117.50.104.199

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Shanghai UCloud Information Technology Company Limited

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Jun 2 05:38:12 abendstille sshd\[3674\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.104.199 user=root Jun 2 05:38:13 abendstille sshd\[3674\]: Failed password for root from 117.50.104.199 port 34082 ssh2 Jun 2 05:43:09 abendstille sshd\[8388\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.104.199 user=root Jun 2 05:43:11 abendstille sshd\[8388\]: Failed password for root from 117.50.104.199 port 58084 ssh2 Jun 2 05:48:02 abendstille sshd\[13325\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.104.199 user=root ...	2020-06-02 17:40:01
attack	(sshd) Failed SSH login from 117.50.104.199 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Jun 1 14:57:41 srv sshd[6987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.104.199 user=root Jun 1 14:57:42 srv sshd[6987]: Failed password for root from 117.50.104.199 port 55924 ssh2 Jun 1 15:04:24 srv sshd[7098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.104.199 user=root Jun 1 15:04:26 srv sshd[7098]: Failed password for root from 117.50.104.199 port 35502 ssh2 Jun 1 15:09:43 srv sshd[7242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.104.199 user=root	2020-06-01 20:34:03
attackspam	Lines containing failures of 117.50.104.199 May 30 00:16:28 shared07 sshd[30225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.104.199 user=r.r May 30 00:16:31 shared07 sshd[30225]: Failed password for r.r from 117.50.104.199 port 47712 ssh2 May 30 00:16:31 shared07 sshd[30225]: Received disconnect from 117.50.104.199 port 47712:11: Bye Bye [preauth] May 30 00:16:31 shared07 sshd[30225]: Disconnected from authenticating user r.r 117.50.104.199 port 47712 [preauth] May 30 00:43:43 shared07 sshd[8524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.104.199 user=r.r May 30 00:43:45 shared07 sshd[8524]: Failed password for r.r from 117.50.104.199 port 40452 ssh2 May 30 00:43:46 shared07 sshd[8524]: Received disconnect from 117.50.104.199 port 40452:11: Bye Bye [preauth] May 30 00:43:46 shared07 sshd[8524]: Disconnected from authenticating user r.r 117.50.104.199 port 40452 [pr........ ------------------------------	2020-05-31 12:13:23

类型

评论内容

时间

attack

Jun  2 05:38:12 abendstille sshd\[3674\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.104.199  user=root
Jun  2 05:38:13 abendstille sshd\[3674\]: Failed password for root from 117.50.104.199 port 34082 ssh2
Jun  2 05:43:09 abendstille sshd\[8388\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.104.199  user=root
Jun  2 05:43:11 abendstille sshd\[8388\]: Failed password for root from 117.50.104.199 port 58084 ssh2
Jun  2 05:48:02 abendstille sshd\[13325\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.104.199  user=root
...

2020-06-02 17:40:01

attack

(sshd) Failed SSH login from 117.50.104.199 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Jun  1 14:57:41 srv sshd[6987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.104.199  user=root
Jun  1 14:57:42 srv sshd[6987]: Failed password for root from 117.50.104.199 port 55924 ssh2
Jun  1 15:04:24 srv sshd[7098]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.104.199  user=root
Jun  1 15:04:26 srv sshd[7098]: Failed password for root from 117.50.104.199 port 35502 ssh2
Jun  1 15:09:43 srv sshd[7242]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.104.199  user=root

2020-06-01 20:34:03

attackspam

Lines containing failures of 117.50.104.199
May 30 00:16:28 shared07 sshd[30225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.104.199  user=r.r
May 30 00:16:31 shared07 sshd[30225]: Failed password for r.r from 117.50.104.199 port 47712 ssh2
May 30 00:16:31 shared07 sshd[30225]: Received disconnect from 117.50.104.199 port 47712:11: Bye Bye [preauth]
May 30 00:16:31 shared07 sshd[30225]: Disconnected from authenticating user r.r 117.50.104.199 port 47712 [preauth]
May 30 00:43:43 shared07 sshd[8524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.104.199  user=r.r
May 30 00:43:45 shared07 sshd[8524]: Failed password for r.r from 117.50.104.199 port 40452 ssh2
May 30 00:43:46 shared07 sshd[8524]: Received disconnect from 117.50.104.199 port 40452:11: Bye Bye [preauth]
May 30 00:43:46 shared07 sshd[8524]: Disconnected from authenticating user r.r 117.50.104.199 port 40452 [pr........
------------------------------

2020-05-31 12:13:23

相同子网IP讨论:

IP	类型	评论内容	时间
117.50.104.206	attackspambots	25105/tcp 25565/tcp 3260/tcp... [2020-04-22/06-19]76pkt,15pt.(tcp)	2020-06-20 05:41:00
117.50.104.206	attackspambots	TCP (SYN) 117.50.104.206:58914 -> port 3260, len 44	2020-06-05 02:25:56
117.50.104.206	attack	unauthorized connection attempt	2020-02-03 16:52:27
117.50.104.206	attackspambots	unauthorized connection attempt	2020-01-12 13:31:33
117.50.104.206	attackspam	12/18/2019-01:27:42.970293 117.50.104.206 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-12-18 18:08:39
117.50.104.206	attackbots	49/tcp 4786/tcp 4848/tcp... [2019-10-25/12-07]46pkt,13pt.(tcp)	2019-12-09 05:46:55
117.50.104.206	attackbotsspam	Port Scan	2019-10-29 22:48:07

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 117.50.104.199
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19761
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;117.50.104.199.			IN	A

;; AUTHORITY SECTION:
.			406	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020053001 1800 900 604800 86400

;; Query time: 107 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun May 31 12:13:19 CST 2020
;; MSG SIZE  rcvd: 118

HOST信息:

Host 199.104.50.117.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 199.104.50.117.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
94.191.93.34	attackbots	Aug 27 22:12:08 kapalua sshd\[32052\]: Invalid user andrew from 94.191.93.34 Aug 27 22:12:08 kapalua sshd\[32052\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.191.93.34 Aug 27 22:12:10 kapalua sshd\[32052\]: Failed password for invalid user andrew from 94.191.93.34 port 60786 ssh2 Aug 27 22:18:17 kapalua sshd\[32543\]: Invalid user admln from 94.191.93.34 Aug 27 22:18:17 kapalua sshd\[32543\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.191.93.34	2019-08-28 18:10:12
218.4.196.178	attackspambots	Aug 28 13:14:49 meumeu sshd[17828]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.4.196.178 Aug 28 13:14:51 meumeu sshd[17828]: Failed password for invalid user team from 218.4.196.178 port 44594 ssh2 Aug 28 13:20:03 meumeu sshd[18492]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.4.196.178 ...	2019-08-28 19:22:45
200.33.156.131	attackbots	2019-08-27 23:23:01 H=(200-33-156-131.fernandopolisnet.com.br) [200.33.156.131]:41552 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.4, 127.0.0.3) (https://www.spamhaus.org/sbl/query/SBLCSS) 2019-08-27 23:23:02 H=(200-33-156-131.fernandopolisnet.com.br) [200.33.156.131]:41552 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3, 127.0.0.4) (https://www.spamhaus.org/sbl/query/SBLCSS) 2019-08-27 23:23:02 H=(200-33-156-131.fernandopolisnet.com.br) [200.33.156.131]:41552 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3, 127.0.0.4) (https://www.spamhaus.org/sbl/query/SBLCSS) ...	2019-08-28 18:11:56
114.7.120.10	attack	Aug 28 11:11:07 hb sshd\[9723\]: Invalid user sccs from 114.7.120.10 Aug 28 11:11:07 hb sshd\[9723\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.7.120.10 Aug 28 11:11:09 hb sshd\[9723\]: Failed password for invalid user sccs from 114.7.120.10 port 50822 ssh2 Aug 28 11:16:27 hb sshd\[10119\]: Invalid user kramer from 114.7.120.10 Aug 28 11:16:27 hb sshd\[10119\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.7.120.10	2019-08-28 19:36:27
190.131.225.195	attackspam	Reported by AbuseIPDB proxy server.	2019-08-28 19:53:32
111.223.39.182	attackspambots	19/8/28@00:22:30: FAIL: Alarm-Intrusion address from=111.223.39.182 ...	2019-08-28 18:36:36
42.178.139.129	attackbots	Unauthorised access (Aug 28) SRC=42.178.139.129 LEN=40 TTL=49 ID=34496 TCP DPT=8080 WINDOW=11879 SYN Unauthorised access (Aug 28) SRC=42.178.139.129 LEN=40 TTL=49 ID=40767 TCP DPT=8080 WINDOW=35736 SYN	2019-08-28 18:24:01
124.205.140.186	attack	Fail2Ban - FTP Abuse Attempt	2019-08-28 19:45:37
128.199.255.146	attackspambots	2019-08-28T11:09:00.892663abusebot.cloudsearch.cf sshd\[15225\]: Invalid user cyrus from 128.199.255.146 port 49012	2019-08-28 19:48:06
62.234.97.45	attack	Aug 28 01:54:55 hiderm sshd\[6350\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.97.45 user=root Aug 28 01:54:57 hiderm sshd\[6350\]: Failed password for root from 62.234.97.45 port 57297 ssh2 Aug 28 01:58:36 hiderm sshd\[6710\]: Invalid user waterboy from 62.234.97.45 Aug 28 01:58:36 hiderm sshd\[6710\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.97.45 Aug 28 01:58:38 hiderm sshd\[6710\]: Failed password for invalid user waterboy from 62.234.97.45 port 45028 ssh2	2019-08-28 19:59:03
178.128.104.16	attackspambots	Automatic report - Banned IP Access	2019-08-28 19:55:15
174.138.6.123	attack	2019-08-28T10:39:32.707775abusebot-2.cloudsearch.cf sshd\[26541\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=174.138.6.123 user=root	2019-08-28 19:44:38
128.199.88.125	attackspam	$f2bV_matches	2019-08-28 18:16:18
45.79.214.232	attackspam	Port scan attempt detected by AWS-CCS, CTS, India	2019-08-28 19:55:52
42.157.130.18	attackspambots	Aug 28 03:47:06 home sshd[1077]: Invalid user lk from 42.157.130.18 port 55678 Aug 28 03:47:06 home sshd[1077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.157.130.18 Aug 28 03:47:06 home sshd[1077]: Invalid user lk from 42.157.130.18 port 55678 Aug 28 03:47:09 home sshd[1077]: Failed password for invalid user lk from 42.157.130.18 port 55678 ssh2 Aug 28 03:51:06 home sshd[1088]: Invalid user postgres from 42.157.130.18 port 58474 Aug 28 03:51:06 home sshd[1088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.157.130.18 Aug 28 03:51:06 home sshd[1088]: Invalid user postgres from 42.157.130.18 port 58474 Aug 28 03:51:08 home sshd[1088]: Failed password for invalid user postgres from 42.157.130.18 port 58474 ssh2 Aug 28 03:53:59 home sshd[1097]: Invalid user andrei from 42.157.130.18 port 53546 Aug 28 03:53:59 home sshd[1097]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.157.1	2019-08-28 19:38:32

最近上报的IP列表

44.68.34.71	192.90.170.150	36.0.182.132	180.212.151.27
77.191.27.123	250.78.96.250	88.51.8.192	119.151.61.218
60.191.113.161	165.246.91.139	92.208.41.10	1.136.220.41
241.160.172.137	31.186.235.109	99.230.136.147	39.217.29.46
77.249.198.223	185.121.69.14	82.172.192.254	144.124.212.195