168.196.42.150

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Brazil

运营商(isp): Visual Link Comunicacoes Multimidia Ltda - ME

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Fixed Line ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Jul 8 08:36:11 odroid64 sshd\[15183\]: Invalid user orders from 168.196.42.150 Jul 8 08:36:11 odroid64 sshd\[15183\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.196.42.150 ...	2020-07-08 18:44:37
attack	Jul 3 02:03:45 *** sshd[27527]: Invalid user jmd from 168.196.42.150	2020-07-04 00:09:35

类型

评论内容

时间

attack

Jul  8 08:36:11 odroid64 sshd\[15183\]: Invalid user orders from 168.196.42.150
Jul  8 08:36:11 odroid64 sshd\[15183\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.196.42.150
...

2020-07-08 18:44:37

attack

Jul  3 02:03:45 *** sshd[27527]: Invalid user jmd from 168.196.42.150

2020-07-04 00:09:35

相同子网IP讨论:

IP	类型	评论内容	时间
168.196.42.182	attackspam	SpamScore above: 10.0	2020-04-15 14:09:20
168.196.42.122	attackspambots	Mar 3 18:25:14 gw1 sshd[13748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.196.42.122 Mar 3 18:25:16 gw1 sshd[13748]: Failed password for invalid user bruno from 168.196.42.122 port 49501 ssh2 ...	2020-03-03 21:37:57
168.196.42.122	attack	Mar 3 10:01:04 gw1 sshd[24733]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.196.42.122 Mar 3 10:01:06 gw1 sshd[24733]: Failed password for invalid user hdfs from 168.196.42.122 port 46090 ssh2 ...	2020-03-03 13:04:45
168.196.42.122	attackbotsspam	Feb 25 00:15:41 server sshd[1279751]: Failed password for invalid user michelle from 168.196.42.122 port 57785 ssh2 Feb 25 00:19:53 server sshd[1280610]: Failed password for invalid user sanjeev from 168.196.42.122 port 33739 ssh2 Feb 25 00:24:10 server sshd[1281538]: Failed password for invalid user mailman from 168.196.42.122 port 37914 ssh2	2020-02-25 08:49:17
168.196.42.122	attackspambots	Feb 21 15:55:26 cumulus sshd[26053]: Invalid user gmodserver from 168.196.42.122 port 45377 Feb 21 15:55:26 cumulus sshd[26053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.196.42.122 Feb 21 15:55:28 cumulus sshd[26053]: Failed password for invalid user gmodserver from 168.196.42.122 port 45377 ssh2 Feb 21 15:55:28 cumulus sshd[26053]: Received disconnect from 168.196.42.122 port 45377:11: Bye Bye [preauth] Feb 21 15:55:28 cumulus sshd[26053]: Disconnected from 168.196.42.122 port 45377 [preauth] Feb 21 16:06:52 cumulus sshd[26360]: Invalid user akazam from 168.196.42.122 port 49222 Feb 21 16:06:52 cumulus sshd[26360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.196.42.122 Feb 21 16:06:53 cumulus sshd[26360]: Failed password for invalid user akazam from 168.196.42.122 port 49222 ssh2 Feb 21 16:06:54 cumulus sshd[26360]: Received disconnect from 168.196.42.122 port 49222:11: B........ -------------------------------	2020-02-22 20:22:14
168.196.42.122	attackspambots	Feb 21 15:55:26 cumulus sshd[26053]: Invalid user gmodserver from 168.196.42.122 port 45377 Feb 21 15:55:26 cumulus sshd[26053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.196.42.122 Feb 21 15:55:28 cumulus sshd[26053]: Failed password for invalid user gmodserver from 168.196.42.122 port 45377 ssh2 Feb 21 15:55:28 cumulus sshd[26053]: Received disconnect from 168.196.42.122 port 45377:11: Bye Bye [preauth] Feb 21 15:55:28 cumulus sshd[26053]: Disconnected from 168.196.42.122 port 45377 [preauth] Feb 21 16:06:52 cumulus sshd[26360]: Invalid user akazam from 168.196.42.122 port 49222 Feb 21 16:06:52 cumulus sshd[26360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.196.42.122 Feb 21 16:06:53 cumulus sshd[26360]: Failed password for invalid user akazam from 168.196.42.122 port 49222 ssh2 Feb 21 16:06:54 cumulus sshd[26360]: Received disconnect from 168.196.42.122 port 49222:11: B........ -------------------------------	2020-02-22 08:25:49

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 168.196.42.150
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27586
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;168.196.42.150.			IN	A

;; AUTHORITY SECTION:
.			558	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020070300 1800 900 604800 86400

;; Query time: 54 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Jul 04 00:09:26 CST 2020
;; MSG SIZE  rcvd: 118

HOST信息:

150.42.196.168.in-addr.arpa domain name pointer 168-196-42-150.provedorvisuallink.net.br.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
150.42.196.168.in-addr.arpa	name = 168-196-42-150.provedorvisuallink.net.br.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
103.94.2.154	attackspambots	Invalid user gast1 from 103.94.2.154 port 53287	2020-02-01 10:48:05
2.193.2.254	attack	Feb 1 05:58:47 sxvn sshd[1223892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.193.2.254	2020-02-01 13:02:04
14.239.34.224	attackspam	Unauthorized connection attempt from IP address 14.239.34.224 on Port 445(SMB)	2020-02-01 10:40:38
118.68.118.168	attack	1580512626 - 02/01/2020 00:17:06 Host: 118.68.118.168/118.68.118.168 Port: 445 TCP Blocked	2020-02-01 10:41:01
217.160.212.25	attackspambots	Time: Fri Jan 31 18:17:57 2020 -0300 IP: 217.160.212.25 (DE/Germany/-) Failures: 5 (mod_security) Interval: 3600 seconds Blocked: Permanent Block	2020-02-01 10:54:54
54.206.19.43	attackspam	[FriJan3121:49:49.7055332020][:error][pid12190:tid47392766236416][client54.206.19.43:40910][client54.206.19.43]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"$\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\\|passwd\\|group$\\|www_\?acl\)\\|global\\\\\\\\.asa\\|httpd\\\\\\\\.conf\\|boot\\\\\\\\.ini\\|web.config\)\\\\\\\\b\\|$\\|\^\\|\\\\\\\\.\\\\\\\\.$/etc/\\|/\\\\\\\\.$\?:history\\|bash_history\\|sh_history\\|env$\$\)"atREQUEST_FILENAME.[file"/usr/local/apache.ea3/conf/modsec_rules/10_asl_rules.conf"][line"211"][id"390709"][rev"30"][msg"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely"][data"/.env"][severity"CRITICAL"][hostname"www.casaplusticino.ch"][uri"/.env"][unique_id"XjSS7RZ2LVVmbSpBd99nHQAAAAM"][FriJan3122:30:10.5819102020][:error][pid12039:tid47392787248896][client54.206.19.43:46606][client54.206.19.43]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"$\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\\|passwd\\|group$\\|www_\?acl\)\\|global\\\\\\\\.asa\\|httpd\\\\\	2020-02-01 10:55:39
147.234.55.175	attack	Unauthorized connection attempt detected from IP address 147.234.55.175 to port 2323 [J]	2020-02-01 10:27:01
218.92.0.145	attackspambots	$f2bV_matches	2020-02-01 10:51:42
114.143.101.18	attackspam	Unauthorized connection attempt from IP address 114.143.101.18 on Port 445(SMB)	2020-02-01 10:28:10
187.95.125.228	attack	2020-02-01T01:26:52.312198host3.slimhost.com.ua sshd[3063884]: Invalid user ts2 from 187.95.125.228 port 33070 2020-02-01T01:26:52.319324host3.slimhost.com.ua sshd[3063884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.95.125.228 2020-02-01T01:26:52.312198host3.slimhost.com.ua sshd[3063884]: Invalid user ts2 from 187.95.125.228 port 33070 2020-02-01T01:26:54.601169host3.slimhost.com.ua sshd[3063884]: Failed password for invalid user ts2 from 187.95.125.228 port 33070 ssh2 2020-02-01T01:29:29.088186host3.slimhost.com.ua sshd[3065259]: Invalid user admin from 187.95.125.228 port 54420 2020-02-01T01:29:29.094809host3.slimhost.com.ua sshd[3065259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.95.125.228 2020-02-01T01:29:29.088186host3.slimhost.com.ua sshd[3065259]: Invalid user admin from 187.95.125.228 port 54420 2020-02-01T01:29:31.597420host3.slimhost.com.ua sshd[3065259]: Failed password for i ...	2020-02-01 10:31:57
35.178.204.115	attack	Time: Fri Jan 31 18:11:09 2020 -0300 IP: 35.178.204.115 (GB/United Kingdom/ec2-35-178-204-115.eu-west-2.compute.amazonaws.com) Failures: 5 (mod_security) Interval: 3600 seconds Blocked: Permanent Block	2020-02-01 10:48:30
132.232.108.149	attackbotsspam	Unauthorized connection attempt detected from IP address 132.232.108.149 to port 2220 [J]	2020-02-01 10:52:44
185.234.217.194	attack	Trying to log into mailserver (postfix/smtp) using multiple names and passwords	2020-02-01 10:39:00
115.159.86.75	attackbots	Unauthorized connection attempt detected from IP address 115.159.86.75 to port 2220 [J]	2020-02-01 10:44:32
68.183.176.131	attackbots	Feb 1 03:19:51 legacy sshd[24198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.176.131 Feb 1 03:19:53 legacy sshd[24198]: Failed password for invalid user admin from 68.183.176.131 port 55176 ssh2 Feb 1 03:23:17 legacy sshd[24350]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.176.131 ...	2020-02-01 10:24:43

最近上报的IP列表

49.235.213.234	76.75.110.28	103.82.235.3	14.177.228.189
206.189.205.39	103.98.16.135	119.45.149.173	188.75.143.98
218.154.47.85	103.199.161.14	179.184.0.112	52.150.16.34
77.128.73.84	36.232.235.177	120.29.78.214	93.86.118.140
183.89.57.140	193.93.62.61	195.93.168.6	1.52.212.245