51.68.92.75 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): France

运营商(isp): OVH SAS

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	\[2019-07-05 22:20:01\] SECURITY\[3671\] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2019-07-05T22:20:01.786+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="\",SessionID="1322858975-894667662-1341635418",LocalAddress="IPV4/UDP/188.40.118.248/5060",RemoteAddress="IPV4/UDP/51.68.92.75/51121",Challenge="1562358001/bdf45d7a6f69edab46aadf5f7f46813d",Response="3636cacc792a319e9cb55db498780c21",ExpectedResponse="" \[2019-07-05 22:20:01\] SECURITY\[3671\] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2019-07-05T22:20:01.964+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="\",SessionID="1322858975-894667662-1341635418",LocalAddress="IPV4/UDP/188.40.118.248/5060",RemoteAddress="IPV4/UDP/51.68.92.75/51121",Challenge="1562358001/bdf45d7a6f69edab46aadf5f7f46813d",Response="e7713969bfc92705ae4c203dcc3bed82",ExpectedResponse="" \[2019-07-05 22:20:02\] SECURITY\[3671\] res_security_log.c: SecurityEvent="ChallengeResponse	2019-07-06 04:34:33

类型

评论内容

时间

attackspambots

\[2019-07-05 22:20:01\] SECURITY\[3671\] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2019-07-05T22:20:01.786+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="\",SessionID="1322858975-894667662-1341635418",LocalAddress="IPV4/UDP/188.40.118.248/5060",RemoteAddress="IPV4/UDP/51.68.92.75/51121",Challenge="1562358001/bdf45d7a6f69edab46aadf5f7f46813d",Response="3636cacc792a319e9cb55db498780c21",ExpectedResponse=""
\[2019-07-05 22:20:01\] SECURITY\[3671\] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2019-07-05T22:20:01.964+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="\",SessionID="1322858975-894667662-1341635418",LocalAddress="IPV4/UDP/188.40.118.248/5060",RemoteAddress="IPV4/UDP/51.68.92.75/51121",Challenge="1562358001/bdf45d7a6f69edab46aadf5f7f46813d",Response="e7713969bfc92705ae4c203dcc3bed82",ExpectedResponse=""
\[2019-07-05 22:20:02\] SECURITY\[3671\] res_security_log.c: SecurityEvent="ChallengeResponse

2019-07-06 04:34:33

相同子网IP讨论:

IP	类型	评论内容	时间
51.68.92.119	attackspam	"SSH brute force auth login attempt."	2020-01-23 16:48:42
51.68.92.119	attackspambots	Lines containing failures of 51.68.92.119 Jan 7 09:34:38 dns01 sshd[9259]: Invalid user vendeg from 51.68.92.119 port 52530 Jan 7 09:34:38 dns01 sshd[9259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.92.119 Jan 7 09:34:40 dns01 sshd[9259]: Failed password for invalid user vendeg from 51.68.92.119 port 52530 ssh2 Jan 7 09:34:40 dns01 sshd[9259]: Received disconnect from 51.68.92.119 port 52530:11: Bye Bye [preauth] Jan 7 09:34:40 dns01 sshd[9259]: Disconnected from invalid user vendeg 51.68.92.119 port 52530 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=51.68.92.119	2020-01-08 22:09:25

类型

评论内容

时间

51.68.92.119

attackspam

"SSH brute force auth login attempt."

2020-01-23 16:48:42

51.68.92.119

attackspambots

Lines containing failures of 51.68.92.119
Jan  7 09:34:38 dns01 sshd[9259]: Invalid user vendeg from 51.68.92.119 port 52530
Jan  7 09:34:38 dns01 sshd[9259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.92.119
Jan  7 09:34:40 dns01 sshd[9259]: Failed password for invalid user vendeg from 51.68.92.119 port 52530 ssh2
Jan  7 09:34:40 dns01 sshd[9259]: Received disconnect from 51.68.92.119 port 52530:11: Bye Bye [preauth]
Jan  7 09:34:40 dns01 sshd[9259]: Disconnected from invalid user vendeg 51.68.92.119 port 52530 [preauth]


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=51.68.92.119

2020-01-08 22:09:25

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 51.68.92.75
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62239
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;51.68.92.75.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019070501 1800 900 604800 86400

;; Query time: 251 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Jul 06 04:34:27 CST 2019
;; MSG SIZE  rcvd: 115

HOST信息:

75.92.68.51.in-addr.arpa domain name pointer ip-51-68-92.eu.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
75.92.68.51.in-addr.arpa	name = ip-51-68-92.eu.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
222.252.16.71	attack	Scanning for exploits - /phpMyAdmin/scripts/setup.php	2020-05-21 18:30:43
219.250.188.219	attack	May 21 11:23:10 prod4 sshd\[22613\]: Invalid user lvzhizhou from 219.250.188.219 May 21 11:23:12 prod4 sshd\[22613\]: Failed password for invalid user lvzhizhou from 219.250.188.219 port 59552 ssh2 May 21 11:28:52 prod4 sshd\[24757\]: Invalid user php from 219.250.188.219 ...	2020-05-21 18:50:53
128.199.207.192	attack	2020-05-21T05:34:42.271412mail.thespaminator.com sshd[20908]: Invalid user jjh from 128.199.207.192 port 53352 2020-05-21T05:34:44.056426mail.thespaminator.com sshd[20908]: Failed password for invalid user jjh from 128.199.207.192 port 53352 ssh2 ...	2020-05-21 19:11:12
49.88.112.70	attackbotsspam	2020-05-21T11:06:12.383075shield sshd\[18809\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.70 user=root 2020-05-21T11:06:14.830125shield sshd\[18809\]: Failed password for root from 49.88.112.70 port 59406 ssh2 2020-05-21T11:06:16.567885shield sshd\[18809\]: Failed password for root from 49.88.112.70 port 59406 ssh2 2020-05-21T11:06:18.777346shield sshd\[18809\]: Failed password for root from 49.88.112.70 port 59406 ssh2 2020-05-21T11:08:04.944518shield sshd\[19114\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.70 user=root	2020-05-21 19:12:47
31.17.20.62	attackspambots	Unauthorized connection attempt detected from IP address 31.17.20.62 to port 22	2020-05-21 18:43:59
220.134.169.184	attackspambots	Port probing on unauthorized port 23	2020-05-21 18:59:54
162.243.139.141	attack	[Thu May 07 09:49:18 2020] - DDoS Attack From IP: 162.243.139.141 Port: 47581	2020-05-21 18:58:39
207.154.224.103	attack	207.154.224.103 - - [21/May/2020:12:51:13 +0200] "GET /wp-login.php HTTP/1.1" 200 1900 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 207.154.224.103 - - [21/May/2020:12:51:13 +0200] "POST /wp-login.php HTTP/1.1" 200 2031 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 207.154.224.103 - - [21/May/2020:12:51:13 +0200] "GET /wp-login.php HTTP/1.1" 200 1900 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 207.154.224.103 - - [21/May/2020:12:51:14 +0200] "POST /wp-login.php HTTP/1.1" 200 2008 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 207.154.224.103 - - [21/May/2020:12:51:14 +0200] "GET /wp-login.php HTTP/1.1" 200 1900 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 207.154.224.103 - - [21/May/2020:12:51:14 +0200] "POST /wp-login.php HTTP/1.1" 200 2009 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/ ...	2020-05-21 19:01:17
81.243.152.143	attackbotsspam	Unauthorized connection attempt detected from IP address 81.243.152.143 to port 23	2020-05-21 18:54:06
118.70.72.103	attack	May 21 17:05:43 web1 sshd[1250]: Invalid user eoo from 118.70.72.103 port 35628 May 21 17:05:43 web1 sshd[1250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.72.103 May 21 17:05:43 web1 sshd[1250]: Invalid user eoo from 118.70.72.103 port 35628 May 21 17:05:45 web1 sshd[1250]: Failed password for invalid user eoo from 118.70.72.103 port 35628 ssh2 May 21 17:09:59 web1 sshd[2215]: Invalid user lpe from 118.70.72.103 port 43580 May 21 17:09:59 web1 sshd[2215]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.70.72.103 May 21 17:09:59 web1 sshd[2215]: Invalid user lpe from 118.70.72.103 port 43580 May 21 17:10:01 web1 sshd[2215]: Failed password for invalid user lpe from 118.70.72.103 port 43580 ssh2 May 21 17:14:33 web1 sshd[3576]: Invalid user huf from 118.70.72.103 port 51534 ...	2020-05-21 18:53:29
162.243.144.116	attackbots	Port scan denied	2020-05-21 18:46:23
88.22.118.244	attackbots	odoo8 ...	2020-05-21 18:47:25
195.231.3.146	attackspambots	(smtpauth) Failed SMTP AUTH login from 195.231.3.146 (IT/Italy/host146-3-231-195.serverdedicati.aruba.it): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2020-05-21 15:37:54 login authenticator failed for (USER) [195.231.3.146]: 535 Incorrect authentication data (set_id=smtp@toliddaru.biz)	2020-05-21 19:10:43
182.61.12.12	attack	May 21 07:35:02 scw-6657dc sshd[10238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.61.12.12 May 21 07:35:02 scw-6657dc sshd[10238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.61.12.12 May 21 07:35:04 scw-6657dc sshd[10238]: Failed password for invalid user lqx from 182.61.12.12 port 53404 ssh2 ...	2020-05-21 18:47:36
14.237.197.6	attackbotsspam	SSHD brute force attack detected by fail2ban	2020-05-21 18:49:57

最近上报的IP列表

36.85.63.213	180.117.111.120	185.69.145.149	191.33.159.249
40.11.26.187	212.92.104.143	201.63.28.114	34.160.138.240
46.217.61.178	141.93.109.90	129.164.142.8	103.29.117.123
189.15.172.127	37.49.225.19	82.118.134.58	118.179.252.81
183.89.95.219	63.80.190.137	47.244.60.162	152.231.26.54