142.252.251.74

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: EGIHosting

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	Sep 23 05:48:17 mail kernel: [399870.312453] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=142.252.251.74 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=256 PROTO=TCP SPT=6000 DPT=8888 WINDOW=16384 RES=0x00 SYN URGP=0 Sep 23 05:48:17 mail kernel: [399870.313147] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=142.252.251.74 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=256 PROTO=TCP SPT=6000 DPT=8088 WINDOW=16384 RES=0x00 SYN URGP=0 Sep 23 05:48:17 mail kernel: [399870.314607] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=142.252.251.74 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=256 PROTO=TCP SPT=6000 DPT=8000 WINDOW=16384 RES=0x00 SYN URGP=0 Sep 23 05:48:17 mail kernel: [399870.313147] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=142.252.251.74 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=256 PROTO=TCP SPT=6000 DPT=8088 WINDOW=16384 RES=0x00 SYN URGP=0 Sep	2019-09-23 20:08:48

Type

Details

Datetime

attackspambots

Sep 23 05:48:17 mail kernel: [399870.312453] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=142.252.251.74 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=256 PROTO=TCP SPT=6000 DPT=8888 WINDOW=16384 RES=0x00 SYN URGP=0 
Sep 23 05:48:17 mail kernel: [399870.313147] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=142.252.251.74 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=256 PROTO=TCP SPT=6000 DPT=8088 WINDOW=16384 RES=0x00 SYN URGP=0 
Sep 23 05:48:17 mail kernel: [399870.314607] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=142.252.251.74 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=256 PROTO=TCP SPT=6000 DPT=8000 WINDOW=16384 RES=0x00 SYN URGP=0 
Sep 23 05:48:17 mail kernel: [399870.313147] [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=142.252.251.74 DST=77.73.69.240 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=256 PROTO=TCP SPT=6000 DPT=8088 WINDOW=16384 RES=0x00 SYN URGP=0 
Sep

2019-09-23 20:08:48

Comments on same subnet:

IP	Type	Details	Datetime
142.252.251.170	attack	Automatic report - Port Scan	2019-10-27 17:30:15
142.252.251.228	attack	Fail2Ban Ban Triggered	2019-10-10 13:06:29

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 142.252.251.74
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46835
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;142.252.251.74.			IN	A

;; AUTHORITY SECTION:
.			371	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019092300 1800 900 604800 86400

;; Query time: 105 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Sep 23 20:08:44 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 74.251.252.142.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 74.251.252.142.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
179.6.35.14	attack	Mail/25/465/587-993/995 Probe, Reject, BadAuth, Hack, SPAM -	2019-10-28 21:58:29
51.235.250.233	attack	Unauthorised access (Oct 28) SRC=51.235.250.233 LEN=52 TTL=117 ID=1972 DF TCP DPT=445 WINDOW=8192 SYN	2019-10-28 22:02:48
152.249.245.68	attackspambots	2019-10-28T12:55:14.649606hub.schaetter.us sshd\[29653\]: Invalid user admin from 152.249.245.68 port 37498 2019-10-28T12:55:14.662946hub.schaetter.us sshd\[29653\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.249.245.68 2019-10-28T12:55:16.214643hub.schaetter.us sshd\[29653\]: Failed password for invalid user admin from 152.249.245.68 port 37498 ssh2 2019-10-28T13:00:05.542454hub.schaetter.us sshd\[29688\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.249.245.68 user=root 2019-10-28T13:00:08.042958hub.schaetter.us sshd\[29688\]: Failed password for root from 152.249.245.68 port 48432 ssh2 ...	2019-10-28 22:02:18
179.189.112.103	attackspambots	Mail/25/465/587-993/995 Probe, Reject, BadAuth, Hack, SPAM -	2019-10-28 22:04:36
104.244.75.218	attackbots	104.244.75.218 - - [11/Aug/2019:22:30:55 +0100] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (Linux; Android 8.0; TA-1000 Build/OPR1.170623.026; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/57.0.2987.132 MQQBrowser/6.2 TBS/043908 Mobile Safari/537.36 V1_AND_SQ_7.1.0_0_TIM_D TIM2.0/2.0.0.1696 QQ/6.5.5 NetType/WIFI WebP/0.3.0 Pixel/1080 IMEI/null"	2019-10-28 22:34:18
156.205.172.81	attackbots	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/156.205.172.81/ EG - 1H : (314) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : EG NAME ASN : ASN8452 IP : 156.205.172.81 CIDR : 156.205.128.0/18 PREFIX COUNT : 833 UNIQUE IP COUNT : 7610368 ATTACKS DETECTED ASN8452 : 1H - 8 3H - 25 6H - 54 12H - 121 24H - 305 DateTime : 2019-10-28 12:52:09 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-10-28 22:05:57
125.227.249.88	attackbotsspam	23/tcp 23/tcp 23/tcp... [2019-08-30/10-28]16pkt,1pt.(tcp)	2019-10-28 22:20:33
158.69.110.31	attackbots	Oct 28 03:51:25 tdfoods sshd\[6460\]: Invalid user Ej45Un76uw from 158.69.110.31 Oct 28 03:51:25 tdfoods sshd\[6460\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.69.110.31 Oct 28 03:51:27 tdfoods sshd\[6460\]: Failed password for invalid user Ej45Un76uw from 158.69.110.31 port 54566 ssh2 Oct 28 03:55:41 tdfoods sshd\[6788\]: Invalid user felix123 from 158.69.110.31 Oct 28 03:55:41 tdfoods sshd\[6788\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.69.110.31	2019-10-28 21:56:59
187.16.96.35	attack	Automatic report - Banned IP Access	2019-10-28 22:07:25
168.235.103.66	attack	SSH Scan	2019-10-28 21:59:24
165.22.112.87	attackbotsspam	2019-10-28T14:50:07.719337scmdmz1 sshd\[20925\]: Invalid user password from 165.22.112.87 port 45274 2019-10-28T14:50:07.722032scmdmz1 sshd\[20925\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.112.87 2019-10-28T14:50:10.010802scmdmz1 sshd\[20925\]: Failed password for invalid user password from 165.22.112.87 port 45274 ssh2 ...	2019-10-28 22:03:32
27.49.160.8	attackspambots	1433/tcp 445/tcp... [2019-09-03/10-28]12pkt,2pt.(tcp)	2019-10-28 22:18:03
104.42.159.141	attack	Oct 28 14:12:15 ns37 sshd[673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.159.141	2019-10-28 22:13:46
190.7.128.74	attackbots	Oct 28 13:58:54 localhost sshd\[45178\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.7.128.74 user=root Oct 28 13:58:56 localhost sshd\[45178\]: Failed password for root from 190.7.128.74 port 30354 ssh2 Oct 28 14:04:03 localhost sshd\[45300\]: Invalid user ag from 190.7.128.74 port 58080 Oct 28 14:04:03 localhost sshd\[45300\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.7.128.74 Oct 28 14:04:04 localhost sshd\[45300\]: Failed password for invalid user ag from 190.7.128.74 port 58080 ssh2 ...	2019-10-28 22:12:49
185.209.0.51	attackspam	10/28/2019-14:39:03.354475 185.209.0.51 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-10-28 22:24:43

Recently Reported IPs

172.217.4.164	174.76.104.67	106.12.189.235	185.14.194.49
80.199.149.220	85.202.194.226	139.219.4.64	95.181.176.15
23.94.2.235	165.22.212.117	183.89.215.86	222.188.187.194
222.186.169.194	186.155.0.40	222.186.180.9	180.107.90.232
152.32.185.150	138.253.109.191	128.199.103.239	178.20.246.208