192.241.195.42

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Scanning random ports - tries to find possible vulnerable services	2020-02-24 09:15:04
attackspambots	Unauthorised access (Feb 22) SRC=192.241.195.42 LEN=40 TTL=237 ID=54321 TCP DPT=139 WINDOW=65535 SYN	2020-02-22 21:50:10
attackbots	firewall-block, port(s): 3128/tcp	2020-02-22 13:33:54

Comments on same subnet:

IP	Type	Details	Datetime
192.241.195.28	attackproxy	Bad IP	2024-05-23 13:01:33
192.241.195.30	attack	192.241.195.30 - - [05/Oct/2020:10:39:37 +0100] "POST /wp-login.php HTTP/1.1" 200 2252 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.241.195.30 - - [05/Oct/2020:10:39:41 +0100] "POST /wp-login.php HTTP/1.1" 200 2231 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.241.195.30 - - [05/Oct/2020:10:39:45 +0100] "POST /wp-login.php HTTP/1.1" 200 2183 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-06 04:40:00
192.241.195.30	attackspambots	192.241.195.30 - - [05/Oct/2020:10:39:37 +0100] "POST /wp-login.php HTTP/1.1" 200 2252 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.241.195.30 - - [05/Oct/2020:10:39:41 +0100] "POST /wp-login.php HTTP/1.1" 200 2231 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.241.195.30 - - [05/Oct/2020:10:39:45 +0100] "POST /wp-login.php HTTP/1.1" 200 2183 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-05 20:42:28
192.241.195.30	attackspambots	192.241.195.30 - - [05/Oct/2020:02:52:14 +0100] "POST /wp-login.php HTTP/1.1" 200 2339 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.241.195.30 - - [05/Oct/2020:02:52:15 +0100] "POST /wp-login.php HTTP/1.1" 200 2320 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.241.195.30 - - [05/Oct/2020:02:52:16 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-05 12:31:40
192.241.195.30	attack	192.241.195.30 - - [25/Sep/2020:00:47:04 +0100] "POST /wp-login.php HTTP/1.1" 200 2591 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.241.195.30 - - [25/Sep/2020:00:47:05 +0100] "POST /wp-login.php HTTP/1.1" 200 2528 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.241.195.30 - - [25/Sep/2020:00:47:06 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-25 10:29:45
192.241.195.30	attack	192.241.195.30 - - [23/Sep/2020:09:24:44 +0200] "GET /wp-login.php HTTP/1.1" 200 8558 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.241.195.30 - - [23/Sep/2020:09:24:47 +0200] "POST /wp-login.php HTTP/1.1" 200 8809 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.241.195.30 - - [23/Sep/2020:09:24:48 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-23 16:27:41
192.241.195.30	attack	192.241.195.30 - - [23/Sep/2020:01:35:15 +0200] "GET /wp-login.php HTTP/1.1" 200 9061 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.241.195.30 - - [23/Sep/2020:01:35:18 +0200] "POST /wp-login.php HTTP/1.1" 200 9378 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.241.195.30 - - [23/Sep/2020:01:35:19 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-23 08:24:47
192.241.195.130	attack	trying to access non-authorized port	2020-06-28 18:22:44
192.241.195.168	attackspam	Unauthorized connection attempt from IP address 192.241.195.168	2020-03-27 18:10:27
192.241.195.220	attackbots	Scanning random ports - tries to find possible vulnerable services	2020-03-02 08:32:59
192.241.195.37	attack	NAME : DIGITALOCEAN-6 CIDR : 192.241.128.0/17 \| EMAIL - SPAM {Looking for resource vulnerabilities} DDoS Attack USA - New York - block certain countries :) IP: 192.241.195.37 Denial-of-Service Attack (DoS) Detected and Blocked by ADMIN - data recovery https://help-dysk.pl	2019-07-22 11:40:49
192.241.195.37	attackbotsspam	Portscan or hack attempt detected by psad/fwsnort	2019-07-19 16:36:29
192.241.195.37	attackbotsspam	Web application attack detected by fail2ban	2019-07-05 01:34:45

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 192.241.195.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6862
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;192.241.195.42.			IN	A

;; AUTHORITY SECTION:
.			600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020022101 1800 900 604800 86400

;; Query time: 50 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Feb 22 13:33:50 CST 2020
;; MSG SIZE  rcvd: 118

Host info

42.195.241.192.in-addr.arpa domain name pointer zg0213a-1.stretchoid.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
42.195.241.192.in-addr.arpa	name = zg0213a-1.stretchoid.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
95.84.240.62	attackbots	Aug 25 04:43:39 ws22vmsma01 sshd[8801]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.84.240.62 Aug 25 04:43:42 ws22vmsma01 sshd[8801]: Failed password for invalid user top from 95.84.240.62 port 52754 ssh2 ...	2020-08-25 17:08:50
198.46.202.11	attack	Unauthorized connection attempt detected from IP address 198.46.202.11 to port 23 [T]	2020-08-25 17:23:38
185.202.0.117	attack	RDP Bruteforce	2020-08-25 16:58:06
191.92.124.82	attackspambots	failed root login	2020-08-25 17:14:08
222.76.203.58	attackbots	2020-08-25T06:51:49.291486abusebot-4.cloudsearch.cf sshd[1328]: Invalid user yangzhengwu from 222.76.203.58 port 2189 2020-08-25T06:51:49.296879abusebot-4.cloudsearch.cf sshd[1328]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.76.203.58 2020-08-25T06:51:49.291486abusebot-4.cloudsearch.cf sshd[1328]: Invalid user yangzhengwu from 222.76.203.58 port 2189 2020-08-25T06:51:51.723125abusebot-4.cloudsearch.cf sshd[1328]: Failed password for invalid user yangzhengwu from 222.76.203.58 port 2189 ssh2 2020-08-25T06:56:54.328519abusebot-4.cloudsearch.cf sshd[1457]: Invalid user team from 222.76.203.58 port 2190 2020-08-25T06:56:54.334053abusebot-4.cloudsearch.cf sshd[1457]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.76.203.58 2020-08-25T06:56:54.328519abusebot-4.cloudsearch.cf sshd[1457]: Invalid user team from 222.76.203.58 port 2190 2020-08-25T06:56:56.298558abusebot-4.cloudsearch.cf sshd[1457]: Fai ...	2020-08-25 17:07:55
104.27.157.6	attack	Sending out spam emails from IP 2001:41d0:1004:20d9:0:0:0:0 (ovh. net) Advertising that they are selling hacked dating account as well as compromised SMTP servers, shells, cpanel accounts and other illegal activity. For OVH report via their form as well as email https://www.ovh.com/world/abuse/ And send the complaint to abuse@ovh.net noc@ovh.net OVH.NET are pure scumbags and allow their customers to spam and ignore abuse complaints these guys are the worst of the worst! Pure scumbags! Now the spammer's websites are located at http://toolsbase.ws IP: 104.27.156.6, 104.27.157.6, 172.67.222.105 (cloudflare.com) For Cloudflare report via their form at https://www.cloudflare.com/abuse/ and noc@cloudflare.com and abuse@cloudflare.com	2020-08-25 16:53:06
112.21.191.54	attack	Bruteforce detected by fail2ban	2020-08-25 17:08:26
175.24.18.86	attackspam	Banned for a week because repeated abuses, for example SSH, but not only	2020-08-25 17:22:24
40.83.77.83	attackspambots	k+ssh-bruteforce	2020-08-25 17:06:28
91.134.248.230	attackspambots	91.134.248.230 - - [25/Aug/2020:08:20:47 +0100] "POST /wp-login.php HTTP/1.1" 200 2415 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 91.134.248.230 - - [25/Aug/2020:08:20:48 +0100] "POST /wp-login.php HTTP/1.1" 200 2341 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 91.134.248.230 - - [25/Aug/2020:08:20:48 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-25 16:51:25
122.51.51.244	attackbots	$f2bV_matches	2020-08-25 17:26:21
91.121.205.83	attack	ssh brute force	2020-08-25 16:59:56
51.254.222.185	attackbotsspam	$f2bV_matches	2020-08-25 16:56:46
206.189.190.27	attackspambots	>20 unauthorized SSH connections	2020-08-25 17:28:04
45.224.158.246	attackbotsspam	Brute force attempt	2020-08-25 17:26:58

Recently Reported IPs

171.234.1.11	106.12.157.243	160.32.113.223	45.76.21.48
148.144.143.54	220.242.2.81	51.244.194.121	146.169.8.11
131.73.6.210	203.34.117.130	83.37.149.251	77.219.135.230
41.221.76.111	14.239.26.10	209.169.151.199	103.91.85.149
202.230.137.69	68.147.92.142	5.95.78.253	183.3.221.229