142.11.242.20 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Hostwinds LLC.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Jul 1 00:56:27 server sshd\[98554\]: Invalid user stas from 142.11.242.20 Jul 1 00:56:27 server sshd\[98554\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.11.242.20 Jul 1 00:56:29 server sshd\[98554\]: Failed password for invalid user stas from 142.11.242.20 port 36344 ssh2 ...	2019-07-12 05:25:54

Type

Details

Datetime

attack

Jul  1 00:56:27 server sshd\[98554\]: Invalid user stas from 142.11.242.20
Jul  1 00:56:27 server sshd\[98554\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.11.242.20
Jul  1 00:56:29 server sshd\[98554\]: Failed password for invalid user stas from 142.11.242.20 port 36344 ssh2
...

2019-07-12 05:25:54

Comments on same subnet:

IP	Type	Details	Datetime
142.11.242.146	attackspambots	E-Mail Spam (RBL) [REJECTED]	2020-09-10 21:46:42
142.11.242.146	attackbots	E-Mail Spam (RBL) [REJECTED]	2020-09-10 13:29:05
142.11.242.146	attackbots	E-Mail Spam (RBL) [REJECTED]	2020-09-10 04:11:43
142.11.242.201	spam	Recieved as SMS	2020-07-28 13:54:46
142.11.242.173	attack	Email spoofing/spaming	2020-05-08 03:02:50

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 142.11.242.20
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43800
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;142.11.242.20.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019071101 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Jul 12 05:25:49 CST 2019
;; MSG SIZE  rcvd: 117

Host info

20.242.11.142.in-addr.arpa domain name pointer hwsrv-491875.hostwindsdns.com.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
20.242.11.142.in-addr.arpa	name = hwsrv-491875.hostwindsdns.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
140.143.90.154	attack	Triggered by Fail2Ban at Ares web server	2019-09-17 16:22:33
218.92.0.191	attackspambots	Sep 17 06:49:13 legacy sshd[9421]: Failed password for root from 218.92.0.191 port 19409 ssh2 Sep 17 06:49:55 legacy sshd[9438]: Failed password for root from 218.92.0.191 port 55563 ssh2 ...	2019-09-17 16:42:58
222.186.15.160	attackspam	2019-09-17T14:52:04.661750enmeeting.mahidol.ac.th sshd\[7174\]: User root from 222.186.15.160 not allowed because not listed in AllowUsers 2019-09-17T14:52:05.072775enmeeting.mahidol.ac.th sshd\[7174\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.160 user=root 2019-09-17T14:52:06.629814enmeeting.mahidol.ac.th sshd\[7174\]: Failed password for invalid user root from 222.186.15.160 port 12570 ssh2 ...	2019-09-17 16:11:21
79.137.79.167	attackspambots	Automatic report - Banned IP Access	2019-09-17 16:29:00
185.12.109.102	attackbotsspam	WordPress login Brute force / Web App Attack on client site.	2019-09-17 16:15:55
23.94.151.60	attack	(From heathere011@gmail.com) Hello! I'm freelance search engine optimization specialist currently looking for new clients who need SEO services but are on a budget. I was just looking at your site and wanted to let you know that I can get you more site visits, which eventually leads to getting more profit. I've helped dozens of other websites owned by small businesses and I can show you case studies for what it's done for their business. You'll be surprised of how much it boosted their profits. Please reply to let me know if you're interested in my services so we can schedule a free consultation. All of the info I'll hand over can be useful whether or not you choose to avail of my services. I hope to speak with you soon. Thank you, Heather Ellison	2019-09-17 16:46:59
112.216.39.29	attackspam	$f2bV_matches	2019-09-17 16:48:26
42.200.66.164	attackbots	Sep 17 07:09:53 site3 sshd\[97509\]: Invalid user vanessa from 42.200.66.164 Sep 17 07:09:53 site3 sshd\[97509\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.200.66.164 Sep 17 07:09:54 site3 sshd\[97509\]: Failed password for invalid user vanessa from 42.200.66.164 port 41206 ssh2 Sep 17 07:14:45 site3 sshd\[97633\]: Invalid user madison from 42.200.66.164 Sep 17 07:14:45 site3 sshd\[97633\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.200.66.164 ...	2019-09-17 16:08:33
112.72.140.62	attack	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/112.72.140.62/ KR - 1H : (55) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : KR NAME ASN : ASN9319 IP : 112.72.140.62 CIDR : 112.72.140.0/22 PREFIX COUNT : 193 UNIQUE IP COUNT : 92928 WYKRYTE ATAKI Z ASN9319 : 1H - 1 3H - 1 6H - 1 12H - 1 24H - 1 INFO : SYN Flood DDoS Attack Denial-of-Service Attack (DoS) Detected and Blocked by ADMIN - data recovery	2019-09-17 16:38:31
125.65.40.233	attackbotsspam	Automatic report - Port Scan Attack	2019-09-17 16:27:30
185.81.157.155	attackspambots	19/9/16@23:36:25: FAIL: Alarm-Intrusion address from=185.81.157.155 ...	2019-09-17 16:06:50
40.118.46.159	attackspambots	Sep 17 10:24:11 pkdns2 sshd\[49743\]: Invalid user xml2epay from 40.118.46.159Sep 17 10:24:13 pkdns2 sshd\[49743\]: Failed password for invalid user xml2epay from 40.118.46.159 port 49140 ssh2Sep 17 10:28:57 pkdns2 sshd\[49909\]: Invalid user adela from 40.118.46.159Sep 17 10:28:58 pkdns2 sshd\[49909\]: Failed password for invalid user adela from 40.118.46.159 port 41682 ssh2Sep 17 10:34:04 pkdns2 sshd\[50131\]: Invalid user krystyna from 40.118.46.159Sep 17 10:34:06 pkdns2 sshd\[50131\]: Failed password for invalid user krystyna from 40.118.46.159 port 33596 ssh2 ...	2019-09-17 16:08:57
183.78.180.160	attack	SMB Server BruteForce Attack	2019-09-17 16:37:06
92.79.179.89	attackbotsspam	Sep 17 10:02:03 v22019058497090703 sshd[23800]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.79.179.89 Sep 17 10:02:05 v22019058497090703 sshd[23800]: Failed password for invalid user jodi from 92.79.179.89 port 31928 ssh2 Sep 17 10:07:39 v22019058497090703 sshd[24190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.79.179.89 ...	2019-09-17 16:38:51
61.19.23.30	attack	Sep 17 07:20:03 dedicated sshd[30733]: Invalid user 1libuuid from 61.19.23.30 port 49220	2019-09-17 16:08:05

Recently Reported IPs

119.190.1.208	3.91.87.49	31.170.57.81	180.123.169.10
167.71.173.103	123.55.147.8	191.53.249.213	151.235.231.129
116.55.34.21	77.43.37.38	180.96.12.153	14.232.134.196
181.118.179.102	109.203.185.243	148.163.87.136	138.68.41.178
89.39.95.149	140.114.28.155	176.106.206.131	81.18.53.195