42.51.194.4 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Henan Telcom Union Technology Co. Ltd

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbotsspam	Nov 21 01:58:01 server sshd\[3484\]: Invalid user ngrc from 42.51.194.4 Nov 21 01:58:01 server sshd\[3484\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.194.4 Nov 21 01:58:02 server sshd\[3484\]: Failed password for invalid user ngrc from 42.51.194.4 port 39830 ssh2 Nov 21 02:06:59 server sshd\[5946\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.194.4 user=root Nov 21 02:07:01 server sshd\[5946\]: Failed password for root from 42.51.194.4 port 38762 ssh2 ...	2019-11-21 07:38:27
attackspam	Nov 18 18:02:48 MK-Soft-VM8 sshd[3441]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.194.4 Nov 18 18:02:50 MK-Soft-VM8 sshd[3441]: Failed password for invalid user webadmin from 42.51.194.4 port 53503 ssh2 ...	2019-11-19 01:06:58
attackbots	Nov 9 10:22:29 fr01 sshd[4380]: Invalid user p@ssw0rd from 42.51.194.4 Nov 9 10:22:29 fr01 sshd[4380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.194.4 Nov 9 10:22:29 fr01 sshd[4380]: Invalid user p@ssw0rd from 42.51.194.4 Nov 9 10:22:30 fr01 sshd[4380]: Failed password for invalid user p@ssw0rd from 42.51.194.4 port 47203 ssh2 ...	2019-11-09 19:38:15
attack	Oct 23 01:43:16 server sshd\[29595\]: Invalid user long from 42.51.194.4 port 32908 Oct 23 01:43:16 server sshd\[29595\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.194.4 Oct 23 01:43:19 server sshd\[29595\]: Failed password for invalid user long from 42.51.194.4 port 32908 ssh2 Oct 23 01:47:59 server sshd\[2979\]: User root from 42.51.194.4 not allowed because listed in DenyUsers Oct 23 01:47:59 server sshd\[2979\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.194.4 user=root	2019-10-23 06:51:22
attackspambots	$f2bV_matches	2019-10-22 01:29:23

相同子网IP讨论:

IP	类型	评论内容	时间
42.51.194.15	attackspam	Dec 5 17:40:18 reporting2 sshd[12581]: reveeclipse mapping checking getaddrinfo for idc.ly.ha [42.51.194.15] failed - POSSIBLE BREAK-IN ATTEMPT! Dec 5 17:40:18 reporting2 sshd[12581]: User r.r from 42.51.194.15 not allowed because not listed in AllowUsers Dec 5 17:40:18 reporting2 sshd[12581]: Failed password for invalid user r.r from 42.51.194.15 port 1244 ssh2 Dec 5 17:40:19 reporting2 sshd[12581]: Failed password for invalid user r.r from 42.51.194.15 port 1244 ssh2 Dec 5 17:40:19 reporting2 sshd[12581]: Failed password for invalid user r.r from 42.51.194.15 port 1244 ssh2 Dec 5 17:40:20 reporting2 sshd[12581]: Failed password for invalid user r.r from 42.51.194.15 port 1244 ssh2 Dec 5 17:40:21 reporting2 sshd[12581]: Failed password for invalid user r.r from 42.51.194.15 port 1244 ssh2 Dec 5 17:40:25 reporting2 sshd[12638]: .... truncated .... 539]: User r.r from 42.51.194.15 not allowed because not listed in AllowUsers Dec 5 18:22:17 reporting2 sshd[3539]........ -------------------------------	2019-12-06 19:10:30
42.51.194.35	attack	Unauthorized connection attempt from IP address 42.51.194.35 on Port 3306(MYSQL)	2019-09-29 22:26:34
42.51.194.35	attackspam	Unauthorized connection attempt from IP address 42.51.194.35 on Port 3306(MYSQL)	2019-09-23 15:01:44
42.51.194.35	attack	09/15/2019-19:22:10.539826 42.51.194.35 Protocol: 6 ET SCAN Suspicious inbound to mySQL port 3306	2019-09-16 07:33:53
42.51.194.35	attackspam	Unauthorized connection attempt from IP address 42.51.194.35 on Port 3306(MYSQL)	2019-09-15 22:07:14
42.51.194.55	attack	Sep 5 15:24:16 hostnameproxy sshd[26462]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.194.55 user=r.r Sep 5 15:24:18 hostnameproxy sshd[26462]: Failed password for r.r from 42.51.194.55 port 1428 ssh2 Sep 5 15:24:20 hostnameproxy sshd[26462]: Failed password for r.r from 42.51.194.55 port 1428 ssh2 Sep 5 15:24:23 hostnameproxy sshd[26462]: Failed password for r.r from 42.51.194.55 port 1428 ssh2 Sep 5 15:24:26 hostnameproxy sshd[26462]: Failed password for r.r from 42.51.194.55 port 1428 ssh2 Sep 5 15:24:28 hostnameproxy sshd[26462]: Failed password for r.r from 42.51.194.55 port 1428 ssh2 Sep 5 15:24:32 hostnameproxy sshd[26466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.51.194.55 user=r.r Sep 5 15:24:34 hostnameproxy sshd[26466]: Failed password for r.r from 42.51.194.55 port 3584 ssh2 Sep 5 15:24:36 hostnameproxy sshd[26466]: Failed password for r.r from 42.51........ ------------------------------	2019-09-06 11:35:10

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.51.194.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10529
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.51.194.4.			IN	A

;; AUTHORITY SECTION:
.			343	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019102100 1800 900 604800 86400

;; Query time: 54 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Oct 22 01:29:20 CST 2019
;; MSG SIZE  rcvd: 115

HOST信息:

4.194.51.42.in-addr.arpa domain name pointer idc.ly.ha.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
4.194.51.42.in-addr.arpa	name = idc.ly.ha.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
85.209.157.120	attack	Brute force attempt	2020-08-22 17:09:21
118.99.113.155	attack	fail2ban/Aug 22 08:38:19 h1962932 sshd[5394]: Invalid user leone from 118.99.113.155 port 44806 Aug 22 08:38:19 h1962932 sshd[5394]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.99.113.155 Aug 22 08:38:19 h1962932 sshd[5394]: Invalid user leone from 118.99.113.155 port 44806 Aug 22 08:38:21 h1962932 sshd[5394]: Failed password for invalid user leone from 118.99.113.155 port 44806 ssh2 Aug 22 08:42:11 h1962932 sshd[5513]: Invalid user wen from 118.99.113.155 port 34440	2020-08-22 16:55:37
216.218.206.122	attack	[N10.H2.VM2] Port Scanner Detected Blocked by UFW	2020-08-22 17:08:07
217.182.174.132	attackspambots	WordPress wp-login brute force :: 217.182.174.132 0.072 BYPASS [22/Aug/2020:08:37:54 0000] [censored_2] "POST /wp-login.php HTTP/1.1" 200 2573 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-22 17:22:58
201.214.66.81	attack	notenschluessel-fulda.de 201.214.66.81 [22/Aug/2020:05:49:24 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4336 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36" notenschluessel-fulda.de 201.214.66.81 [22/Aug/2020:05:49:29 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4336 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36"	2020-08-22 17:04:06
122.51.98.36	attackspam	Invalid user webadm from 122.51.98.36 port 51946	2020-08-22 17:20:31
106.13.94.131	attackbots	2020-08-22T06:00:33.342627shield sshd\[21876\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.94.131 user=root 2020-08-22T06:00:35.514827shield sshd\[21876\]: Failed password for root from 106.13.94.131 port 41064 ssh2 2020-08-22T06:02:17.677213shield sshd\[22417\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.94.131 user=root 2020-08-22T06:02:19.452783shield sshd\[22417\]: Failed password for root from 106.13.94.131 port 59434 ssh2 2020-08-22T06:03:59.186372shield sshd\[22924\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.94.131 user=root	2020-08-22 17:00:35
106.13.233.186	attack	Aug 22 05:44:24 plg sshd[13237]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.233.186 Aug 22 05:44:25 plg sshd[13237]: Failed password for invalid user 2 from 106.13.233.186 port 51949 ssh2 Aug 22 05:45:52 plg sshd[13257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.233.186 Aug 22 05:45:54 plg sshd[13257]: Failed password for invalid user t7adm from 106.13.233.186 port 59110 ssh2 Aug 22 05:47:20 plg sshd[13263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.233.186 user=root Aug 22 05:47:23 plg sshd[13263]: Failed password for invalid user root from 106.13.233.186 port 38033 ssh2 ...	2020-08-22 17:26:23
89.148.42.154	attackspambots	Brute forcing RDP port 3389	2020-08-22 16:56:33
109.195.19.43	attack	jannisjulius.de 109.195.19.43 [22/Aug/2020:06:07:11 +0200] "POST /wp-login.php HTTP/1.1" 200 7118 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" jannisjulius.de 109.195.19.43 [22/Aug/2020:06:07:17 +0200] "POST /wp-login.php HTTP/1.1" 200 7060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-22 16:54:45
192.241.222.214	attack	1598068194 - 08/22/2020 05:49:54 Host: 192.241.222.214/192.241.222.214 Port: 953 TCP Blocked ...	2020-08-22 16:53:33
104.154.147.52	attack	Aug 22 13:23:06 dhoomketu sshd[2568953]: Invalid user popuser from 104.154.147.52 port 40697 Aug 22 13:23:06 dhoomketu sshd[2568953]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.154.147.52 Aug 22 13:23:06 dhoomketu sshd[2568953]: Invalid user popuser from 104.154.147.52 port 40697 Aug 22 13:23:08 dhoomketu sshd[2568953]: Failed password for invalid user popuser from 104.154.147.52 port 40697 ssh2 Aug 22 13:26:39 dhoomketu sshd[2569015]: Invalid user deployer from 104.154.147.52 port 40595 ...	2020-08-22 17:03:41
196.179.235.64	attackbots	notenschluessel-fulda.de 196.179.235.64 [22/Aug/2020:05:49:41 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4336 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36" notenschluessel-fulda.de 196.179.235.64 [22/Aug/2020:05:49:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4336 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.109 Safari/537.36"	2020-08-22 16:56:57
142.93.242.246	attackbotsspam	Aug 22 04:46:01 george sshd[21045]: Failed password for invalid user xl from 142.93.242.246 port 35588 ssh2 Aug 22 04:49:58 george sshd[21109]: Invalid user test from 142.93.242.246 port 40190 Aug 22 04:49:58 george sshd[21109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.242.246 Aug 22 04:50:01 george sshd[21109]: Failed password for invalid user test from 142.93.242.246 port 40190 ssh2 Aug 22 04:54:06 george sshd[21141]: Invalid user mne from 142.93.242.246 port 44798 ...	2020-08-22 16:55:17
37.187.16.30	attackspam	Aug 22 02:12:26 propaganda sshd[27599]: Connection from 37.187.16.30 port 50032 on 10.0.0.161 port 22 rdomain "" Aug 22 02:12:26 propaganda sshd[27599]: Connection closed by 37.187.16.30 port 50032 [preauth]	2020-08-22 17:25:35

最近上报的IP列表

8.23.35.201	183.166.59.149	178.164.245.151	82.31.74.17
79.17.58.116	115.182.62.224	71.192.13.137	27.145.88.192
187.2.17.180	76.38.227.87	132.232.66.60	25.46.182.185
18.144.156.248	102.118.31.23	214.190.230.216	122.117.68.151
228.28.14.24	160.67.88.193	58.70.155.214	114.32.8.15