City: Des Moines
Region: Iowa
Country: United States
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2026, American Registry for Internet Numbers, Ltd.
#
NetRange: 20.33.0.0 - 20.128.255.255
CIDR: 20.128.0.0/16, 20.36.0.0/14, 20.40.0.0/13, 20.48.0.0/12, 20.34.0.0/15, 20.64.0.0/10, 20.33.0.0/16
NetName: MSFT
NetHandle: NET-20-33-0-0-1
Parent: NET20 (NET-20-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Microsoft Corporation (MSFT)
RegDate: 2017-10-18
Updated: 2021-12-14
Ref: https://rdap.arin.net/registry/ip/20.33.0.0
OrgName: Microsoft Corporation
OrgId: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
RegDate: 1998-07-10
Updated: 2025-06-10
Comment: To report suspected security issues specific to traffic emanating from Microsoft online services, including the distribution of malicious content or other illicit or illegal material through a Microsoft online service, please submit reports to:
Comment: * https://cert.microsoft.com.
Comment:
Comment: For SPAM and other abuse issues, such as Microsoft Accounts, please contact:
Comment: * abuse@microsoft.com.
Comment:
Comment: To report security vulnerabilities in Microsoft products and services, please contact:
Comment: * secure@microsoft.com.
Comment:
Comment: For legal and law enforcement-related requests, please contact:
Comment: * msndcc@microsoft.com
Comment:
Comment: For routing, peering or DNS issues, please
Comment: contact:
Comment: * IOC@microsoft.com
Ref: https://rdap.arin.net/registry/entity/MSFT
OrgTechHandle: BEDAR6-ARIN
OrgTechName: Bedard, Dawn
OrgTechPhone: +1-425-538-6637
OrgTechEmail: dabedard@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/BEDAR6-ARIN
OrgRoutingHandle: CHATU3-ARIN
OrgRoutingName: Chaturmohta, Somesh
OrgRoutingPhone: +1-425-882-8080
OrgRoutingEmail: someshch@microsoft.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/CHATU3-ARIN
OrgTechHandle: SINGH683-ARIN
OrgTechName: Singh, Prachi
OrgTechPhone: +1-425-707-5601
OrgTechEmail: pracsin@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/SINGH683-ARIN
OrgTechHandle: IPHOS5-ARIN
OrgTechName: IPHostmaster, IPHostmaster
OrgTechPhone: +1-425-538-6637
OrgTechEmail: iphostmaster@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/IPHOS5-ARIN
OrgAbuseHandle: MAC74-ARIN
OrgAbuseName: Microsoft Abuse Contact
OrgAbusePhone: +1-425-882-8080
OrgAbuseEmail: abuse@microsoft.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/MAC74-ARIN
OrgTechHandle: MRPD-ARIN
OrgTechName: Microsoft Routing, Peering, and DNS
OrgTechPhone: +1-425-882-8080
OrgTechEmail: IOC@microsoft.com
OrgTechRef: https://rdap.arin.net/registry/entity/MRPD-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2026, American Registry for Internet Numbers, Ltd.
#
; <<>> DiG 9.10.3-P4-Ubuntu <<>> 20.46.235.137
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52466
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;20.46.235.137. IN A
;; AUTHORITY SECTION:
. 30 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2026070202 1800 900 604800 86400
;; Query time: 8 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Jul 03 11:00:42 CST 2026
;; MSG SIZE rcvd: 106
137.235.46.20.in-addr.arpa domain name pointer azpdcstmfq80.stretchoid.com.
Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
137.235.46.20.in-addr.arpa name = azpdcstmfq80.stretchoid.com.
Authoritative answers can be found from:
| IP | Type | Details | Datetime |
|---|---|---|---|
| 150.107.176.130 | attack | Jun 22 01:57:02 firewall sshd[5622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.107.176.130 Jun 22 01:57:02 firewall sshd[5622]: Invalid user rachel from 150.107.176.130 Jun 22 01:57:04 firewall sshd[5622]: Failed password for invalid user rachel from 150.107.176.130 port 48122 ssh2 ... |
2020-06-22 13:19:18 |
| 129.226.184.94 | attackspam | 129.226.184.94 - - [22/Jun/2020:04:55:07 +0100] "POST /wp-login.php HTTP/1.1" 200 2345 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 129.226.184.94 - - [22/Jun/2020:04:55:10 +0100] "POST /wp-login.php HTTP/1.1" 200 2329 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 129.226.184.94 - - [22/Jun/2020:04:55:11 +0100] "POST /xmlrpc.php HTTP/1.1" 200 247 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ... |
2020-06-22 12:42:51 |
| 51.254.141.10 | attackspam | Jun 22 04:25:20 pbkit sshd[192235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.254.141.10 user=root Jun 22 04:25:22 pbkit sshd[192235]: Failed password for root from 51.254.141.10 port 45386 ssh2 Jun 22 04:31:50 pbkit sshd[192424]: Invalid user yong from 51.254.141.10 port 45516 ... |
2020-06-22 12:42:23 |
| 111.12.60.50 | attack | Port probing on unauthorized port 14584 |
2020-06-22 12:48:34 |
| 150.95.138.39 | attack | 2020-06-22T03:52:00.669109shield sshd\[30711\]: Invalid user testuser1 from 150.95.138.39 port 41570 2020-06-22T03:52:00.672905shield sshd\[30711\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=v150-95-138-39.a083.g.tyo1.static.cnode.io 2020-06-22T03:52:02.852981shield sshd\[30711\]: Failed password for invalid user testuser1 from 150.95.138.39 port 41570 ssh2 2020-06-22T03:54:29.793128shield sshd\[30915\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=v150-95-138-39.a083.g.tyo1.static.cnode.io user=root 2020-06-22T03:54:32.433511shield sshd\[30915\]: Failed password for root from 150.95.138.39 port 52432 ssh2 |
2020-06-22 13:24:36 |
| 27.150.22.44 | attackbotsspam | Jun 22 07:07:28 vps647732 sshd[17883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.150.22.44 Jun 22 07:07:30 vps647732 sshd[17883]: Failed password for invalid user harvey from 27.150.22.44 port 50740 ssh2 ... |
2020-06-22 13:18:17 |
| 192.99.149.195 | attackspambots | 192.99.149.195 - - [22/Jun/2020:05:55:01 +0200] "GET /wp-login.php HTTP/1.1" 200 6060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [22/Jun/2020:05:55:02 +0200] "POST /wp-login.php HTTP/1.1" 200 6311 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [22/Jun/2020:05:55:03 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" |
2020-06-22 12:51:44 |
| 3.9.175.209 | attackbotsspam | Jun 22 06:33:43 fhem-rasp sshd[29750]: Connection closed by 3.9.175.209 port 34186 [preauth] ... |
2020-06-22 12:45:56 |
| 209.126.124.203 | attackbotsspam | ssh brute force |
2020-06-22 13:07:13 |
| 2604:a880:400:d0::12f0:2001 | attack | xmlrpc attack |
2020-06-22 13:27:48 |
| 2.58.228.192 | attack | Jun 22 00:39:43 Tower sshd[4741]: Connection from 2.58.228.192 port 38904 on 192.168.10.220 port 22 rdomain "" Jun 22 00:39:46 Tower sshd[4741]: Invalid user administrator from 2.58.228.192 port 38904 Jun 22 00:39:46 Tower sshd[4741]: error: Could not get shadow information for NOUSER Jun 22 00:39:46 Tower sshd[4741]: Failed password for invalid user administrator from 2.58.228.192 port 38904 ssh2 Jun 22 00:39:46 Tower sshd[4741]: Received disconnect from 2.58.228.192 port 38904:11: Bye Bye [preauth] Jun 22 00:39:46 Tower sshd[4741]: Disconnected from invalid user administrator 2.58.228.192 port 38904 [preauth] |
2020-06-22 12:43:26 |
| 44.231.240.245 | attack | $f2bV_matches |
2020-06-22 13:26:58 |
| 68.69.167.149 | attack | *Port Scan* detected from 68.69.167.149 (US/United States/Utah/Springville/68-69-167-149.utopia.xmission.net). 4 hits in the last 30 seconds |
2020-06-22 12:44:52 |
| 187.150.30.199 | attack | Jun 22 13:38:05 web1 sshd[31421]: Invalid user leo from 187.150.30.199 port 57148 Jun 22 13:38:05 web1 sshd[31421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.150.30.199 Jun 22 13:38:05 web1 sshd[31421]: Invalid user leo from 187.150.30.199 port 57148 Jun 22 13:38:08 web1 sshd[31421]: Failed password for invalid user leo from 187.150.30.199 port 57148 ssh2 Jun 22 13:51:28 web1 sshd[2407]: Invalid user rohit from 187.150.30.199 port 43822 Jun 22 13:51:28 web1 sshd[2407]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.150.30.199 Jun 22 13:51:28 web1 sshd[2407]: Invalid user rohit from 187.150.30.199 port 43822 Jun 22 13:51:30 web1 sshd[2407]: Failed password for invalid user rohit from 187.150.30.199 port 43822 ssh2 Jun 22 13:55:01 web1 sshd[3278]: Invalid user nvidia from 187.150.30.199 port 45136 ... |
2020-06-22 12:55:18 |
| 103.194.88.162 | attack | Port probing on unauthorized port 445 |
2020-06-22 12:44:21 |