42.6.20.116 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Unicom Liaoning Province Network

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbots	port 23 attempt blocked	2019-06-23 05:32:41

相同子网IP讨论:

IP	类型	评论内容	时间
42.6.209.16	attackspam	Unauthorised access (Mar 23) SRC=42.6.209.16 LEN=44 TTL=240 ID=5333 TCP DPT=1433 WINDOW=1024 SYN	2020-03-24 05:15:53
42.6.200.214	attackbotsspam	Unauthorised access (Sep 25) SRC=42.6.200.214 LEN=40 TTL=49 ID=1545 TCP DPT=8080 WINDOW=33110 SYN Unauthorised access (Sep 25) SRC=42.6.200.214 LEN=40 TTL=49 ID=62721 TCP DPT=8080 WINDOW=33110 SYN Unauthorised access (Sep 25) SRC=42.6.200.214 LEN=40 TTL=49 ID=44440 TCP DPT=8080 WINDOW=33110 SYN Unauthorised access (Sep 25) SRC=42.6.200.214 LEN=40 TTL=49 ID=34153 TCP DPT=8080 WINDOW=33110 SYN Unauthorised access (Sep 23) SRC=42.6.200.214 LEN=40 TTL=49 ID=47074 TCP DPT=8080 WINDOW=33110 SYN Unauthorised access (Sep 23) SRC=42.6.200.214 LEN=40 TTL=49 ID=40127 TCP DPT=8080 WINDOW=33110 SYN	2019-09-26 04:55:53

类型

评论内容

时间

42.6.209.16

attackspam

Unauthorised access (Mar 23) SRC=42.6.209.16 LEN=44 TTL=240 ID=5333 TCP DPT=1433 WINDOW=1024 SYN

2020-03-24 05:15:53

42.6.200.214

attackbotsspam

Unauthorised access (Sep 25) SRC=42.6.200.214 LEN=40 TTL=49 ID=1545 TCP DPT=8080 WINDOW=33110 SYN 
Unauthorised access (Sep 25) SRC=42.6.200.214 LEN=40 TTL=49 ID=62721 TCP DPT=8080 WINDOW=33110 SYN 
Unauthorised access (Sep 25) SRC=42.6.200.214 LEN=40 TTL=49 ID=44440 TCP DPT=8080 WINDOW=33110 SYN 
Unauthorised access (Sep 25) SRC=42.6.200.214 LEN=40 TTL=49 ID=34153 TCP DPT=8080 WINDOW=33110 SYN 
Unauthorised access (Sep 23) SRC=42.6.200.214 LEN=40 TTL=49 ID=47074 TCP DPT=8080 WINDOW=33110 SYN 
Unauthorised access (Sep 23) SRC=42.6.200.214 LEN=40 TTL=49 ID=40127 TCP DPT=8080 WINDOW=33110 SYN

2019-09-26 04:55:53

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.6.20.116
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2074
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.6.20.116.			IN	A

;; AUTHORITY SECTION:
.			2718	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019062202 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sun Jun 23 05:32:36 CST 2019
;; MSG SIZE  rcvd: 115

HOST信息:

Host 116.20.6.42.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 116.20.6.42.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
161.35.61.229	attackbotsspam	Jul 26 00:58:19 havingfunrightnow sshd[30019]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.61.229 Jul 26 00:58:21 havingfunrightnow sshd[30019]: Failed password for invalid user admin from 161.35.61.229 port 60156 ssh2 Jul 26 01:09:27 havingfunrightnow sshd[30382]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.61.229 ...	2020-07-26 07:10:28
181.55.188.218	attackbots	Jul 26 04:39:01 lunarastro sshd[1344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.55.188.218 Jul 26 04:39:03 lunarastro sshd[1344]: Failed password for invalid user sudeep from 181.55.188.218 port 55482 ssh2	2020-07-26 07:36:10
75.190.240.97	attackbots	(sshd) Failed SSH login from 75.190.240.97 (US/United States/cpe-75-190-240-97.nc.res.rr.com): 5 in the last 3600 secs	2020-07-26 07:14:18
49.233.173.136	attackbotsspam	Jul 26 01:09:25 hidden sshd[41277]: Invalid user ashok from 49.233.173.136 port 52952 Jul 26 01:09:25 hidden sshd[41277]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.233.173.136 Jul 26 01:09:27 hidden sshd[41277]: Failed password for invalid user ashok from 49.233.173.136 port 52952 ssh2	2020-07-26 07:11:42
118.125.11.239	attackbotsspam	20 attempts against mh-ssh on pluto	2020-07-26 07:39:55
222.128.78.127	attackspambots	Lines containing failures of 222.128.78.127 Jul 23 23:37:07 shared03 sshd[20067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.128.78.127 user=admin Jul 23 23:37:09 shared03 sshd[20067]: Failed password for admin from 222.128.78.127 port 42858 ssh2 Jul 23 23:37:10 shared03 sshd[20067]: Received disconnect from 222.128.78.127 port 42858:11: Bye Bye [preauth] Jul 23 23:37:10 shared03 sshd[20067]: Disconnected from authenticating user admin 222.128.78.127 port 42858 [preauth] Jul 23 23:41:57 shared03 sshd[21614]: Invalid user user from 222.128.78.127 port 55664 Jul 23 23:41:57 shared03 sshd[21614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.128.78.127 Jul 23 23:41:59 shared03 sshd[21614]: Failed password for invalid user user from 222.128.78.127 port 55664 ssh2 Jul 23 23:41:59 shared03 sshd[21614]: Received disconnect from 222.128.78.127 port 55664:11: Bye Bye [preauth] Jul 23 2........ ------------------------------	2020-07-26 07:21:55
120.70.100.13	attackspambots	Jul 25 17:03:24 server1 sshd\[31344\]: Failed password for postgres from 120.70.100.13 port 49625 ssh2 Jul 25 17:06:13 server1 sshd\[32091\]: Invalid user qh from 120.70.100.13 Jul 25 17:06:13 server1 sshd\[32091\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.70.100.13 Jul 25 17:06:15 server1 sshd\[32091\]: Failed password for invalid user qh from 120.70.100.13 port 40383 ssh2 Jul 25 17:08:59 server1 sshd\[397\]: Invalid user gss from 120.70.100.13 ...	2020-07-26 07:38:10
186.206.157.34	attackspam	$f2bV_matches	2020-07-26 07:45:24
114.33.71.160	attackbots	Unwanted checking 80 or 443 port ...	2020-07-26 07:27:28
103.217.255.68	attack	Jul 26 01:09:13 ns381471 sshd[5865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.217.255.68 Jul 26 01:09:15 ns381471 sshd[5865]: Failed password for invalid user sam from 103.217.255.68 port 47590 ssh2	2020-07-26 07:24:35
106.52.130.172	attackspam	Jul 21 11:22:27 cumulus sshd[27281]: Invalid user vladimir from 106.52.130.172 port 57684 Jul 21 11:22:27 cumulus sshd[27281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.130.172 Jul 21 11:22:28 cumulus sshd[27281]: Failed password for invalid user vladimir from 106.52.130.172 port 57684 ssh2 Jul 21 11:22:33 cumulus sshd[27281]: Received disconnect from 106.52.130.172 port 57684:11: Bye Bye [preauth] Jul 21 11:22:33 cumulus sshd[27281]: Disconnected from 106.52.130.172 port 57684 [preauth] Jul 21 11:53:01 cumulus sshd[30159]: Invalid user nagios from 106.52.130.172 port 45540 Jul 21 11:53:01 cumulus sshd[30159]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.130.172 Jul 21 11:53:03 cumulus sshd[30159]: Failed password for invalid user nagios from 106.52.130.172 port 45540 ssh2 Jul 21 11:53:03 cumulus sshd[30159]: Received disconnect from 106.52.130.172 port 45540:11: Bye B........ -------------------------------	2020-07-26 07:26:41
165.231.148.193	attack	2020-07-25T17:47:57.191324morrigan.ad5gb.com postfix/smtpd[3833819]: NOQUEUE: reject: RCPT from unknown[165.231.148.193]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo= 2020-07-25T18:09:02.192458morrigan.ad5gb.com postfix/smtpd[3841273]: NOQUEUE: reject: RCPT from unknown[165.231.148.193]: 554 5.7.1 : Relay access denied; from= to= proto=ESMTP helo=	2020-07-26 07:36:45
140.143.9.142	attackspambots	Jul 25 17:06:11 server1 sshd\[32087\]: Invalid user trash from 140.143.9.142 Jul 25 17:06:11 server1 sshd\[32087\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.9.142 Jul 25 17:06:13 server1 sshd\[32087\]: Failed password for invalid user trash from 140.143.9.142 port 48500 ssh2 Jul 25 17:09:12 server1 sshd\[541\]: Invalid user crespo from 140.143.9.142 Jul 25 17:09:12 server1 sshd\[541\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.9.142 ...	2020-07-26 07:24:22
112.85.42.173	attackspam	Fail2Ban - SSH Bruteforce Attempt	2020-07-26 07:41:51
139.162.90.220	attack	" "	2020-07-26 07:20:22

最近上报的IP列表

119.39.46.179	45.67.212.141	31.163.144.44	27.152.115.141
12.161.71.40	75.109.178.69	87.117.45.19	190.57.236.234
112.221.132.29	168.228.149.141	124.90.55.29	114.232.192.57
191.53.221.172	42.239.103.240	82.10.212.249	151.55.37.84
202.40.183.234	207.230.254.154	186.249.83.86	132.181.78.92