104.42.27.187 - IPInfo

基本信息:

城市(city): San Jose

省份(region): California

国家(country): United States

运营商(isp): Microsoft Corporation

主机名(hostname): unknown

机构(organization): Microsoft Corporation

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Nov 2 05:44:10 unicornsoft sshd\[30631\]: User root from 104.42.27.187 not allowed because not listed in AllowUsers Nov 2 05:44:10 unicornsoft sshd\[30631\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.27.187 user=root Nov 2 05:44:12 unicornsoft sshd\[30631\]: Failed password for invalid user root from 104.42.27.187 port 26560 ssh2	2019-11-02 16:43:12
attack	2019-10-30 13:06:20,337 fail2ban.actions \[1897\]: NOTICE \[ssh\] Ban 104.42.27.187 2019-10-30 13:27:54,342 fail2ban.actions \[1897\]: NOTICE \[ssh\] Ban 104.42.27.187 2019-10-30 13:45:44,284 fail2ban.actions \[1897\]: NOTICE \[ssh\] Ban 104.42.27.187 2019-10-30 14:03:37,791 fail2ban.actions \[1897\]: NOTICE \[ssh\] Ban 104.42.27.187 2019-10-30 14:21:16,437 fail2ban.actions \[1897\]: NOTICE \[ssh\] Ban 104.42.27.187 2019-10-30 13:06:20,337 fail2ban.actions \[1897\]: NOTICE \[ssh\] Ban 104.42.27.187 2019-10-30 13:27:54,342 fail2ban.actions \[1897\]: NOTICE \[ssh\] Ban 104.42.27.187 2019-10-30 13:45:44,284 fail2ban.actions \[1897\]: NOTICE \[ssh\] Ban 104.42.27.187 2019-10-30 14:03:37,791 fail2ban.actions \[1897\]: NOTICE \[ssh\] Ban 104.42.27.187 2019-10-30 14:21:16,437 fail2ban.actions \[1897\]: NOTICE \[ssh\] Ban 104.42.27.187 2019-10-30 13:06:20,337 fail2ban.actions \[1897\]: NOTICE \[ssh\] Ban 104.42.27.187 2019-10-30 1	2019-11-01 04:13:14
attackspam	firewall-block, port(s): 23/tcp	2019-10-29 21:25:18
attackbotsspam	Oct 8 12:36:32 microserver sshd[10984]: Invalid user asdf@123456 from 104.42.27.187 port 10816 Oct 8 12:36:32 microserver sshd[10984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.27.187 Oct 8 12:36:33 microserver sshd[10984]: Failed password for invalid user asdf@123456 from 104.42.27.187 port 10816 ssh2 Oct 8 12:41:56 microserver sshd[11635]: Invalid user Puzzle2017 from 104.42.27.187 port 64640 Oct 8 12:41:56 microserver sshd[11635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.27.187 Oct 8 12:52:30 microserver sshd[12974]: Invalid user ROOT@2016 from 104.42.27.187 port 39488 Oct 8 12:52:30 microserver sshd[12974]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.27.187 Oct 8 12:52:32 microserver sshd[12974]: Failed password for invalid user ROOT@2016 from 104.42.27.187 port 39488 ssh2 Oct 8 12:57:13 microserver sshd[13614]: Invalid user %TGB6yhn&UJM fro	2019-10-09 01:55:17
attackspambots	Automatic report - Banned IP Access	2019-10-05 07:15:37
attackspambots	Automatic report - SSH Brute-Force Attack	2019-10-01 15:31:26
attackbotsspam	Sep 26 19:15:41 aiointranet sshd\[10621\]: Invalid user cretu from 104.42.27.187 Sep 26 19:15:41 aiointranet sshd\[10621\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.27.187 Sep 26 19:15:43 aiointranet sshd\[10621\]: Failed password for invalid user cretu from 104.42.27.187 port 10368 ssh2 Sep 26 19:20:55 aiointranet sshd\[11020\]: Invalid user scrappy from 104.42.27.187 Sep 26 19:20:55 aiointranet sshd\[11020\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.27.187	2019-09-27 17:54:29
attackspam	Sep 26 12:29:40 aiointranet sshd\[6715\]: Invalid user zj from 104.42.27.187 Sep 26 12:29:40 aiointranet sshd\[6715\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.27.187 Sep 26 12:29:42 aiointranet sshd\[6715\]: Failed password for invalid user zj from 104.42.27.187 port 10368 ssh2 Sep 26 12:34:25 aiointranet sshd\[7313\]: Invalid user vonno from 104.42.27.187 Sep 26 12:34:25 aiointranet sshd\[7313\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.27.187	2019-09-27 06:48:51
attack	Sep 17 07:45:42 yabzik sshd[24346]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.27.187 Sep 17 07:45:44 yabzik sshd[24346]: Failed password for invalid user silvio from 104.42.27.187 port 1920 ssh2 Sep 17 07:49:55 yabzik sshd[25467]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.27.187	2019-09-17 12:50:43
attack	Sep 15 15:11:26 mail sshd[28779]: Invalid user webuser from 104.42.27.187 Sep 15 15:11:26 mail sshd[28779]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.27.187 Sep 15 15:11:26 mail sshd[28779]: Invalid user webuser from 104.42.27.187 Sep 15 15:11:27 mail sshd[28779]: Failed password for invalid user webuser from 104.42.27.187 port 1920 ssh2 Sep 15 15:23:16 mail sshd[14460]: Invalid user fk from 104.42.27.187 ...	2019-09-15 22:13:22
attack	Sep 13 21:32:07 vps691689 sshd[20492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.27.187 Sep 13 21:32:09 vps691689 sshd[20492]: Failed password for invalid user mysql2 from 104.42.27.187 port 48696 ssh2 ...	2019-09-14 03:48:00
attackspam	Sep 8 22:39:32 kapalua sshd\[21278\]: Invalid user admin from 104.42.27.187 Sep 8 22:39:32 kapalua sshd\[21278\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.27.187 Sep 8 22:39:34 kapalua sshd\[21278\]: Failed password for invalid user admin from 104.42.27.187 port 1408 ssh2 Sep 8 22:46:39 kapalua sshd\[21960\]: Invalid user server from 104.42.27.187 Sep 8 22:46:39 kapalua sshd\[21960\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.27.187	2019-09-09 16:47:04
attackspam	Sep 7 14:21:06 hpm sshd\[27072\]: Invalid user ftp_user from 104.42.27.187 Sep 7 14:21:06 hpm sshd\[27072\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.27.187 Sep 7 14:21:09 hpm sshd\[27072\]: Failed password for invalid user ftp_user from 104.42.27.187 port 1408 ssh2 Sep 7 14:26:11 hpm sshd\[27478\]: Invalid user steam from 104.42.27.187 Sep 7 14:26:11 hpm sshd\[27478\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.27.187	2019-09-08 08:40:18
attack	Aug 13 10:00:58 localhost sshd\[30174\]: Invalid user angie from 104.42.27.187 Aug 13 10:00:58 localhost sshd\[30174\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.27.187 Aug 13 10:01:00 localhost sshd\[30174\]: Failed password for invalid user angie from 104.42.27.187 port 1600 ssh2 Aug 13 10:06:20 localhost sshd\[30628\]: Invalid user b from 104.42.27.187 Aug 13 10:06:20 localhost sshd\[30628\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.42.27.187 ...	2019-08-13 18:48:53
attack	Honeypot attack, port: 23, PTR: PTR record not found	2019-08-12 07:57:11
attack	Aug 2 14:05:53 XXX sshd[60056]: Invalid user tj from 104.42.27.187 port 1600	2019-08-03 01:56:21

相同子网IP讨论:

IP	类型	评论内容	时间
104.42.27.250	attackbotsspam	$f2bV_matches	2019-09-30 02:23:35
104.42.27.250	attackbotsspam	ET EXPLOIT Linksys E-Series Device RCE Attempt Outbound	2019-07-23 04:04:33

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.42.27.187
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28886
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.42.27.187.			IN	A

;; AUTHORITY SECTION:
.			2597	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019080200 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Aug 03 01:56:11 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

Host 187.27.42.104.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 187.27.42.104.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
23.129.64.151	attack	$f2bV_matches	2019-12-02 02:39:35
180.66.207.67	attackspambots	$f2bV_matches	2019-12-02 02:32:20
115.159.203.90	attackspambots	Unauthorised access (Dec 1) SRC=115.159.203.90 LEN=40 TTL=48 ID=60583 TCP DPT=8080 WINDOW=7155 SYN	2019-12-02 03:08:50
86.122.148.228	attackbots	Automatic report - Port Scan Attack	2019-12-02 02:55:16
185.143.223.79	attack	Dec 1 18:58:11 TCP Attack: SRC=185.143.223.79 DST=[Masked] LEN=40 TOS=0x08 PREC=0x20 TTL=241 PROTO=TCP SPT=8080 DPT=65053 WINDOW=1024 RES=0x00 SYN URGP=0	2019-12-02 03:05:45
182.184.44.6	attackspam	2019-12-01T11:55:12.1836081495-001 sshd\[8252\]: Failed password for invalid user iy from 182.184.44.6 port 58564 ssh2 2019-12-01T12:56:25.9833791495-001 sshd\[10537\]: Invalid user P@55WORD22 from 182.184.44.6 port 57946 2019-12-01T12:56:25.9870011495-001 sshd\[10537\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.184.44.6 2019-12-01T12:56:27.3512751495-001 sshd\[10537\]: Failed password for invalid user P@55WORD22 from 182.184.44.6 port 57946 ssh2 2019-12-01T13:00:28.8688591495-001 sshd\[10680\]: Invalid user adine from 182.184.44.6 port 33208 2019-12-01T13:00:28.8721781495-001 sshd\[10680\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.184.44.6 ...	2019-12-02 02:37:48
51.158.97.13	attack	Dec 1 08:47:18 nimbus postfix/postscreen[18099]: CONNECT from [51.158.97.13]:39098 to [192.168.14.12]:25 Dec 1 08:47:24 nimbus postfix/postscreen[18099]: PASS NEW [51.158.97.13]:39098 Dec 1 08:47:24 nimbus postfix/smtpd[19681]: warning: hostname 13-97-158-51.rev.cloud.scaleway.com does not resolve to address 51.158.97.13: Name or service not known Dec 1 08:47:24 nimbus postfix/smtpd[19681]: connect from unknown[51.158.97.13] Dec 1 08:47:25 nimbus policyd-spf[19716]: Permerror; identhostnamey=helo; client-ip=51.158.97.13; helo=zafraanic.tk; envelope-from=x@x Dec 1 08:47:25 nimbus policyd-spf[19716]: Permerror; identhostnamey=mailfrom; client-ip=51.158.97.13; helo=zafraanic.tk; envelope-from=x@x Dec 1 08:47:25 nimbus sqlgrey: grey: new: 51.158.97.13(51.158.97.13), x@x -> x@x Dec x@x Dec 1 08:47:25 nimbus postfix/smtpd[19681]: disconnect from unknown[51.158.97.13] Dec 1 09:02:51 nimbus postfix/postscreen[18099]: CONNECT from [51.158.97.13]:52387 to [192.168.14.12]........ -------------------------------	2019-12-02 03:05:30
103.117.213.74	attack	Unauthorised access (Dec 1) SRC=103.117.213.74 LEN=48 TTL=116 ID=24003 DF TCP DPT=445 WINDOW=8192 SYN	2019-12-02 02:44:54
45.55.158.8	attack	2019-12-01T19:34:49.687011scmdmz1 sshd\[22285\]: Invalid user super from 45.55.158.8 port 45650 2019-12-01T19:34:49.689668scmdmz1 sshd\[22285\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.158.8 2019-12-01T19:34:51.019652scmdmz1 sshd\[22285\]: Failed password for invalid user super from 45.55.158.8 port 45650 ssh2 ...	2019-12-02 02:46:41
68.183.233.171	attackbots	Dec 1 22:06:00 microserver sshd[8081]: Invalid user sjokorpset from 68.183.233.171 port 45226 Dec 1 22:06:00 microserver sshd[8081]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.233.171 Dec 1 22:06:02 microserver sshd[8081]: Failed password for invalid user sjokorpset from 68.183.233.171 port 45226 ssh2 Dec 1 22:09:18 microserver sshd[8256]: Invalid user margaud from 68.183.233.171 port 53548 Dec 1 22:09:18 microserver sshd[8256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.233.171 Dec 1 22:21:56 microserver sshd[10294]: Invalid user guest from 68.183.233.171 port 52526 Dec 1 22:21:56 microserver sshd[10294]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.233.171 Dec 1 22:21:58 microserver sshd[10294]: Failed password for invalid user guest from 68.183.233.171 port 52526 ssh2 Dec 1 22:25:23 microserver sshd[10881]: Invalid user ronghee from 68.183.233.17	2019-12-02 03:03:50
59.115.58.237	attackbotsspam	Portscan or hack attempt detected by psad/fwsnort	2019-12-02 02:59:48
121.168.115.36	attackspambots	2019-12-01T15:46:23.872432abusebot.cloudsearch.cf sshd\[30372\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.168.115.36 user=smmsp	2019-12-02 02:32:37
42.118.74.176	attackbotsspam	Here more information about 42.118.74.176 info: [Vietnam] 18403 The Corporation for Financing & Promoting Technology Connected: 11 servere(s) Reason: ssh Ports: 23 Services: telnet servere: Europe/Moscow (UTC+3) Found at blocklist: abuseat.org, spfbl.net, abuseIPDB.com myIP:89.179.244.250 [2019-11-30 04:49:59] (tcp) myIP:23 <- 42.118.74.176:62934 [2019-11-30 04:54:32] (tcp) myIP:23 <- 42.118.74.176:62934 [2019-11-30 05:17:00] (tcp) myIP:23 <- 42.118.74.176:62934 [2019-11-30 05:21:57] (tcp) myIP:23 <- 42.118.74.176:62934 [2019-11-30 05:27:28] (tcp) myIP:23 <- 42.118.74.176:62934 [2019-11-30 05:34:02] (tcp) myIP:23 <- 42.118.74.176:62934 [2019-11-30 05:42:10] (tcp) myIP:23 <- 42.118.74.176:62934 [2019-11-30 05:42:57] (tcp) myIP:23 <- 42.118.74.176:62934 [2019-11-30 06:20:29] (tcp) myIP:23 <- 42.118.74.176:62934 [2019-11-30 06:52:22] (tcp) myIP:23 <- 42.118.74.176:62934 [2019-11-30 07:13:11] (tcp) myIP:23 <- 42.118.74.176:62934 ........ ----------------------------------------------- https://www.bloc	2019-12-02 02:39:20
104.248.187.179	attackbots	Dec 1 18:25:57 server sshd\[31860\]: Invalid user truslove from 104.248.187.179 port 60244 Dec 1 18:25:57 server sshd\[31860\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.187.179 Dec 1 18:25:59 server sshd\[31860\]: Failed password for invalid user truslove from 104.248.187.179 port 60244 ssh2 Dec 1 18:29:03 server sshd\[27017\]: Invalid user weidinger from 104.248.187.179 port 39256 Dec 1 18:29:03 server sshd\[27017\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.187.179	2019-12-02 03:09:32
118.25.43.243	attack	404 NOT FOUND	2019-12-02 03:02:36

最近上报的IP列表

51.180.204.41	206.229.158.106	143.136.63.108	32.42.12.192
60.193.24.70	211.145.181.160	50.174.14.117	38.180.220.63
248.199.216.213	226.104.20.168	9.197.218.62	228.52.57.179
220.181.108.100	83.178.83.209	25.133.126.197	39.166.65.95
220.181.108.77	12.136.213.67	2804:18:7c:8052:7c19:32aa:d044:8488	251.76.127.215