66.42.52.214 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Choopa LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	[Aegis] @ 2019-07-26 05:30:25 0100 -> Attempted Administrator Privilege Gain: ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack	2020-04-29 20:22:51
attack	2019-08-16T17:50:03.932960abusebot-7.cloudsearch.cf sshd\[26708\]: Invalid user system from 66.42.52.214 port 59328	2019-08-17 01:54:13
attackbotsspam	Aug 2 05:45:54 raspberrypi sshd\[2123\]: Invalid user dropbox from 66.42.52.214 port 58892 Aug 2 05:45:54 raspberrypi sshd\[2123\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.42.52.214 Aug 2 05:45:56 raspberrypi sshd\[2123\]: Failed password for invalid user dropbox from 66.42.52.214 port 58892 ssh2 Aug 2 05:50:44 raspberrypi sshd\[2132\]: Invalid user gnuworld from 66.42.52.214 port 52236 Aug 2 05:50:45 raspberrypi sshd\[2132\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.42.52.214 ...	2019-08-02 12:46:55

Type

Details

Datetime

attackbots

[Aegis] @ 2019-07-26 05:30:25  0100 -> Attempted Administrator Privilege Gain: ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack

2020-04-29 20:22:51

attack

2019-08-16T17:50:03.932960abusebot-7.cloudsearch.cf sshd\[26708\]: Invalid user system from 66.42.52.214 port 59328

2019-08-17 01:54:13

attackbotsspam

Aug  2 05:45:54 raspberrypi sshd\[2123\]: Invalid user dropbox from 66.42.52.214 port 58892
Aug  2 05:45:54 raspberrypi sshd\[2123\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.42.52.214
Aug  2 05:45:56 raspberrypi sshd\[2123\]: Failed password for invalid user dropbox from 66.42.52.214 port 58892 ssh2
Aug  2 05:50:44 raspberrypi sshd\[2132\]: Invalid user gnuworld from 66.42.52.214 port 52236
Aug  2 05:50:45 raspberrypi sshd\[2132\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.42.52.214
...

2019-08-02 12:46:55

Comments on same subnet:

IP	Type	Details	Datetime
66.42.52.160	attackspam	Automatic report - XMLRPC Attack	2020-04-22 19:05:09
66.42.52.160	attackspambots	ENG,WP GET /wp-login.php	2020-04-22 03:58:45
66.42.52.9	attack	Registration form abuse	2020-02-21 03:05:27

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 66.42.52.214
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 32915
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;66.42.52.214.			IN	A

;; AUTHORITY SECTION:
.			1739	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019080101 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Aug 02 12:46:47 CST 2019
;; MSG SIZE  rcvd: 116

Host info

214.52.42.66.in-addr.arpa domain name pointer 66.42.52.214.vultr.com.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
214.52.42.66.in-addr.arpa	name = 66.42.52.214.vultr.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
37.58.109.117	attackspambots	Oct 31 14:49:51 meumeu sshd[22296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.58.109.117 Oct 31 14:49:53 meumeu sshd[22296]: Failed password for invalid user thomas from 37.58.109.117 port 44959 ssh2 Oct 31 14:50:05 meumeu sshd[22338]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.58.109.117 ...	2019-10-31 22:00:58
120.131.13.186	attackbots	Invalid user aldric from 120.131.13.186 port 31186 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.131.13.186 Failed password for invalid user aldric from 120.131.13.186 port 31186 ssh2 Invalid user vfb from 120.131.13.186 port 5472 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.131.13.186	2019-10-31 22:26:58
62.90.235.90	attackspam	Invalid user gk from 62.90.235.90 port 50900	2019-10-31 21:43:53
104.24.114.254	attackbotsspam	HTTP 503 XSS Attempt	2019-10-31 22:13:53
78.128.113.120	attack	Oct 31 14:43:39 s1 postfix/submission/smtpd\[30871\]: warning: unknown\[78.128.113.120\]: SASL PLAIN authentication failed: Oct 31 14:43:46 s1 postfix/submission/smtpd\[30638\]: warning: unknown\[78.128.113.120\]: SASL PLAIN authentication failed: Oct 31 14:44:44 s1 postfix/submission/smtpd\[30871\]: warning: unknown\[78.128.113.120\]: SASL PLAIN authentication failed: Oct 31 14:44:51 s1 postfix/submission/smtpd\[30638\]: warning: unknown\[78.128.113.120\]: SASL PLAIN authentication failed: Oct 31 14:45:11 s1 postfix/submission/smtpd\[30871\]: warning: unknown\[78.128.113.120\]: SASL PLAIN authentication failed: Oct 31 14:45:18 s1 postfix/submission/smtpd\[30638\]: warning: unknown\[78.128.113.120\]: SASL PLAIN authentication failed: Oct 31 14:45:34 s1 postfix/submission/smtpd\[30871\]: warning: unknown\[78.128.113.120\]: SASL PLAIN authentication failed: Oct 31 14:45:41 s1 postfix/submission/smtpd\[30638\]: warning: unknown\[78.128.113.120\]: SASL PLAIN authentication failed: Oct 31 14:45:42 s1 postfix/submi	2019-10-31 21:49:14
103.48.193.25	attack	Automatic report - Banned IP Access	2019-10-31 21:53:18
222.186.175.217	attack	Oct 27 15:43:33 mail sshd[14953]: Failed password for root from 222.186.175.217 port 38676 ssh2 Oct 27 15:43:37 mail sshd[14953]: Failed password for root from 222.186.175.217 port 38676 ssh2 Oct 27 15:43:42 mail sshd[14953]: Failed password for root from 222.186.175.217 port 38676 ssh2 Oct 27 15:43:46 mail sshd[14953]: Failed password for root from 222.186.175.217 port 38676 ssh2	2019-10-31 21:55:30
154.51.144.48	attackbots	Oct 31 15:00:40 markkoudstaal sshd[25222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.51.144.48 Oct 31 15:00:43 markkoudstaal sshd[25222]: Failed password for invalid user nvidiapass from 154.51.144.48 port 42964 ssh2 Oct 31 15:05:03 markkoudstaal sshd[25657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=154.51.144.48	2019-10-31 22:08:45
51.79.141.195	attackbots	Automatic report - Web App Attack	2019-10-31 22:15:20
185.232.67.6	attackbotsspam	Oct 31 14:43:51 dedicated sshd[17588]: Invalid user admin from 185.232.67.6 port 37979	2019-10-31 22:23:39
60.168.128.2	attackbotsspam	Oct 31 03:33:16 web1 sshd\[20131\]: Invalid user looking from 60.168.128.2 Oct 31 03:33:16 web1 sshd\[20131\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.168.128.2 Oct 31 03:33:19 web1 sshd\[20131\]: Failed password for invalid user looking from 60.168.128.2 port 43918 ssh2 Oct 31 03:38:39 web1 sshd\[20568\]: Invalid user sugon from 60.168.128.2 Oct 31 03:38:39 web1 sshd\[20568\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.168.128.2	2019-10-31 21:44:55
157.245.14.4	attack	Automatic report - Banned IP Access	2019-10-31 22:24:40
167.71.186.103	attackbots	Automatic report - Web App Attack	2019-10-31 22:24:07
109.202.117.99	attack	10/31/2019-08:08:51.593546 109.202.117.99 Protocol: 6 ET SCAN Potential SSH Scan	2019-10-31 21:40:36
67.222.142.37	attack	HTTP 503 XSS Attempt	2019-10-31 21:46:37

Recently Reported IPs

2604:a880:0:1010::22e:c001	107.158.217.196	118.24.246.208	1.183.72.221
155.94.221.163	49.83.33.122	187.37.1.171	179.108.244.133
197.98.180.107	34.219.156.194	89.224.214.171	137.135.90.103
138.122.37.189	137.135.88.106	118.25.80.127	188.246.236.122
77.42.79.94	187.1.28.108	217.61.6.112	192.71.55.33