192.74.254.239

Basic Info

City: San Jose

Region: California

Country: United States

Internet Service Provider: Peg Tech Inc.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	11/06/2019-05:56:28.128296 192.74.254.239 Protocol: 6 ET SCAN Suspicious inbound to MSSQL port 1433	2019-11-06 14:13:50

Comments on same subnet:

IP	Type	Details	Datetime
192.74.254.121	attackbotsspam	[portscan] tcp/1433 [MsSQL] *(RWIN=1024)(11190859)	2019-11-19 19:21:50
192.74.254.164	attack	Jul 26 10:40:17 toyboy sshd[13498]: Did not receive identification string from 192.74.254.164 Jul 26 10:40:18 toyboy sshd[13499]: Did not receive identification string from 192.74.254.164 Jul 26 10:40:18 toyboy sshd[13500]: Did not receive identification string from 192.74.254.164 Jul 26 10:40:34 toyboy sshd[13505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.74.254.164 user=r.r Jul 26 10:40:34 toyboy sshd[13501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.74.254.164 user=r.r Jul 26 10:40:35 toyboy sshd[13503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.74.254.164 user=r.r Jul 26 10:40:36 toyboy sshd[13503]: Failed password for r.r from 192.74.254.164 port 36013 ssh2 Jul 26 10:40:36 toyboy sshd[13503]: error: Received disconnect from 192.74.254.164: 3: com.jcraft.jsch.JSchException: Auth fail [preauth] Jul 26 10:40:37 toybo........ -------------------------------	2019-07-27 02:10:08

Type

Details

Datetime

192.74.254.121

attackbotsspam

[portscan] tcp/1433 [MsSQL]
*(RWIN=1024)(11190859)

2019-11-19 19:21:50

192.74.254.164

attack

Jul 26 10:40:17 toyboy sshd[13498]: Did not receive identification string from 192.74.254.164
Jul 26 10:40:18 toyboy sshd[13499]: Did not receive identification string from 192.74.254.164
Jul 26 10:40:18 toyboy sshd[13500]: Did not receive identification string from 192.74.254.164
Jul 26 10:40:34 toyboy sshd[13505]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.74.254.164  user=r.r
Jul 26 10:40:34 toyboy sshd[13501]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.74.254.164  user=r.r
Jul 26 10:40:35 toyboy sshd[13503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.74.254.164  user=r.r
Jul 26 10:40:36 toyboy sshd[13503]: Failed password for r.r from 192.74.254.164 port 36013 ssh2
Jul 26 10:40:36 toyboy sshd[13503]: error: Received disconnect from 192.74.254.164: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]
Jul 26 10:40:37 toybo........
-------------------------------

2019-07-27 02:10:08

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 192.74.254.239
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10397
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;192.74.254.239.			IN	A

;; AUTHORITY SECTION:
.			373	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019110501 1800 900 604800 86400

;; Query time: 121 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Nov 06 14:13:45 CST 2019
;; MSG SIZE  rcvd: 118

Host info

239.254.74.192.in-addr.arpa has no PTR record

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
*** Can't find 239.254.74.192.in-addr.arpa.: No answer

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
185.156.73.54	attackbotsspam	12/25/2019-01:29:56.115761 185.156.73.54 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-12-25 14:54:40
162.243.99.164	attackspambots	Dec 25 08:00:41 markkoudstaal sshd[8975]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.243.99.164 Dec 25 08:00:43 markkoudstaal sshd[8975]: Failed password for invalid user MELSEC from 162.243.99.164 port 40762 ssh2 Dec 25 08:03:45 markkoudstaal sshd[9205]: Failed password for root from 162.243.99.164 port 56496 ssh2	2019-12-25 15:08:16
61.190.171.144	attackspambots	Dec 25 02:58:52 vps46666688 sshd[30807]: Failed password for root from 61.190.171.144 port 2399 ssh2 ...	2019-12-25 14:22:14
94.179.145.173	attackspam	2019-12-25T01:20:06.213642xentho-1 sshd[185095]: Invalid user passwd5555 from 94.179.145.173 port 47040 2019-12-25T01:20:06.230185xentho-1 sshd[185095]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.179.145.173 2019-12-25T01:20:06.213642xentho-1 sshd[185095]: Invalid user passwd5555 from 94.179.145.173 port 47040 2019-12-25T01:20:08.235909xentho-1 sshd[185095]: Failed password for invalid user passwd5555 from 94.179.145.173 port 47040 ssh2 2019-12-25T01:22:30.118208xentho-1 sshd[185121]: Invalid user garric from 94.179.145.173 port 42658 2019-12-25T01:22:30.125855xentho-1 sshd[185121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.179.145.173 2019-12-25T01:22:30.118208xentho-1 sshd[185121]: Invalid user garric from 94.179.145.173 port 42658 2019-12-25T01:22:32.231163xentho-1 sshd[185121]: Failed password for invalid user garric from 94.179.145.173 port 42658 ssh2 2019-12-25T01:24:51.527338xentho-1 ...	2019-12-25 14:59:13
66.220.155.154	attack	Dec 25 07:29:57 grey postfix/smtpd\[29518\]: NOQUEUE: reject: RCPT from 66-220-155-154.mail-mail.facebook.com\[66.220.155.154\]: 554 5.7.1 Service unavailable\; Client host \[66.220.155.154\] blocked using ix.dnsbl.manitu.net\; Your e-mail service was detected by mail.ixlab.de \(NiX Spam\) as spamming at Tue, 24 Dec 2019 21:08:03 +0100. Your admin should visit http://www.dnsbl.manitu.net/lookup.php\?value=66.220.155.154\; from=\ to=\ proto=ESMTP helo=\<66-220-155-154.mail-mail.facebook.com\> ...	2019-12-25 14:53:11
51.83.46.16	attack	Dec 25 07:29:31 vpn01 sshd[11155]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.46.16 Dec 25 07:29:33 vpn01 sshd[11155]: Failed password for invalid user mysql from 51.83.46.16 port 50524 ssh2 ...	2019-12-25 15:11:08
104.236.176.175	attackbots	Invalid user Hockey from 104.236.176.175 port 40179	2019-12-25 14:28:36
89.122.208.9	attackbots	Automatic report - Port Scan Attack	2019-12-25 14:22:54
202.83.57.115	attack	Host Scan	2019-12-25 15:04:23
192.138.210.121	attack	Dec 25 07:11:07 ns382633 sshd\[20747\]: Invalid user siebke from 192.138.210.121 port 55082 Dec 25 07:11:07 ns382633 sshd\[20747\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.138.210.121 Dec 25 07:11:08 ns382633 sshd\[20747\]: Failed password for invalid user siebke from 192.138.210.121 port 55082 ssh2 Dec 25 07:30:13 ns382633 sshd\[23974\]: Invalid user ambroos from 192.138.210.121 port 54150 Dec 25 07:30:13 ns382633 sshd\[23974\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.138.210.121	2019-12-25 14:42:08
113.162.84.44	attack	Unauthorized connection attempt from IP address 113.162.84.44 on Port 445(SMB)	2019-12-25 14:49:50
14.231.136.152	attackspambots	failed_logins	2019-12-25 15:07:05
129.28.57.8	attackbotsspam	Dec 25 08:46:29 pkdns2 sshd\[4382\]: Invalid user staff from 129.28.57.8Dec 25 08:46:31 pkdns2 sshd\[4382\]: Failed password for invalid user staff from 129.28.57.8 port 60458 ssh2Dec 25 08:50:19 pkdns2 sshd\[4583\]: Invalid user rtest from 129.28.57.8Dec 25 08:50:21 pkdns2 sshd\[4583\]: Failed password for invalid user rtest from 129.28.57.8 port 46263 ssh2Dec 25 08:54:13 pkdns2 sshd\[4730\]: Invalid user jennyd from 129.28.57.8Dec 25 08:54:14 pkdns2 sshd\[4730\]: Failed password for invalid user jennyd from 129.28.57.8 port 60313 ssh2 ...	2019-12-25 15:02:10
165.227.225.195	attackspam	SSH Brute Force	2019-12-25 14:28:04
112.170.72.170	attackbotsspam	"SSH brute force auth login attempt."	2019-12-25 14:45:22

Recently Reported IPs

42.237.27.23	109.129.239.230	45.82.34.146	185.85.189.13
212.227.17.5	36.91.31.21	49.49.245.132	124.248.166.216
222.65.104.23	47.18.210.5	96.8.116.171	91.21.227.221
192.241.181.33	180.118.18.0	111.230.45.252	151.41.132.8
156.220.19.43	136.169.224.48	209.182.245.148	156.216.1.106