42.51.34.155 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Henan Telcom Union Technology Co. Ltd

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	C2,WP GET /wp-login.php	2020-07-13 20:04:57
attackbots	C1,WP GET /wp-login.php	2019-08-31 12:22:24

相同子网IP讨论:

IP	类型	评论内容	时间
42.51.34.202	attack	URL Probing: /wp-login.php	2020-08-18 23:24:45
42.51.34.174	attack	baned by mod_evasive	2020-07-20 06:28:34
42.51.34.250	attackspambots	ET SCAN MS Terminal Server Traffic on Non-standard Port - port: 1000 proto: TCP cat: Attempted Information Leak	2019-12-11 06:56:51
42.51.34.202	attackbots	Attempt to run wp-login.php	2019-10-23 07:52:55
42.51.34.174	attackspambots	/wp-login.php	2019-08-14 02:38:17
42.51.34.202	attack	C2,WP GET /wp-login.php	2019-07-29 19:13:39

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.51.34.155
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11978
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.51.34.155.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019083001 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Aug 31 12:22:18 CST 2019
;; MSG SIZE  rcvd: 116

HOST信息:

155.34.51.42.in-addr.arpa domain name pointer idc.ly.ha.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
155.34.51.42.in-addr.arpa	name = idc.ly.ha.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
36.75.141.245	attackspambots	1582205356 - 02/20/2020 14:29:16 Host: 36.75.141.245/36.75.141.245 Port: 445 TCP Blocked	2020-02-20 23:07:54
123.157.102.179	attack	02/20/2020-08:29:28.750904 123.157.102.179 Protocol: 6 ET SCAN Suspicious inbound to MSSQL port 1433	2020-02-20 22:59:42
222.186.30.248	attack	Feb 20 15:38:08 dcd-gentoo sshd[23020]: User root from 222.186.30.248 not allowed because none of user's groups are listed in AllowGroups Feb 20 15:38:13 dcd-gentoo sshd[23020]: error: PAM: Authentication failure for illegal user root from 222.186.30.248 Feb 20 15:38:08 dcd-gentoo sshd[23020]: User root from 222.186.30.248 not allowed because none of user's groups are listed in AllowGroups Feb 20 15:38:13 dcd-gentoo sshd[23020]: error: PAM: Authentication failure for illegal user root from 222.186.30.248 Feb 20 15:38:08 dcd-gentoo sshd[23020]: User root from 222.186.30.248 not allowed because none of user's groups are listed in AllowGroups Feb 20 15:38:13 dcd-gentoo sshd[23020]: error: PAM: Authentication failure for illegal user root from 222.186.30.248 Feb 20 15:38:13 dcd-gentoo sshd[23020]: Failed keyboard-interactive/pam for invalid user root from 222.186.30.248 port 31097 ssh2 ...	2020-02-20 22:46:57
36.67.15.241	attack	firewall-block, port(s): 1433/tcp	2020-02-20 22:36:44
222.186.175.151	attackspambots	Feb 20 15:55:17 SilenceServices sshd[3826]: Failed password for root from 222.186.175.151 port 62190 ssh2 Feb 20 15:55:32 SilenceServices sshd[3826]: Failed password for root from 222.186.175.151 port 62190 ssh2 Feb 20 15:55:32 SilenceServices sshd[3826]: error: maximum authentication attempts exceeded for root from 222.186.175.151 port 62190 ssh2 [preauth]	2020-02-20 23:02:51
176.110.120.82	attack	Unauthorized connection attempt detected from IP address 176.110.120.82 to port 445	2020-02-20 23:06:38
106.12.52.98	attack	Feb 20 14:26:40 srv01 sshd[1661]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.52.98 user=mysql Feb 20 14:26:42 srv01 sshd[1661]: Failed password for mysql from 106.12.52.98 port 58100 ssh2 Feb 20 14:29:21 srv01 sshd[1839]: Invalid user joyou from 106.12.52.98 port 42914 Feb 20 14:29:21 srv01 sshd[1839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.52.98 Feb 20 14:29:21 srv01 sshd[1839]: Invalid user joyou from 106.12.52.98 port 42914 Feb 20 14:29:22 srv01 sshd[1839]: Failed password for invalid user joyou from 106.12.52.98 port 42914 ssh2 ...	2020-02-20 22:55:24
185.202.2.57	attackspambots	185.202.2.57 - - \[20/Feb/2020:14:47:00 +0100\] "\x03\x00\x00/\*\xE0\x00\x00\x00\x00\x00Cookie: mstshash=Administr" 400 166 "-" "-" ...	2020-02-20 22:29:48
157.245.58.92	attack	Feb 20 15:15:36 markkoudstaal sshd[16642]: Failed password for gnats from 157.245.58.92 port 52196 ssh2 Feb 20 15:16:54 markkoudstaal sshd[16870]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.58.92 Feb 20 15:16:56 markkoudstaal sshd[16870]: Failed password for invalid user gitlab-prometheus from 157.245.58.92 port 33148 ssh2	2020-02-20 22:47:17
192.241.211.113	attack	1582205360 - 02/20/2020 20:29:20 Host: zg0213a-43.stretchoid.com/192.241.211.113 Port: 23 TCP Blocked ...	2020-02-20 23:05:40
185.143.223.166	attackbots	Feb 20 15:09:07 grey postfix/smtpd\[26779\]: NOQUEUE: reject: RCPT from unknown\[185.143.223.166\]: 554 5.7.1 Service unavailable\; Client host \[185.143.223.166\] blocked using truncate.gbudb.net\; http://www.gbudb.com/truncate/ \[185.143.223.166\]\; from=\<6nmghwsdywcny@mrt.mn\> to=\ proto=ESMTP helo=\<\[185.143.223.163\]\>Feb 20 15:09:07 grey postfix/smtpd\[26779\]: NOQUEUE: reject: RCPT from unknown\[185.143.223.166\]: 554 5.7.1 Service unavailable\; Client host \[185.143.223.166\] blocked using truncate.gbudb.net\; http://www.gbudb.com/truncate/ \[185.143.223.166\]\; from=\<6nmghwsdywcny@mrt.mn\> to=\ proto=ESMTP helo=\<\[185.143.223.163\]\> ...	2020-02-20 22:32:14
87.117.55.149	attack	Unauthorized connection attempt detected from IP address 87.117.55.149 to port 445	2020-02-20 23:02:11
185.176.27.18	attackspambots	Feb 20 15:39:44 debian-2gb-nbg1-2 kernel: \[4468795.068193\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=185.176.27.18 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=48557 PROTO=TCP SPT=45747 DPT=12485 WINDOW=1024 RES=0x00 SYN URGP=0	2020-02-20 22:43:06
95.174.102.70	attackspam	2020-02-20T08:15:40.2166531495-001 sshd[35401]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.174.102.70 2020-02-20T08:15:40.2086781495-001 sshd[35401]: Invalid user robert from 95.174.102.70 port 37676 2020-02-20T08:15:42.1552951495-001 sshd[35401]: Failed password for invalid user robert from 95.174.102.70 port 37676 ssh2 2020-02-20T09:16:50.4628581495-001 sshd[38675]: Invalid user nagios from 95.174.102.70 port 45428 2020-02-20T09:16:50.4704531495-001 sshd[38675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.174.102.70 2020-02-20T09:16:50.4628581495-001 sshd[38675]: Invalid user nagios from 95.174.102.70 port 45428 2020-02-20T09:16:53.2361331495-001 sshd[38675]: Failed password for invalid user nagios from 95.174.102.70 port 45428 ssh2 2020-02-20T09:19:26.2007001495-001 sshd[38831]: Invalid user wding from 95.174.102.70 port 37178 2020-02-20T09:19:26.2083181495-001 sshd[38831]: pam_unix(sshd:a ...	2020-02-20 23:03:57
37.202.75.126	attackbots	firewall-block, port(s): 9530/tcp	2020-02-20 22:35:55

最近上报的IP列表

104.128.51.11	232.213.112.29	27.147.132.19	23.228.82.4
23.247.98.189	192.162.237.35	190.13.136.53	95.12.5.58
82.210.12.29	36.81.16.128	116.196.83.109	95.142.159.11
14.181.222.61	92.119.160.33	81.40.197.52	43.228.117.222
171.12.3.73	148.63.244.88	122.174.17.40	164.77.85.150