80.211.239.42 - IPInfo

Basic Info

City: Arezzo

Region: Tuscany

Country: Italy

Internet Service Provider: Aruba S.p.A. - Cloud Services Farm

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	Automatic report - XMLRPC Attack	2019-10-30 03:20:51

Comments on same subnet:

IP	Type	Details	Datetime
80.211.239.49	attackspambots	Aug 17 15:37:02 vm0 sshd[21545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.239.49 Aug 17 15:37:03 vm0 sshd[21545]: Failed password for invalid user jht from 80.211.239.49 port 53392 ssh2 ...	2020-08-18 00:37:13
80.211.239.49	attackspam	Aug 11 13:51:19 rush sshd[15507]: Failed password for root from 80.211.239.49 port 56800 ssh2 Aug 11 13:53:32 rush sshd[15563]: Failed password for root from 80.211.239.49 port 57742 ssh2 ...	2020-08-12 01:36:37
80.211.239.49	attackspambots	Aug 1 23:28:46 eventyay sshd[6512]: Failed password for root from 80.211.239.49 port 35896 ssh2 Aug 1 23:30:46 eventyay sshd[6608]: Failed password for root from 80.211.239.49 port 34938 ssh2 ...	2020-08-02 05:51:06
80.211.239.49	attack	Jul 14 17:29:40 vps46666688 sshd[16490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.239.49 Jul 14 17:29:42 vps46666688 sshd[16490]: Failed password for invalid user uftp from 80.211.239.49 port 56282 ssh2 ...	2020-07-15 05:30:57
80.211.239.49	attack	Jul 12 07:47:28 PorscheCustomer sshd[19963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.239.49 Jul 12 07:47:30 PorscheCustomer sshd[19963]: Failed password for invalid user fisher from 80.211.239.49 port 36276 ssh2 Jul 12 07:51:21 PorscheCustomer sshd[20069]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.239.49 ...	2020-07-12 17:15:29
80.211.239.242	attackbots	Hits on port : 22	2020-04-05 08:43:53
80.211.239.110	attackbots	Dec 6 18:17:42 mecmail postfix/smtpd[7348]: NOQUEUE: reject: RCPT from fj90.leadsbrz2.com[80.211.239.110]: 554 5.7.1 Service unavailable; Client host [80.211.239.110] blocked using dnsbl.spfbl.net; https://matrix.spfbl.net/80.211.239.110; from= to= proto=ESMTP helo= Dec 6 18:20:12 mecmail postfix/smtpd[21394]: NOQUEUE: reject: RCPT from fj90.leadsbrz2.com[80.211.239.110]: 554 5.7.1 Service unavailable; Client host [80.211.239.110] blocked using dnsbl.spfbl.net; https://matrix.spfbl.net/80.211.239.110; from= to= proto=ESMTP helo= Dec 6 19:24:07 mecmail postfix/smtpd[7266]: NOQUEUE: reject: RCPT from fj90.leadsbrz2.com[80.211.239.110]: 554 5.7.1 Service unavailable; Client host [80.211.239.110] blocked using dnsbl.spfbl.net; https://matrix.spfbl.net/80.211.239.110; from= to=	2019-12-07 18:40:45
80.211.239.102	attack	Sep 28 07:57:53 sshgateway sshd\[24631\]: Invalid user ftpprod from 80.211.239.102 Sep 28 07:57:53 sshgateway sshd\[24631\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.239.102 Sep 28 07:57:55 sshgateway sshd\[24631\]: Failed password for invalid user ftpprod from 80.211.239.102 port 46936 ssh2	2019-09-28 17:40:47
80.211.239.102	attackspam	Sep 27 12:06:39 mail sshd\[2739\]: Failed password for invalid user xxx from 80.211.239.102 port 41456 ssh2 Sep 27 12:10:53 mail sshd\[3403\]: Invalid user jm from 80.211.239.102 port 53708 Sep 27 12:10:53 mail sshd\[3403\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.239.102 Sep 27 12:10:55 mail sshd\[3403\]: Failed password for invalid user jm from 80.211.239.102 port 53708 ssh2 Sep 27 12:15:04 mail sshd\[4065\]: Invalid user reis from 80.211.239.102 port 37730	2019-09-27 18:53:17
80.211.239.102	attack	Sep 22 11:02:56 ny01 sshd[4910]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.239.102 Sep 22 11:02:57 ny01 sshd[4910]: Failed password for invalid user jayesh. from 80.211.239.102 port 57502 ssh2 Sep 22 11:07:22 ny01 sshd[5663]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.239.102	2019-09-22 23:21:57
80.211.239.102	attackspam	Sep 11 22:42:58 legacy sshd[28649]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.239.102 Sep 11 22:43:00 legacy sshd[28649]: Failed password for invalid user server from 80.211.239.102 port 48584 ssh2 Sep 11 22:49:11 legacy sshd[28806]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.239.102 ...	2019-09-12 05:04:15
80.211.239.102	attackbotsspam	Sep 10 19:23:30 ny01 sshd[18983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.239.102 Sep 10 19:23:32 ny01 sshd[18983]: Failed password for invalid user 1 from 80.211.239.102 port 54028 ssh2 Sep 10 19:29:34 ny01 sshd[20553]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.239.102	2019-09-11 11:51:12
80.211.239.102	attackbotsspam	Aug 29 15:16:45 lcprod sshd\[26534\]: Invalid user nagios from 80.211.239.102 Aug 29 15:16:45 lcprod sshd\[26534\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.239.102 Aug 29 15:16:47 lcprod sshd\[26534\]: Failed password for invalid user nagios from 80.211.239.102 port 45966 ssh2 Aug 29 15:20:53 lcprod sshd\[26927\]: Invalid user honey from 80.211.239.102 Aug 29 15:20:53 lcprod sshd\[26927\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.239.102	2019-08-30 11:30:55
80.211.239.102	attack	Jul 30 14:03:01 server sshd\[19159\]: Invalid user www from 80.211.239.102 Jul 30 14:03:01 server sshd\[19159\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.239.102 Jul 30 14:03:03 server sshd\[19159\]: Failed password for invalid user www from 80.211.239.102 port 34186 ssh2 ...	2019-08-21 17:52:27
80.211.239.102	attackspam	Aug 8 14:52:29 cac1d2 sshd\[8073\]: Invalid user musikbot from 80.211.239.102 port 42218 Aug 8 14:52:29 cac1d2 sshd\[8073\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.239.102 Aug 8 14:52:31 cac1d2 sshd\[8073\]: Failed password for invalid user musikbot from 80.211.239.102 port 42218 ssh2 ...	2019-08-09 08:26:37

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 80.211.239.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1778
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;80.211.239.42.			IN	A

;; AUTHORITY SECTION:
.			418	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019102901 1800 900 604800 86400

;; Query time: 110 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Oct 30 03:20:48 CST 2019
;; MSG SIZE  rcvd: 117

Host info

42.239.211.80.in-addr.arpa domain name pointer host42-239-211-80.serverdedicati.aruba.it.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
42.239.211.80.in-addr.arpa	name = host42-239-211-80.serverdedicati.aruba.it.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
167.128.84.234	attack	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/167.128.84.234/ US - 1H : (165) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : US NAME ASN : ASN25899 IP : 167.128.84.234 CIDR : 167.128.0.0/16 PREFIX COUNT : 55 UNIQUE IP COUNT : 83456 ATTACKS DETECTED ASN25899 : 1H - 1 3H - 1 6H - 1 12H - 1 24H - 1 DateTime : 2019-11-19 07:26:25 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-11-19 16:40:52
130.61.61.147	attack	130.61.61.147 - - [19/Nov/2019:07:13:51 +0100] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 404 226 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"	2019-11-19 16:21:16
93.50.130.115	attackbotsspam	93.50.130.115 was recorded 5 times by 1 hosts attempting to connect to the following ports: 23. Incident counter (4h, 24h, all-time): 5, 5, 5	2019-11-19 16:23:18
92.63.194.95	attackspambots	Automatic report - Port Scan	2019-11-19 16:44:32
102.141.114.28	attackspam	php WP PHPmyadamin ABUSE blocked for 12h	2019-11-19 16:22:31
207.148.92.154	attackbotsspam	Automatic report - XMLRPC Attack	2019-11-19 16:29:09
5.198.130.19	attackbots	php WP PHPmyadamin ABUSE blocked for 12h	2019-11-19 16:18:41
222.186.180.223	attackspam	Nov 19 09:45:18 MK-Soft-Root1 sshd[12835]: Failed password for root from 222.186.180.223 port 17778 ssh2 Nov 19 09:45:22 MK-Soft-Root1 sshd[12835]: Failed password for root from 222.186.180.223 port 17778 ssh2 ...	2019-11-19 16:52:20
45.55.47.149	attack	Nov 19 07:48:52 124388 sshd[13533]: Invalid user hank from 45.55.47.149 port 36055 Nov 19 07:48:52 124388 sshd[13533]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.47.149 Nov 19 07:48:52 124388 sshd[13533]: Invalid user hank from 45.55.47.149 port 36055 Nov 19 07:48:54 124388 sshd[13533]: Failed password for invalid user hank from 45.55.47.149 port 36055 ssh2 Nov 19 07:53:50 124388 sshd[13547]: Invalid user syncg from 45.55.47.149 port 54566	2019-11-19 16:39:22
92.118.38.55	attackbots	Nov 19 08:38:47 heicom postfix/smtpd\[10724\]: warning: unknown\[92.118.38.55\]: SASL LOGIN authentication failed: authentication failure Nov 19 08:39:23 heicom postfix/smtpd\[10724\]: warning: unknown\[92.118.38.55\]: SASL LOGIN authentication failed: authentication failure Nov 19 08:39:59 heicom postfix/smtpd\[10724\]: warning: unknown\[92.118.38.55\]: SASL LOGIN authentication failed: authentication failure Nov 19 08:40:35 heicom postfix/smtpd\[9904\]: warning: unknown\[92.118.38.55\]: SASL LOGIN authentication failed: authentication failure Nov 19 08:41:11 heicom postfix/smtpd\[10724\]: warning: unknown\[92.118.38.55\]: SASL LOGIN authentication failed: authentication failure ...	2019-11-19 16:43:03
138.68.247.104	attackspambots	[Tue Nov 19 05:52:32.892620 2019] [:error] [pid 64127] [client 138.68.247.104:61000] [client 138.68.247.104] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ws24vmsma01.ufn.edu.br"] [uri "/"] [unique_id "XdOtUJkLc2ov4Xuep0hqgAAAAAY"] ...	2019-11-19 16:57:19
116.113.44.82	attackspambots	Automatic report - Banned IP Access	2019-11-19 16:52:51
179.191.65.122	attackbotsspam	Nov 19 08:30:46 mout sshd[32389]: Invalid user com from 179.191.65.122 port 15294	2019-11-19 16:19:02
51.89.57.123	attackbotsspam	Nov 19 02:42:17 server sshd\[10178\]: Failed password for invalid user admin from 51.89.57.123 port 43674 ssh2 Nov 19 11:01:08 server sshd\[6324\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip123.ip-51-89-57.eu user=root Nov 19 11:01:10 server sshd\[6324\]: Failed password for root from 51.89.57.123 port 37554 ssh2 Nov 19 11:08:47 server sshd\[7979\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip123.ip-51-89-57.eu user=root Nov 19 11:08:49 server sshd\[7979\]: Failed password for root from 51.89.57.123 port 36728 ssh2 ...	2019-11-19 16:24:21
160.16.111.215	attackspambots	Nov 18 15:01:54 mx01 sshd[14546]: Invalid user vacation from 160.16.111.215 Nov 18 15:01:57 mx01 sshd[14546]: Failed password for invalid user vacation from 160.16.111.215 port 36223 ssh2 Nov 18 15:01:57 mx01 sshd[14546]: Received disconnect from 160.16.111.215: 11: Bye Bye [preauth] Nov 18 15:21:27 mx01 sshd[16178]: Invalid user raventhiran from 160.16.111.215 Nov 18 15:21:29 mx01 sshd[16178]: Failed password for invalid user raventhiran from 160.16.111.215 port 38166 ssh2 Nov 18 15:21:30 mx01 sshd[16178]: Received disconnect from 160.16.111.215: 11: Bye Bye [preauth] Nov 18 15:26:39 mx01 sshd[16772]: Invalid user rokhostnamea from 160.16.111.215 Nov 18 15:26:41 mx01 sshd[16772]: Failed password for invalid user rokhostnamea from 160.16.111.215 port 57556 ssh2 Nov 18 15:26:41 mx01 sshd[16772]: Received disconnect from 160.16.111.215: 11: Bye Bye [preauth] Nov 18 15:30:33 mx01 sshd[17153]: Invalid user test from 160.16.111.215 Nov 18 15:30:34 mx01 sshd[17153]: Failed pa........ -------------------------------	2019-11-19 16:27:09

Recently Reported IPs

27.144.165.4	194.255.97.96	68.214.214.62	31.147.77.109
216.241.8.126	193.225.155.121	5.4.212.139	241.142.17.105
64.19.247.118	45.81.233.184	164.76.156.72	156.254.11.108
20.45.235.155	46.6.41.111	39.237.100.43	163.127.24.13
244.224.241.140	125.67.233.100	187.103.146.249	80.246.220.64