114.242.123.21

Basic Info

City: Beijing

Region: Beijing

Country: China

Internet Service Provider: China Unicom Beijing Province Network

Hostname: unknown

Organization: China Unicom Beijing Province Network

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	DATE:2019-07-14 12:35:54,IP:114.242.123.21,MATCHES:10,PORT:ssh	2019-07-14 18:43:59
attack	Jul 14 08:42:50 legacy sshd[20043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.242.123.21 Jul 14 08:42:53 legacy sshd[20043]: Failed password for invalid user confluence from 114.242.123.21 port 50426 ssh2 Jul 14 08:49:49 legacy sshd[20229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.242.123.21 ...	2019-07-14 14:52:19
attack	Jul 14 00:54:28 legacy sshd[3594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.242.123.21 Jul 14 00:54:30 legacy sshd[3594]: Failed password for invalid user bsnl from 114.242.123.21 port 33818 ssh2 Jul 14 01:00:34 legacy sshd[3803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.242.123.21 ...	2019-07-14 07:14:59

Type

Details

Datetime

attack

DATE:2019-07-14 12:35:54,IP:114.242.123.21,MATCHES:10,PORT:ssh

2019-07-14 18:43:59

attack

Jul 14 08:42:50 legacy sshd[20043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.242.123.21
Jul 14 08:42:53 legacy sshd[20043]: Failed password for invalid user confluence from 114.242.123.21 port 50426 ssh2
Jul 14 08:49:49 legacy sshd[20229]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.242.123.21
...

2019-07-14 14:52:19

attack

Jul 14 00:54:28 legacy sshd[3594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.242.123.21
Jul 14 00:54:30 legacy sshd[3594]: Failed password for invalid user bsnl from 114.242.123.21 port 33818 ssh2
Jul 14 01:00:34 legacy sshd[3803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.242.123.21
...

2019-07-14 07:14:59

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 114.242.123.21
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58702
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;114.242.123.21.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019042301 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Tue Apr 23 21:35:15 +08 2019
;; MSG SIZE  rcvd: 118

Host info

Host 21.123.242.114.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 21.123.242.114.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
168.128.70.151	attackspam	Feb 26 02:17:46 localhost sshd\[17774\]: Invalid user nagios from 168.128.70.151 port 56626 Feb 26 02:17:46 localhost sshd\[17774\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.128.70.151 Feb 26 02:17:48 localhost sshd\[17774\]: Failed password for invalid user nagios from 168.128.70.151 port 56626 ssh2	2020-02-26 09:25:17
202.88.241.107	attackspam	FTP Brute-Force reported by Fail2Ban	2020-02-26 09:35:09
120.85.206.23	attack	Feb 26 01:46:41 vpn01 sshd[11054]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.85.206.23 Feb 26 01:46:42 vpn01 sshd[11054]: Failed password for invalid user mysql from 120.85.206.23 port 4615 ssh2 ...	2020-02-26 09:22:09
178.128.243.225	attackspam	Feb 26 02:02:25 mout sshd[26595]: Invalid user admin from 178.128.243.225 port 50110	2020-02-26 09:29:52
5.172.14.241	attackbots	SSH invalid-user multiple login attempts	2020-02-26 09:28:41
5.196.110.170	attack	Fail2Ban Ban Triggered	2020-02-26 09:46:40
219.141.190.195	attack	Fail2Ban - SSH Bruteforce Attempt	2020-02-26 09:30:46
35.240.145.52	attack	Feb 26 02:38:39 takio sshd[16526]: Invalid user www from 35.240.145.52 port 46340 Feb 26 02:42:33 takio sshd[16596]: Invalid user lakiasiat from 35.240.145.52 port 56246 Feb 26 02:46:26 takio sshd[16613]: Invalid user lakiasiat from 35.240.145.52 port 44186	2020-02-26 09:32:43
46.161.27.150	attack	firewall-block, port(s): 3389/tcp	2020-02-26 09:43:38
104.236.28.167	attack	Feb 26 01:46:07 ourumov-web sshd\[9286\]: Invalid user wftuser from 104.236.28.167 port 37740 Feb 26 01:46:07 ourumov-web sshd\[9286\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.236.28.167 Feb 26 01:46:09 ourumov-web sshd\[9286\]: Failed password for invalid user wftuser from 104.236.28.167 port 37740 ssh2 ...	2020-02-26 09:41:25
23.100.232.233	attackbotsspam	abuseConfidenceScore blocked for 12h	2020-02-26 09:49:55
170.244.172.231	attackbotsspam	Lines containing failures of 170.244.172.231 Feb 25 21:20:55 srv sshd[477008]: Invalid user admin from 170.244.172.231 port 58442 Feb 25 21:20:56 srv sshd[477008]: error: Received disconnect from 170.244.172.231 port 58442:3: com.jcraft.jsch.JSchException: Auth fail [preauth] Feb 25 21:20:56 srv sshd[477008]: Disconnected from invalid user admin 170.244.172.231 port 58442 [preauth] Feb 25 21:20:57 srv sshd[477013]: error: Received disconnect from 170.244.172.231 port 58770:3: com.jcraft.jsch.JSchException: Auth fail [preauth] Feb 25 21:20:57 srv sshd[477013]: Disconnected from authenticating user r.r 170.244.172.231 port 58770 [preauth] Feb 25 21:20:58 srv sshd[477015]: Invalid user guest from 170.244.172.231 port 58901 Feb 25 21:20:58 srv sshd[477015]: error: Received disconnect from 170.244.172.231 port 58901:3: com.jcraft.jsch.JSchException: Auth fail [preauth] Feb 25 21:20:58 srv sshd[477015]: Disconnected from invalid user guest 170.244.172.231 port 58901 [preauth] ........ ------------------------------	2020-02-26 09:23:32
110.77.135.148	attackspam	Feb 26 05:46:42 gw1 sshd[15963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.77.135.148 Feb 26 05:46:44 gw1 sshd[15963]: Failed password for invalid user adminuser from 110.77.135.148 port 55874 ssh2 ...	2020-02-26 09:21:04
51.75.18.212	attackbotsspam	Feb 26 02:23:21 srv01 sshd[31723]: Invalid user ts3server from 51.75.18.212 port 41740 Feb 26 02:23:21 srv01 sshd[31723]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.18.212 Feb 26 02:23:21 srv01 sshd[31723]: Invalid user ts3server from 51.75.18.212 port 41740 Feb 26 02:23:23 srv01 sshd[31723]: Failed password for invalid user ts3server from 51.75.18.212 port 41740 ssh2 Feb 26 02:32:22 srv01 sshd[32185]: Invalid user csgo from 51.75.18.212 port 60040 ...	2020-02-26 09:33:38
115.146.126.209	attack	Feb 25 19:46:18 Tower sshd[3672]: Connection from 115.146.126.209 port 45672 on 192.168.10.220 port 22 rdomain "" Feb 25 19:46:22 Tower sshd[3672]: Invalid user seongmin from 115.146.126.209 port 45672 Feb 25 19:46:22 Tower sshd[3672]: error: Could not get shadow information for NOUSER Feb 25 19:46:22 Tower sshd[3672]: Failed password for invalid user seongmin from 115.146.126.209 port 45672 ssh2 Feb 25 19:46:22 Tower sshd[3672]: Received disconnect from 115.146.126.209 port 45672:11: Bye Bye [preauth] Feb 25 19:46:22 Tower sshd[3672]: Disconnected from invalid user seongmin 115.146.126.209 port 45672 [preauth]	2020-02-26 09:30:18

Recently Reported IPs

2607:5300:60:5814::	61.182.201.190	44.84.118.77	46.252.247.206
110.120.97.14	130.91.219.89	5.38.245.44	172.6.43.126
177.107.188.182	186.235.217.87	180.107.202.249	57.214.172.48
211.235.124.2	197.135.37.89	37.14.254.62	185.130.184.235
168.28.206.43	52.60.181.84	168.173.150.116	95.45.254.121