142.93.52.3 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	142.93.52.3 (US/United States/-), 6 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Sep 16 07:43:32 server2 sshd[30326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.28.132.211 user=root Sep 16 07:43:34 server2 sshd[30326]: Failed password for root from 119.28.132.211 port 57056 ssh2 Sep 16 07:43:52 server2 sshd[30379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.175.217.161 user=root Sep 16 07:43:24 server2 sshd[30269]: Failed password for root from 142.93.52.3 port 60144 ssh2 Sep 16 07:43:19 server2 sshd[30128]: Failed password for root from 119.250.158.217 port 62043 ssh2 Sep 16 07:43:22 server2 sshd[30269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=root IP Addresses Blocked: 119.28.132.211 (HK/Hong Kong/-) 134.175.217.161 (CN/China/-)	2020-09-16 23:30:14
attack	Banned for a week because repeated abuses, for example SSH, but not only	2020-09-16 15:47:17
attack	detected by Fail2Ban	2020-09-16 07:47:29
attack	Sep 8 13:52:28 markkoudstaal sshd[19974]: Failed password for root from 142.93.52.3 port 39644 ssh2 Sep 8 13:56:14 markkoudstaal sshd[21048]: Failed password for root from 142.93.52.3 port 45878 ssh2 Sep 8 13:59:58 markkoudstaal sshd[22064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 ...	2020-09-08 20:22:38
attack	2020-09-08T05:00:26.289010billing sshd[19563]: Failed password for root from 142.93.52.3 port 35248 ssh2 2020-09-08T05:03:36.432267billing sshd[25813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=root 2020-09-08T05:03:38.974327billing sshd[25813]: Failed password for root from 142.93.52.3 port 39546 ssh2 ...	2020-09-08 12:17:30
attack	Triggered by Fail2Ban at Ares web server	2020-09-08 04:54:31
attackbots	Aug 30 02:12:22 web9 sshd\[21063\]: Invalid user tamaki from 142.93.52.3 Aug 30 02:12:22 web9 sshd\[21063\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 Aug 30 02:12:24 web9 sshd\[21063\]: Failed password for invalid user tamaki from 142.93.52.3 port 41090 ssh2 Aug 30 02:16:22 web9 sshd\[21548\]: Invalid user admin from 142.93.52.3 Aug 30 02:16:22 web9 sshd\[21548\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3	2020-08-30 20:27:55
attackbotsspam	Aug 17 14:05:26 [host] sshd[5813]: Invalid user to Aug 17 14:05:26 [host] sshd[5813]: pam_unix(sshd:a Aug 17 14:05:28 [host] sshd[5813]: Failed password	2020-08-17 21:49:53
attack	k+ssh-bruteforce	2020-08-07 08:35:44
attackbotsspam	Aug 6 02:09:31 firewall sshd[10490]: Failed password for root from 142.93.52.3 port 51364 ssh2 Aug 6 02:13:18 firewall sshd[10609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=root Aug 6 02:13:20 firewall sshd[10609]: Failed password for root from 142.93.52.3 port 34064 ssh2 ...	2020-08-06 13:22:04
attack	Aug 4 13:57:57 piServer sshd[7616]: Failed password for root from 142.93.52.3 port 39134 ssh2 Aug 4 14:00:41 piServer sshd[7924]: Failed password for root from 142.93.52.3 port 57462 ssh2 ...	2020-08-04 21:30:59
attack	Jul 31 16:50:10 hidden sshd[7811]: Failed password for hidden from 142.93.52.3 port 33184 ssh2 Jul 31 16:54:07 hidden sshd[17514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=root Jul 31 16:54:09 hidden sshd[17514]: Failed password for hidden from 142.93.52.3 port 45844 ssh2 Jul 31 16:58:05 hidden sshd[27196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=root Jul 31 16:58:07 hidden sshd[27196]: Failed password for hidden from 142.93.52.3 port 58508 ssh2	2020-08-01 03:33:18
attack	Jul 25 10:17:08 vps sshd[25858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 Jul 25 10:17:10 vps sshd[25858]: Failed password for invalid user cristiano from 142.93.52.3 port 56604 ssh2 Jul 25 10:21:28 vps sshd[26138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 ...	2020-07-25 18:25:15
attackbotsspam	Jun 30 17:56:45 h1745522 sshd[22297]: Invalid user bhq from 142.93.52.3 port 51416 Jun 30 17:56:45 h1745522 sshd[22297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 Jun 30 17:56:45 h1745522 sshd[22297]: Invalid user bhq from 142.93.52.3 port 51416 Jun 30 17:56:47 h1745522 sshd[22297]: Failed password for invalid user bhq from 142.93.52.3 port 51416 ssh2 Jun 30 18:00:00 h1745522 sshd[22582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=root Jun 30 18:00:02 h1745522 sshd[22582]: Failed password for root from 142.93.52.3 port 50798 ssh2 Jun 30 18:03:15 h1745522 sshd[24059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=root Jun 30 18:03:17 h1745522 sshd[24059]: Failed password for root from 142.93.52.3 port 50176 ssh2 Jun 30 18:06:31 h1745522 sshd[24229]: Invalid user vpnuser from 142.93.52.3 port 49556 ...	2020-07-01 04:29:01
attack	Jun 28 17:24:04 ns382633 sshd\[11870\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=root Jun 28 17:24:07 ns382633 sshd\[11870\]: Failed password for root from 142.93.52.3 port 44448 ssh2 Jun 28 17:38:41 ns382633 sshd\[14687\]: Invalid user deploy from 142.93.52.3 port 44512 Jun 28 17:38:41 ns382633 sshd\[14687\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 Jun 28 17:38:43 ns382633 sshd\[14687\]: Failed password for invalid user deploy from 142.93.52.3 port 44512 ssh2	2020-06-29 02:03:53
attackbotsspam	2020-06-20T20:04:34.105871 sshd[29862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 2020-06-20T20:04:34.092494 sshd[29862]: Invalid user dita from 142.93.52.3 port 56306 2020-06-20T20:04:35.740889 sshd[29862]: Failed password for invalid user dita from 142.93.52.3 port 56306 ssh2 2020-06-21T06:27:54.256836 sshd[10458]: Invalid user jtorres from 142.93.52.3 port 33280 ...	2020-06-21 13:47:11
attackbotsspam	Jun 20 16:35:56 home sshd[6196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 Jun 20 16:35:58 home sshd[6196]: Failed password for invalid user huang from 142.93.52.3 port 56412 ssh2 Jun 20 16:36:55 home sshd[6280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 ...	2020-06-20 23:04:33
attackbots	Auto Fail2Ban report, multiple SSH login attempts.	2020-06-12 18:48:29
attackbotsspam	2020-06-10T10:29:48.313269rocketchat.forhosting.nl sshd[22744]: Failed password for root from 142.93.52.3 port 51554 ssh2 2020-06-10T10:33:03.691457rocketchat.forhosting.nl sshd[22790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=ftp 2020-06-10T10:33:04.949573rocketchat.forhosting.nl sshd[22790]: Failed password for ftp from 142.93.52.3 port 53192 ssh2 ...	2020-06-10 16:56:01
attackbots	SSH Login Bruteforce	2020-06-09 18:39:26
attackspambots	May 28 19:46:10 web1 sshd\[3741\]: Failed password for invalid user sociedad from 142.93.52.3 port 42684 ssh2 May 28 19:49:28 web1 sshd\[4047\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=root May 28 19:49:30 web1 sshd\[4047\]: Failed password for root from 142.93.52.3 port 42286 ssh2 May 28 19:52:48 web1 sshd\[4329\]: Invalid user test from 142.93.52.3 May 28 19:52:48 web1 sshd\[4329\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3	2020-05-29 14:59:25
attackbots	" "	2020-05-28 21:40:08
attackbots	SSH/22 MH Probe, BF, Hack -	2020-05-26 22:20:06
attackspambots	no	2020-05-26 03:58:46
attackbots	$f2bV_matches	2020-05-23 00:35:30
attack	May 22 06:28:34 srv-ubuntu-dev3 sshd[111418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 May 22 06:28:34 srv-ubuntu-dev3 sshd[111418]: Invalid user xfc from 142.93.52.3 May 22 06:28:36 srv-ubuntu-dev3 sshd[111418]: Failed password for invalid user xfc from 142.93.52.3 port 58408 ssh2 May 22 06:31:48 srv-ubuntu-dev3 sshd[112642]: Invalid user ozc from 142.93.52.3 May 22 06:31:48 srv-ubuntu-dev3 sshd[112642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 May 22 06:31:48 srv-ubuntu-dev3 sshd[112642]: Invalid user ozc from 142.93.52.3 May 22 06:31:51 srv-ubuntu-dev3 sshd[112642]: Failed password for invalid user ozc from 142.93.52.3 port 36788 ssh2 May 22 06:35:06 srv-ubuntu-dev3 sshd[114063]: Invalid user zpb from 142.93.52.3 May 22 06:35:06 srv-ubuntu-dev3 sshd[114063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 May 22 06: ...	2020-05-22 12:41:38
attackspambots	Invalid user admin from 142.93.52.3 port 59888	2020-05-15 14:07:50
attack	May 7 20:21:56 ns381471 sshd[4283]: Failed password for root from 142.93.52.3 port 48216 ssh2 May 7 20:23:39 ns381471 sshd[4323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3	2020-05-08 03:45:21
attackspam	$f2bV_matches	2020-04-26 04:44:57
attack	Apr 22 17:04:44 gw1 sshd[29988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 Apr 22 17:04:46 gw1 sshd[29988]: Failed password for invalid user admin from 142.93.52.3 port 58626 ssh2 ...	2020-04-22 20:39:37

Comments on same subnet:

IP	Type	Details	Datetime
142.93.52.174	attackspam	142.93.52.174 - - [21/Sep/2020:20:43:25 +0200] "POST /xmlrpc.php HTTP/1.1" 403 613 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.52.174 - - [21/Sep/2020:20:55:53 +0200] "POST /xmlrpc.php HTTP/1.1" 403 613 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-22 03:16:06
142.93.52.174	attack	142.93.52.174 - - [21/Sep/2020:12:12:36 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.52.174 - - [21/Sep/2020:12:12:37 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.52.174 - - [21/Sep/2020:12:12:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-21 19:01:02
142.93.52.174	attackspam	Attempt to hack Wordpress Login, XMLRPC or other login	2020-08-17 06:43:23
142.93.52.174	attackspambots	142.93.52.174 - - [11/Jul/2020:06:15:19 +0200] "GET /wp-login.php HTTP/1.1" 200 1901 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.52.174 - - [11/Jul/2020:06:15:26 +0200] "POST /wp-login.php HTTP/1.1" 200 2031 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.52.174 - - [11/Jul/2020:06:15:26 +0200] "GET /wp-login.php HTTP/1.1" 200 1901 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.52.174 - - [11/Jul/2020:06:15:27 +0200] "POST /wp-login.php HTTP/1.1" 200 2030 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.52.174 - - [11/Jul/2020:06:15:27 +0200] "GET /wp-login.php HTTP/1.1" 200 1901 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.52.174 - - [11/Jul/2020:06:15:27 +0200] "POST /wp-login.php HTTP/1.1" 200 2030 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Fir ...	2020-07-11 13:36:24
142.93.52.174	attack	142.93.52.174 - - \[28/May/2020:15:40:10 +0200\] "POST /wp-login.php HTTP/1.0" 200 6728 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 142.93.52.174 - - \[28/May/2020:15:40:12 +0200\] "POST /wp-login.php HTTP/1.0" 200 6558 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 142.93.52.174 - - \[28/May/2020:15:40:23 +0200\] "POST /wp-login.php HTTP/1.0" 200 6552 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-05-29 00:20:51

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 142.93.52.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51274
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;142.93.52.3.			IN	A

;; AUTHORITY SECTION:
.			501	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020041201 1800 900 604800 86400

;; Query time: 119 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Apr 13 08:35:04 CST 2020
;; MSG SIZE  rcvd: 115

Host info

Host 3.52.93.142.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 3.52.93.142.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
171.225.254.178	attackbots	1588249643 - 04/30/2020 14:27:23 Host: 171.225.254.178/171.225.254.178 Port: 445 TCP Blocked	2020-04-30 21:43:41
178.128.88.244	attackspambots	Apr 30 05:43:32 mockhub sshd[6845]: Failed password for root from 178.128.88.244 port 37214 ssh2 ...	2020-04-30 21:02:54
185.176.27.30	attackspam	scans 17 times in preceeding hours on the ports (in chronological order) 33486 33488 33488 33487 33581 33580 33582 33691 33690 33689 33783 33784 33785 33798 33800 33799 33892 resulting in total of 77 scans from 185.176.27.0/24 block.	2020-04-30 21:37:44
185.156.73.65	attackbots	04/30/2020-08:47:28.410103 185.156.73.65 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-04-30 21:06:04
197.253.70.162	attackbotsspam	Honeypot attack, port: 445, PTR: PTR record not found	2020-04-30 21:18:37
112.85.42.174	attackspambots	Apr 30 09:07:35 NPSTNNYC01T sshd[24885]: Failed password for root from 112.85.42.174 port 40401 ssh2 Apr 30 09:07:39 NPSTNNYC01T sshd[24885]: Failed password for root from 112.85.42.174 port 40401 ssh2 Apr 30 09:07:42 NPSTNNYC01T sshd[24885]: Failed password for root from 112.85.42.174 port 40401 ssh2 Apr 30 09:07:46 NPSTNNYC01T sshd[24885]: Failed password for root from 112.85.42.174 port 40401 ssh2 ...	2020-04-30 21:15:39
51.158.65.150	attackspam	Apr 30 15:23:46 ns382633 sshd\[26552\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.158.65.150 user=root Apr 30 15:23:48 ns382633 sshd\[26552\]: Failed password for root from 51.158.65.150 port 44672 ssh2 Apr 30 15:29:21 ns382633 sshd\[27526\]: Invalid user moon from 51.158.65.150 port 48784 Apr 30 15:29:21 ns382633 sshd\[27526\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.158.65.150 Apr 30 15:29:23 ns382633 sshd\[27526\]: Failed password for invalid user moon from 51.158.65.150 port 48784 ssh2	2020-04-30 21:32:53
99.44.136.84	attackbotsspam	Honeypot attack, port: 81, PTR: 99-44-136-84.lightspeed.nworla.sbcglobal.net.	2020-04-30 21:31:40
114.35.204.20	attackbotsspam	Unauthorised access (Apr 30) SRC=114.35.204.20 LEN=52 TTL=109 ID=11663 DF TCP DPT=445 WINDOW=8192 SYN	2020-04-30 21:38:59
118.25.63.170	attack	Apr 30 08:27:29 mail sshd\[12382\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.25.63.170 user=root ...	2020-04-30 21:36:52
188.0.188.80	attackspambots	Honeypot attack, port: 445, PTR: PTR record not found	2020-04-30 21:11:18
210.134.164.250	attack	mayu@ebinazei.jp> wrote: Good day my friend, I am barrister Adolf Mwesige. My client, his wife and their only daughter were involved in a ghastly car accident hence I contacted you. have contacted you to assist in repatriating the fund valued at USD $ 2.400 million left behind by my client	2020-04-30 21:07:41
106.13.184.7	attack	2020-04-30T05:30:37.619574suse-nuc sshd[22284]: Invalid user xavier from 106.13.184.7 port 44782 ...	2020-04-30 21:23:50
41.218.194.255	attack	Apr 30 14:27:59 vmd48417 sshd[28439]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.218.194.255	2020-04-30 21:10:21
49.146.39.100	attackspam	1588249667 - 04/30/2020 14:27:47 Host: 49.146.39.100/49.146.39.100 Port: 445 TCP Blocked	2020-04-30 21:21:47

Recently Reported IPs

36.90.134.36	139.162.122.218	180.177.57.153	45.141.69.49
178.60.163.89	46.101.199.196	98.126.155.146	175.140.213.50
23.111.147.162	113.185.42.157	78.109.129.108	200.188.153.18
101.89.192.64	36.73.33.109	90.84.184.165	185.55.242.61
183.89.237.253	118.69.35.18	176.88.93.0	123.25.30.247