185.239.242.99

Basic Info

City: unknown

Region: unknown

Country: Netherlands

Internet Service Provider: Legaco Networks B.V.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	(smtpauth) Failed SMTP AUTH login from 185.239.242.99 (US/United States/scl-00100.mails--servers.org): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SMTPAUTH; Logs: Sep 17 18:51:34 srv postfix/smtpd[2660]: warning: unknown[185.239.242.99]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 17 18:54:07 srv postfix/smtpd[2766]: warning: unknown[185.239.242.99]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 17 18:56:41 srv postfix/smtpd[2929]: warning: unknown[185.239.242.99]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 17 18:59:17 srv postfix/smtpd[3041]: warning: unknown[185.239.242.99]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 17 19:01:52 srv postfix/smtpd[3254]: warning: unknown[185.239.242.99]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2020-09-18 03:09:58

Type

Details

Datetime

attack

(smtpauth) Failed SMTP AUTH login from 185.239.242.99 (US/United States/scl-00100.mails--servers.org): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SMTPAUTH; Logs: Sep 17 18:51:34 srv postfix/smtpd[2660]: warning: unknown[185.239.242.99]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Sep 17 18:54:07 srv postfix/smtpd[2766]: warning: unknown[185.239.242.99]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Sep 17 18:56:41 srv postfix/smtpd[2929]: warning: unknown[185.239.242.99]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Sep 17 18:59:17 srv postfix/smtpd[3041]: warning: unknown[185.239.242.99]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Sep 17 19:01:52 srv postfix/smtpd[3254]: warning: unknown[185.239.242.99]: SASL LOGIN authentication failed: UGFzc3dvcmQ6

2020-09-18 03:09:58

Comments on same subnet:

IP	Type	Details	Datetime
185.239.242.82	spamattack	185.239.242.82 Soul-Mate -Soulmate@savagehut.us- Want to Meet Your Soulmate? Sun, 11 Apr 2021 18:59:10 NetRange: 31.210.22.0 - 31.210.23.255 NetRange: 185.239.242.0 - 185.239.242.255 netname: SERVER-185-239-242-0 country: NL other connected messages 31.210.22.81 ReverseMortgageQuiz -ReverseMortgageQuiz@probiotic.guru- Take this quiz to see if you qualify for a reverse mortgage Sat, 10 Apr 2021 185.239.242.73 Divine Locks Method -DivineLocksMethod@heaterwood.buzz- Divine Locks Method for revitalizing your thick, full and youthful hair. Sat, 10 Apr 2021	2021-04-12 06:10:47
185.239.242.239	attackbotsspam	UDP 185.239.242.239:48705 -> port 30120, len 39	2020-10-12 01:42:19
185.239.242.239	attackbotsspam	UDP 185.239.242.239:48705 -> port 30120, len 39	2020-10-11 17:33:33
185.239.242.201	attackspam	[f2b] sshd bruteforce, retries: 1	2020-10-11 03:54:30
185.239.242.201	attackbotsspam	Oct 8 21:15:40 hidden sshd[12272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.239.242.201 Oct 8 21:15:42 hidden sshd[12272]: Failed password for invalid user admin from 185.239.242.201 port 57930 ssh2 Oct 8 21:15:43 hidden sshd[12272]: error: Received disconnect from 185.239.242.201 port 57930:3: com.jcraft.jsch.JSchException: Auth fail [preauth]	2020-10-10 19:48:57
185.239.242.142	attack	Failed password for invalid user from 185.239.242.142 port 44234 ssh2	2020-10-10 05:45:44
185.239.242.142	attackspambots	Icarus honeypot on github	2020-10-09 21:51:54
185.239.242.142	attack	2020-10-09T05:26:57.093615randservbullet-proofcloud-66.localdomain sshd[20689]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.239.242.142 user=root 2020-10-09T05:26:58.828198randservbullet-proofcloud-66.localdomain sshd[20689]: Failed password for root from 185.239.242.142 port 52700 ssh2 2020-10-09T05:26:59.056587randservbullet-proofcloud-66.localdomain sshd[20692]: Invalid user admin from 185.239.242.142 port 55192 ...	2020-10-09 13:41:27
185.239.242.212	attackspambots	TCP (SYN) 185.239.242.212:33427 -> port 22, len 44	2020-10-07 06:18:38
185.239.242.212	attackbotsspam	Oct 6 15:34:49 OPSO sshd\[24976\]: Invalid user ubnt from 185.239.242.212 port 38526 Oct 6 15:34:49 OPSO sshd\[24976\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.239.242.212 Oct 6 15:34:51 OPSO sshd\[24976\]: Failed password for invalid user ubnt from 185.239.242.212 port 38526 ssh2 Oct 6 15:34:52 OPSO sshd\[24978\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.239.242.212 user=admin Oct 6 15:34:53 OPSO sshd\[24978\]: Failed password for admin from 185.239.242.212 port 41914 ssh2 Oct 6 15:34:54 OPSO sshd\[24980\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.239.242.212 user=root	2020-10-06 22:34:07
185.239.242.212	attackspam	2020-10-05T23:34:14.066259correo.[domain] sshd[11926]: Invalid user ubnt from 185.239.242.212 port 50478 2020-10-05T23:34:16.085448correo.[domain] sshd[11926]: Failed password for invalid user ubnt from 185.239.242.212 port 50478 ssh2 2020-10-05T23:34:17.489903correo.[domain] sshd[11939]: Invalid user admin from 185.239.242.212 port 54072 ...	2020-10-06 14:19:21
185.239.242.27	attackbotsspam	Lines containing failures of 185.239.242.27 Sep 28 02:15:19 cube sshd[2295]: Invalid user admin from 185.239.242.27 port 42810 Sep 28 02:15:19 cube sshd[2326]: Invalid user admin from 185.239.242.27 port 42858 Sep 28 02:15:19 cube sshd[2312]: Invalid user suma123 from 185.239.242.27 port 42884 Sep 28 02:15:19 cube sshd[2313]: Invalid user admin from 185.239.242.27 port 42840 Sep 28 02:15:19 cube sshd[2297]: Invalid user adsl from 185.239.242.27 port 42818 Sep 28 02:15:19 cube sshd[2291]: Invalid user ubuntu from 185.239.242.27 port 42880 Sep 28 02:15:19 cube sshd[2311]: Invalid user test from 185.239.242.27 port 42872 Sep 28 02:15:19 cube sshd[2301]: Invalid user jenkins from 185.239.242.27 port 42874 Sep 28 02:15:19 cube sshd[2327]: Invalid user superadmin from 185.239.242.27 port 42832 Sep 28 02:15:19 cube sshd[2328]: Invalid user engineer from 185.23........ ------------------------------	2020-09-29 05:05:01
185.239.242.27	attack	trying to access non-authorized port	2020-09-28 21:23:48
185.239.242.27	attackbots	TCP (SYN) 185.239.242.27:60129 -> port 22, len 44	2020-09-28 13:29:42
185.239.242.57	attackspam	k+ssh-bruteforce	2020-09-28 02:39:50

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 185.239.242.99
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44456
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;185.239.242.99.			IN	A

;; AUTHORITY SECTION:
.			599	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020091701 1800 900 604800 86400

;; Query time: 87 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Sep 18 03:09:55 CST 2020
;; MSG SIZE  rcvd: 118

Host info

99.242.239.185.in-addr.arpa domain name pointer scl-00100.mails--servers.org.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
99.242.239.185.in-addr.arpa	name = scl-00100.mails--servers.org.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
161.132.217.167	attackspambots	scan z	2019-09-08 20:20:32
170.84.147.108	attack	Automatic report - Port Scan Attack	2019-09-08 20:29:57
188.166.7.134	attackbotsspam	Sep 8 12:16:21 MK-Soft-Root1 sshd\[12582\]: Invalid user user from 188.166.7.134 port 44572 Sep 8 12:16:21 MK-Soft-Root1 sshd\[12582\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.7.134 Sep 8 12:16:23 MK-Soft-Root1 sshd\[12582\]: Failed password for invalid user user from 188.166.7.134 port 44572 ssh2 ...	2019-09-08 20:23:41
138.68.208.190	attack	26/tcp 179/tcp 2078/tcp... [2019-09-06/07]5pkt,4pt.(tcp)	2019-09-08 20:10:11
103.248.25.171	attackspam	Sep 8 12:00:10 hcbbdb sshd\[26260\]: Invalid user ts3srv from 103.248.25.171 Sep 8 12:00:10 hcbbdb sshd\[26260\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.25.171 Sep 8 12:00:12 hcbbdb sshd\[26260\]: Failed password for invalid user ts3srv from 103.248.25.171 port 34210 ssh2 Sep 8 12:05:31 hcbbdb sshd\[26789\]: Invalid user student from 103.248.25.171 Sep 8 12:05:31 hcbbdb sshd\[26789\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.248.25.171	2019-09-08 20:09:17
159.203.199.12	attack	27017/tcp 60001/tcp 2380/tcp... [2019-09-06/07]4pkt,4pt.(tcp)	2019-09-08 19:57:37
178.175.39.189	attack	TCP Port: 25 _ invalid blocked abuseat-org barracudacentral _ _ _ _ (779)	2019-09-08 20:06:07
51.83.76.36	attackspambots	Sep 8 14:08:18 core sshd[19063]: Failed password for root from 51.83.76.36 port 53458 ssh2 Sep 8 14:12:22 core sshd[23926]: Invalid user ftptest from 51.83.76.36 port 40768 ...	2019-09-08 20:17:10
197.156.190.176	attack	TCP Port: 25 _ invalid blocked abuseat-org barracudacentral _ _ _ _ (783)	2019-09-08 20:00:43
138.68.208.143	attackbotsspam	8080/tcp 161/udp [2019-09-06/07]2pkt	2019-09-08 20:15:23
123.18.31.165	attack	TCP Port: 25 _ invalid blocked dnsbl-sorbs abuseat-org _ _ _ _ (788)	2019-09-08 19:49:04
151.250.56.70	attack	TCP Port: 25 _ invalid blocked abuseat-org barracudacentral _ _ _ _ (776)	2019-09-08 20:08:52
71.31.197.137	attack	Automatic report - Port Scan Attack	2019-09-08 20:13:00
157.230.91.45	attack	SSH Bruteforce attempt	2019-09-08 19:45:13
77.65.95.194	attackspambots	TCP Port: 25 _ invalid blocked dnsbl-sorbs abuseat-org _ _ _ _ (772)	2019-09-08 20:16:52

Recently Reported IPs

188.49.48.85	71.254.135.33	58.30.69.43	116.75.231.253
189.50.119.116	211.51.126.222	125.26.228.52	116.196.83.238
61.227.136.32	41.222.210.22	14.240.127.244	89.187.175.149
83.122.157.218	185.68.78.78	171.247.188.3	167.89.100.125
36.81.199.223	36.22.232.93	213.57.46.81	175.182.188.172