42.157.128.50 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Weiyi Network Technology Co. Ltd

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	MultiHost/MultiPort Probe, Scan, Hack -	2019-07-25 05:06:43

相同子网IP讨论:

IP	类型	评论内容	时间
42.157.128.188	attack	Dec 4 21:28:08 sauna sshd[51697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.157.128.188 Dec 4 21:28:10 sauna sshd[51697]: Failed password for invalid user tryjefaczka from 42.157.128.188 port 47104 ssh2 ...	2019-12-05 03:42:41
42.157.128.188	attack	2019-11-11T09:36:22.831622abusebot-5.cloudsearch.cf sshd\[2253\]: Invalid user butthead from 42.157.128.188 port 60064	2019-11-11 19:08:44
42.157.128.188	attackbots	2019-11-08T08:12:00.416155abusebot-5.cloudsearch.cf sshd\[29726\]: Invalid user gong from 42.157.128.188 port 35226	2019-11-08 16:18:18
42.157.128.188	attack	2019-11-08T05:54:43.503809abusebot-5.cloudsearch.cf sshd\[28339\]: Invalid user waggoner from 42.157.128.188 port 59696	2019-11-08 14:20:58
42.157.128.188	attack	2019-10-29T09:35:42.747247abusebot-5.cloudsearch.cf sshd\[31459\]: Invalid user test from 42.157.128.188 port 57978	2019-10-29 17:37:28
42.157.128.188	attack	2019-10-18T12:02:44.356210abusebot-5.cloudsearch.cf sshd\[19744\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.157.128.188 user=root	2019-10-19 03:54:10
42.157.128.188	attack	2019-10-15T07:48:34.028059abusebot-5.cloudsearch.cf sshd\[2265\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.157.128.188 user=root	2019-10-15 15:53:16
42.157.128.188	attackbotsspam	Lines containing failures of 42.157.128.188 (max 1000) Oct 14 02:33:45 localhost sshd[5707]: Invalid user claire from 42.157.128.188 port 50542 Oct 14 02:33:45 localhost sshd[5707]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.157.128.188 Oct 14 02:33:47 localhost sshd[5707]: Failed password for invalid user claire from 42.157.128.188 port 50542 ssh2 Oct 14 02:33:48 localhost sshd[5707]: Received disconnect from 42.157.128.188 port 50542:11: Bye Bye [preauth] Oct 14 02:33:48 localhost sshd[5707]: Disconnected from invalid user claire 42.157.128.188 port 50542 [preauth] Oct 14 02:54:39 localhost sshd[3600]: Invalid user bot2 from 42.157.128.188 port 49012 Oct 14 02:54:39 localhost sshd[3600]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.157.128.188 Oct 14 02:54:41 localhost sshd[3600]: Failed password for invalid user bot2 from 42.157.128.188 port 49012 ssh2 Oct 14 02:54:42 local........ ------------------------------	2019-10-14 18:23:59
42.157.128.188	attack	2019-10-07T11:41:28.885551abusebot-5.cloudsearch.cf sshd\[21340\]: Invalid user max from 42.157.128.188 port 44572	2019-10-08 00:50:38
42.157.128.188	attack	Sep 26 05:43:47 OPSO sshd\[21465\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.157.128.188 user=root Sep 26 05:43:49 OPSO sshd\[21465\]: Failed password for root from 42.157.128.188 port 57930 ssh2 Sep 26 05:45:46 OPSO sshd\[21952\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.157.128.188 user=root Sep 26 05:45:48 OPSO sshd\[21952\]: Failed password for root from 42.157.128.188 port 48152 ssh2 Sep 26 05:47:42 OPSO sshd\[22089\]: Invalid user alpha from 42.157.128.188 port 38200 Sep 26 05:47:42 OPSO sshd\[22089\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.157.128.188	2019-09-26 16:54:43
42.157.128.188	attackspam	2019-09-05T20:28:36.991768ns557175 sshd\[28306\]: Invalid user ubuntu from 42.157.128.188 port 44472 2019-09-05T20:28:36.997184ns557175 sshd\[28306\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.157.128.188 2019-09-05T20:28:39.039492ns557175 sshd\[28306\]: Failed password for invalid user ubuntu from 42.157.128.188 port 44472 ssh2 2019-09-05T20:41:44.145535ns557175 sshd\[8182\]: Invalid user zj from 42.157.128.188 port 56718 2019-09-05T20:41:44.149961ns557175 sshd\[8182\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.157.128.188 2019-09-05T20:41:46.368230ns557175 sshd\[8182\]: Failed password for invalid user zj from 42.157.128.188 port 56718 ssh2 2019-09-05T20:45:54.020727ns557175 sshd\[12135\]: Invalid user steam from 42.157.128.188 port 42342 2019-09-05T20:45:54.026629ns557175 sshd\[12135\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.1 ...	2019-09-07 15:26:34
42.157.128.188	attackbotsspam	Sep 4 04:47:55 wbs sshd\[15662\]: Invalid user dayz from 42.157.128.188 Sep 4 04:47:55 wbs sshd\[15662\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.157.128.188 Sep 4 04:47:58 wbs sshd\[15662\]: Failed password for invalid user dayz from 42.157.128.188 port 39630 ssh2 Sep 4 04:50:55 wbs sshd\[15946\]: Invalid user hoandy from 42.157.128.188 Sep 4 04:50:55 wbs sshd\[15946\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.157.128.188	2019-09-04 23:33:49
42.157.128.188	attackspam	$f2bV_matches	2019-09-01 13:50:23
42.157.128.188	attackspambots	2019-08-29T20:29:39.785343abusebot-2.cloudsearch.cf sshd\[2769\]: Invalid user metin2 from 42.157.128.188 port 43154	2019-08-30 04:47:30
42.157.128.188	attackspambots	Aug 22 22:43:35 tdfoods sshd\[17619\]: Invalid user hb from 42.157.128.188 Aug 22 22:43:35 tdfoods sshd\[17619\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.157.128.188 Aug 22 22:43:37 tdfoods sshd\[17619\]: Failed password for invalid user hb from 42.157.128.188 port 36602 ssh2 Aug 22 22:49:07 tdfoods sshd\[18139\]: Invalid user postgres from 42.157.128.188 Aug 22 22:49:07 tdfoods sshd\[18139\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.157.128.188	2019-08-23 16:51:39

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.157.128.50
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 20266
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.157.128.50.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019072401 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu Jul 25 05:06:38 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

Host 50.128.157.42.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 50.128.157.42.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
37.187.134.111	attackbots	37.187.134.111 - - [25/Jun/2020:20:53:10 +0100] "POST /wp-login.php HTTP/1.1" 200 2111 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 37.187.134.111 - - [25/Jun/2020:20:53:10 +0100] "POST /wp-login.php HTTP/1.1" 200 2083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 37.187.134.111 - - [25/Jun/2020:20:53:11 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-06-26 03:58:36
47.62.179.15	attackspam	Lines containing failures of 47.62.179.15 /var/log/mail.err:Jun 25 14:15:23 server01 postfix/smtpd[27080]: warning: hostname 47-62-179-15.red-acceso.airtel.net does not resolve to address 47.62.179.15: Name or service not known /var/log/apache/pucorp.org.log:Jun 25 14:15:23 server01 postfix/smtpd[27080]: warning: hostname 47-62-179-15.red-acceso.airtel.net does not resolve to address 47.62.179.15: Name or service not known /var/log/apache/pucorp.org.log:Jun 25 14:15:23 server01 postfix/smtpd[27080]: connect from unknown[47.62.179.15] /var/log/apache/pucorp.org.log:Jun x@x /var/log/apache/pucorp.org.log:Jun x@x /var/log/apache/pucorp.org.log:Jun 25 14:15:24 server01 postfix/policy-spf[27090]: : Policy action=PREPEND Received-SPF: none (deyom.com: No applicable sender policy available) receiver=x@x /var/log/apache/pucorp.org.log:Jun x@x /var/log/apache/pucorp.org.log:Jun 25 14:15:25 server01 postfix/smtpd[27080]: lost connection after DATA from unknown[47.62.179.15] /var/l........ ------------------------------	2020-06-26 04:11:09
123.235.18.142	attackspambots	2020/6/24 14:05:53 Firewall[240]: DoS Attack - TCP SYN Flooding IN=erouter0 OUT= MAC=48:1d:70:de:3a:51:00:17:10:9d:38:90:08:00 SRC=123.235.18.142 DST= LEN=44 TOS=00 PREC=0x00 TTL=101 ID=256 PROTO=TCP SPT=45014 DPT=14336 SEQ=685572096 A FW.WANATTACK DROP, 10 Attempts. 2020/6/24 14:58:01 Firewall Blocked	2020-06-26 03:47:34
79.98.112.5	attack	Automatic report - XMLRPC Attack	2020-06-26 03:49:32
41.218.193.212	attackbots	Jun 25 14:04:20 *** sshd[1422]: refused connect from 41.218.193.212 (41= .218.193.212) ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=41.218.193.212	2020-06-26 03:43:16
47.56.139.102	attackbots	bruteforce detected	2020-06-26 03:48:45
159.89.110.45	attackbotsspam	159.89.110.45 - - [25/Jun/2020:20:18:52 +0100] "POST /wp-login.php HTTP/1.1" 200 2345 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.110.45 - - [25/Jun/2020:20:18:53 +0100] "POST /wp-login.php HTTP/1.1" 200 2350 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.110.45 - - [25/Jun/2020:20:18:54 +0100] "POST /xmlrpc.php HTTP/1.1" 200 247 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-06-26 03:58:18
207.154.229.50	attackbotsspam	B: Abusive ssh attack	2020-06-26 03:50:57
191.95.150.196	attack	[25/Jun/2020 x@x [25/Jun/2020 x@x [25/Jun/2020 x@x ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=191.95.150.196	2020-06-26 04:08:13
61.177.172.159	attack	Jun 25 19:53:34 localhost sshd[93303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.159 user=root Jun 25 19:53:36 localhost sshd[93303]: Failed password for root from 61.177.172.159 port 41522 ssh2 Jun 25 19:53:40 localhost sshd[93303]: Failed password for root from 61.177.172.159 port 41522 ssh2 Jun 25 19:53:34 localhost sshd[93303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.159 user=root Jun 25 19:53:36 localhost sshd[93303]: Failed password for root from 61.177.172.159 port 41522 ssh2 Jun 25 19:53:40 localhost sshd[93303]: Failed password for root from 61.177.172.159 port 41522 ssh2 Jun 25 19:53:34 localhost sshd[93303]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.177.172.159 user=root Jun 25 19:53:36 localhost sshd[93303]: Failed password for root from 61.177.172.159 port 41522 ssh2 Jun 25 19:53:40 localhost sshd[93303]: Fa ...	2020-06-26 03:54:09
1.55.108.102	attackbotsspam	Unauthorized IMAP connection attempt	2020-06-26 04:01:30
167.99.224.160	attackspambots	Jun 25 21:48:08 home sshd[8622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.224.160 Jun 25 21:48:10 home sshd[8622]: Failed password for invalid user demo from 167.99.224.160 port 33332 ssh2 Jun 25 21:51:51 home sshd[9031]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.224.160 ...	2020-06-26 03:54:50
167.250.219.141	attackbotsspam	2020-06-25 14:04:13 plain_virtual_exim authenticator failed for ([167.250.219.141]) [167.250.219.141]: 535 Incorrect authentication data ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=167.250.219.141	2020-06-26 03:37:28
5.101.156.56	attackbots	Fail2Ban Ban Triggered HTTP SQL Injection Attempt	2020-06-26 03:46:40
5.196.198.147	attackspam	Unauthorised connection attempt detected at AUO NODE 4. System is sshd. Protected by AUO Stack Web Application Firewall (WAF)	2020-06-26 03:58:55

最近上报的IP列表

207.180.192.52	124.195.168.82	217.58.186.155	171.242.11.115
218.150.220.198	170.130.187.2	138.0.145.192	200.52.60.227
189.194.132.250	183.159.182.39	114.67.74.139	117.60.133.122
114.239.164.196	113.160.223.167	52.167.43.30	2604:180:3:ba4::8374
36.233.101.79	27.66.127.191	14.223.54.139	14.11.36.2