162.243.142.140

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	" "	2020-05-02 20:12:07
attackbots	26/tcp 5060/udp 9200/tcp... [2020-04-29/30]4pkt,3pt.(tcp),1pt.(udp)	2020-05-01 23:36:33
attackspam	ZGrab Application Layer Scanner Detection	2020-04-30 04:28:50

Comments on same subnet:

IP	Type	Details	Datetime
162.243.142.176	attackspam	[Mon Jun 08 14:17:27 2020] - DDoS Attack From IP: 162.243.142.176 Port: 57285	2020-07-13 04:03:26
162.243.142.146	attackspambots	[Tue Jun 09 15:57:57 2020] - DDoS Attack From IP: 162.243.142.146 Port: 54460	2020-07-13 03:56:26
162.243.142.61	attack	firewall-block, port(s): 81/tcp	2020-06-22 18:47:27
162.243.142.200	attack	ZGrab Application Layer Scanner Detection	2020-06-21 22:16:22
162.243.142.207	attackspambots	TCP (SYN) 162.243.142.207:60667 -> port 81, len 40	2020-06-21 22:07:30
162.243.142.10	attackbots	scans once in preceeding hours on the ports (in chronological order) 63814 resulting in total of 51 scans from 162.243.0.0/16 block.	2020-06-21 20:47:31
162.243.142.124	attackbots	scans once in preceeding hours on the ports (in chronological order) 5631 resulting in total of 51 scans from 162.243.0.0/16 block.	2020-06-21 20:47:07
162.243.142.155	attackspambots	scans once in preceeding hours on the ports (in chronological order) 5632 resulting in total of 51 scans from 162.243.0.0/16 block.	2020-06-21 20:46:53
162.243.142.225	attackbotsspam	Port scan: Attack repeated for 24 hours	2020-06-19 22:47:00
162.243.142.16	attack	Port scan denied	2020-06-17 14:11:54
162.243.142.219	attack	nginx/IPasHostname/a4a6f	2020-06-17 13:19:25
162.243.142.6	attackspam	Unauthorized connection attempt IP: 162.243.142.6 Ports affected IMAP over TLS protocol (993) Abuse Confidence rating 100% Found in DNSBL('s) ASN Details AS14061 DIGITALOCEAN-ASN United States (US) CIDR 162.243.0.0/16 Log Date: 15/06/2020 2:07:10 PM UTC	2020-06-15 22:30:26
162.243.142.200	attackspam	162.243.142.200 - - - [11/Jun/2020:07:01:57 +0200] "GET /portal/redlion HTTP/1.1" 404 162 "-" "Mozilla/5.0 zgrab/0.x" "-" "-"	2020-06-11 18:02:00
162.243.142.143	attack	" "	2020-06-11 16:00:27
162.243.142.64	attackspambots	TCP (SYN) 162.243.142.64:45035 -> port 1527, len 44	2020-06-10 17:18:17

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 162.243.142.140
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6104
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;162.243.142.140.		IN	A

;; AUTHORITY SECTION:
.			587	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020042902 1800 900 604800 86400

;; Query time: 113 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Apr 30 04:28:43 CST 2020
;; MSG SIZE  rcvd: 119

Host info

140.142.243.162.in-addr.arpa domain name pointer zg-0428c-516.stretchoid.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
140.142.243.162.in-addr.arpa	name = zg-0428c-516.stretchoid.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
116.196.124.159	attack	$f2bV_matches	2020-07-06 17:21:46
159.203.176.82	attack	WordPress login Brute force / Web App Attack on client site.	2020-07-06 17:41:54
200.233.163.65	attackspambots	Jul 6 05:45:06 inter-technics sshd[24860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.233.163.65 user=root Jul 6 05:45:07 inter-technics sshd[24860]: Failed password for root from 200.233.163.65 port 60104 ssh2 Jul 6 05:48:59 inter-technics sshd[25049]: Invalid user tomcat from 200.233.163.65 port 57206 Jul 6 05:48:59 inter-technics sshd[25049]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.233.163.65 Jul 6 05:48:59 inter-technics sshd[25049]: Invalid user tomcat from 200.233.163.65 port 57206 Jul 6 05:49:02 inter-technics sshd[25049]: Failed password for invalid user tomcat from 200.233.163.65 port 57206 ssh2 ...	2020-07-06 17:03:45
52.169.204.119	attackbotsspam	Jul 6 06:29:55 lnxded64 sshd[31416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.169.204.119	2020-07-06 18:09:59
35.195.238.142	attack	SSH Brute-Force reported by Fail2Ban	2020-07-06 16:57:50
106.12.90.29	attackspambots	SSH Honeypot -> SSH Bruteforce / Login	2020-07-06 17:45:14
47.115.54.160	attackspambots	[Mon Jul 06 10:49:55.130807 2020] [:error] [pid 8347:tid 140335179863808] [client 47.115.54.160:60702] [client 47.115.54.160] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "python-requests" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "147"] [id "913101"] [msg "Found User-Agent associated with scripting/generic HTTP client"] [data "Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.23.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scripting"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/SCRIPTING"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/"] [unique_id "XwKfYyP1VR3su@ShYTtSiAAAAkk"] ...	2020-07-06 17:29:36
79.106.1.104	attackbots	Unauthorized connection attempt detected from IP address 79.106.1.104 to port 23	2020-07-06 17:07:59
223.31.73.106	attack	Fail2Ban Ban Triggered	2020-07-06 18:10:57
138.197.171.149	attackspam	Jul 6 11:56:20 dev0-dcde-rnet sshd[17548]: Failed password for root from 138.197.171.149 port 53302 ssh2 Jul 6 11:59:35 dev0-dcde-rnet sshd[17580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.197.171.149 Jul 6 11:59:37 dev0-dcde-rnet sshd[17580]: Failed password for invalid user newuser from 138.197.171.149 port 51508 ssh2	2020-07-06 18:02:55
68.183.77.157	attack	Jul 6 07:31:33 ssh2 sshd[59545]: User root from skaerbaek.minlandsby.dk not allowed because not listed in AllowUsers Jul 6 07:31:33 ssh2 sshd[59545]: Failed password for invalid user root from 68.183.77.157 port 34462 ssh2 Jul 6 07:31:33 ssh2 sshd[59545]: Connection closed by invalid user root 68.183.77.157 port 34462 [preauth] ...	2020-07-06 18:01:20
115.77.235.104	attackbotsspam	" "	2020-07-06 18:03:29
120.6.197.132	attack	20/7/6@02:23:50: FAIL: Alarm-Telnet address from=120.6.197.132 20/7/6@02:23:50: FAIL: Alarm-Telnet address from=120.6.197.132 ...	2020-07-06 17:04:54
206.104.215.45	attackbots	Hits on port : 23	2020-07-06 17:59:17
182.76.104.78	attackspam	TCP (SYN) 182.76.104.78:54278 -> port 2323, len 44	2020-07-06 17:04:19

Recently Reported IPs

40.137.130.181	206.189.147.137	95.24.21.33	223.15.165.155
217.61.108.147	117.86.12.76	155.245.145.49	222.64.16.152
104.154.146.25	90.157.12.84	93.85.95.205	218.58.151.170
102.5.16.220	185.244.39.112	180.249.181.123	5.141.195.214
190.96.118.83	46.101.221.199	211.213.198.139	196.29.168.94