220.142.20.119

Basic Info

City: unknown

Region: unknown

Country: Republic of China (ROC)

Internet Service Provider: Chunghwa Telecom Co. Ltd.

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Jul 13 10:15:27 localhost kernel: [14271520.347129] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=220.142.20.119 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=40283 PROTO=TCP SPT=41106 DPT=37215 WINDOW=39085 RES=0x00 SYN URGP=0 Jul 13 10:15:27 localhost kernel: [14271520.347153] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=220.142.20.119 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=40283 PROTO=TCP SPT=41106 DPT=37215 SEQ=758669438 ACK=0 WINDOW=39085 RES=0x00 SYN URGP=0 Jul 13 11:09:57 localhost kernel: [14274791.126063] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=220.142.20.119 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=59554 PROTO=TCP SPT=41106 DPT=37215 WINDOW=39085 RES=0x00 SYN URGP=0 Jul 13 11:09:57 localhost kernel: [14274791.126090] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=220.142.20.119 DST=[mungedIP2] LEN=40 TOS	2019-07-14 04:26:44

Type

Details

Datetime

attack

Jul 13 10:15:27 localhost kernel: [14271520.347129] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=220.142.20.119 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=40283 PROTO=TCP SPT=41106 DPT=37215 WINDOW=39085 RES=0x00 SYN URGP=0 
Jul 13 10:15:27 localhost kernel: [14271520.347153] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=220.142.20.119 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=40283 PROTO=TCP SPT=41106 DPT=37215 SEQ=758669438 ACK=0 WINDOW=39085 RES=0x00 SYN URGP=0 
Jul 13 11:09:57 localhost kernel: [14274791.126063] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=220.142.20.119 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=59554 PROTO=TCP SPT=41106 DPT=37215 WINDOW=39085 RES=0x00 SYN URGP=0 
Jul 13 11:09:57 localhost kernel: [14274791.126090] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=220.142.20.119 DST=[mungedIP2] LEN=40 TOS

2019-07-14 04:26:44

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 220.142.20.119
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61639
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;220.142.20.119.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019071301 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sun Jul 14 04:26:39 CST 2019
;; MSG SIZE  rcvd: 118

Host info

119.20.142.220.in-addr.arpa domain name pointer 220-142-20-119.dynamic-ip.hinet.net.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
119.20.142.220.in-addr.arpa	name = 220-142-20-119.dynamic-ip.hinet.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
192.35.168.224	attackbots	TCP (SYN) 192.35.168.224:59296 -> port 12120, len 44	2020-09-29 13:06:39
42.194.142.143	attackbotsspam	SSH Brute-Forcing (server2)	2020-09-29 13:07:42
206.189.41.221	attackbots	[TueSep2902:55:56.5669092020][:error][pid19597:tid47081091880704][client206.189.41.221:64945][client206.189.41.221]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"$\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\\|passwd\\|group$\\|www_\?acl\)\\|global\\\\\\\\.asa\\|httpd\\\\\\\\.conf\\|boot\\\\\\\\.ini\\|web.config\)\\\\\\\\b\\|$\\|\^\\|\\\\\\\\.\\\\\\\\.$/etc/\\|/\\\\\\\\.$\?:history\\|bash_history\\|sh_history\\|env$\$\)"atREQUEST_FILENAME.[file"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf"][line"211"][id"390709"][rev"30"][msg"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely"][data"/.env"][severity"CRITICAL"][hostname"136.243.224.50"][uri"/.env"][unique_id"X3KGHOs4W6HPiHytMjoaPwAAAMg"]\,referer:https://www.google.com/[TueSep2902:55:57.7687982020][:error][pid19637:tid47081108690688][client206.189.41.221:65014][client206.189.41.221]ModSecurity:Accessdeniedwithcode403$phase2$.Matchof"rx\^0\$"against"REQUEST_HEADERS:Content-Length"required.[file"/etc/apache2/conf.d/	2020-09-29 13:10:30
152.136.212.175	attackspam	Sep 28 21:36:50 mockhub sshd[143770]: Invalid user game from 152.136.212.175 port 54718 Sep 28 21:36:52 mockhub sshd[143770]: Failed password for invalid user game from 152.136.212.175 port 54718 ssh2 Sep 28 21:38:57 mockhub sshd[143819]: Invalid user usrlib from 152.136.212.175 port 53244 ...	2020-09-29 12:46:34
125.43.18.132	attackspambots	Port Scan detected! ...	2020-09-29 13:12:06
122.51.201.158	attackspambots	Sep 29 01:59:47 email sshd\[9217\]: Invalid user vps from 122.51.201.158 Sep 29 01:59:47 email sshd\[9217\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.201.158 Sep 29 01:59:49 email sshd\[9217\]: Failed password for invalid user vps from 122.51.201.158 port 35194 ssh2 Sep 29 02:04:37 email sshd\[10038\]: Invalid user nagios from 122.51.201.158 Sep 29 02:04:37 email sshd\[10038\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.51.201.158 ...	2020-09-29 12:37:02
185.153.196.226	attackspambots	REQUESTED PAGE: /.git/config	2020-09-29 12:46:16
85.209.0.101	attackspam	Sep 28 16:47:24 hidden sshd[44872]: Failed password for hidden from 85.209.0.101 port 64772 ssh2 Sep 29 03:44:06 hidden sshd[1447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.209.0.101 user=root Sep 29 03:44:08 hidden sshd[1447]: Failed password for hidden from 85.209.0.101 port 6180 ssh2	2020-09-29 12:35:02
200.95.170.65	attackbots	Sep 28 17:40:41 shivevps sshd[8997]: Invalid user guest from 200.95.170.65 port 24932 Sep 28 17:40:41 shivevps sshd[8997]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.95.170.65 Sep 28 17:40:44 shivevps sshd[8997]: Failed password for invalid user guest from 200.95.170.65 port 24932 ssh2 ...	2020-09-29 12:40:40
49.88.112.110	attack	Sep 29 06:33:53 v22018053744266470 sshd[7706]: Failed password for root from 49.88.112.110 port 52860 ssh2 Sep 29 06:34:42 v22018053744266470 sshd[7761]: Failed password for root from 49.88.112.110 port 16201 ssh2 ...	2020-09-29 12:38:46
88.230.26.130	attackspam	ang 88.230.26.130 [29/Sep/2020:03:38:41 "-" "POST /wp-login.php 500 514 88.230.26.130 [29/Sep/2020:03:38:42 "-" "GET /wp-login.php 500 514 88.230.26.130 [29/Sep/2020:03:39:04 "-" "GET /wp-login.php 500 514	2020-09-29 12:40:15
38.121.43.37	spamattack	This person hacked my Snapchat account and is using this IP address	2020-09-29 12:55:57
195.22.148.76	attack	firewall-block, port(s): 44/tcp, 80/tcp, 5060/tcp	2020-09-29 13:02:20
217.14.211.216	attack	Sep 28 21:42:53 NPSTNNYC01T sshd[23648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.14.211.216 Sep 28 21:42:55 NPSTNNYC01T sshd[23648]: Failed password for invalid user applmgr from 217.14.211.216 port 40612 ssh2 Sep 28 21:46:55 NPSTNNYC01T sshd[24068]: Failed password for root from 217.14.211.216 port 50726 ssh2 ...	2020-09-29 13:03:14
162.142.125.75	attack	TCP (SYN) 162.142.125.75:27201 -> port 8101, len 44	2020-09-29 13:11:23

Recently Reported IPs

114.40.116.116	103.139.77.23	104.211.229.29	42.116.170.40
41.158.0.194	139.247.194.194	113.23.110.198	118.88.19.190
190.129.39.114	95.55.203.252	182.61.167.65	89.64.3.40
113.173.43.17	192.168.6.41	179.180.92.245	77.30.224.195
212.96.178.166	179.5.130.94	84.212.241.205	185.159.32.4