored, so I was able to see the various IP addresses used. I will report all of them as well.	2020-03-31 13:29:21

Recently Reported IPs

117.6.195.252	37.59.203.141	89.35.47.65	58.186.207.216
204.126.119.156	115.231.72.28	179.241.232.192	204.149.183.57
76.129.220.123	203.231.30.220	113.19.86.173	200.74.93.179
195.185.129.102	221.101.10.36	80.92.2.98	200.215.163.17
142.69.222.52	171.118.195.142	5.30.141.196	165.150.197.114