City: unknown
Region: unknown
Country: China
Internet Service Provider: ChinaNet Yunnan Province Network
Hostname: unknown
Organization: unknown
Usage Type: unknown
| Type | Details | Datetime |
|---|---|---|
| attack | lfd: (smtpauth) Failed SMTP AUTH login from 42.242.21.112 (CN/China/-): 5 in the last 3600 secs - Fri Apr 13 06:06:16 2018 |
2020-02-07 07:01:39 |
| IP | Type | Details | Datetime |
|---|---|---|---|
| 42.242.210.100 | attack | Honeypot attack, port: 23, PTR: PTR record not found |
2019-07-06 15:17:49 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.242.21.112
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35063
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.242.21.112. IN A
;; AUTHORITY SECTION:
. 588 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020020601 1800 900 604800 86400
;; Query time: 52 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Feb 07 07:01:37 CST 2020
;; MSG SIZE rcvd: 117Host 112.21.242.42.in-addr.arpa. not found: 3(NXDOMAIN)Server: 183.60.83.19
Address: 183.60.83.19#53
** server can't find 112.21.242.42.in-addr.arpa: NXDOMAIN| IP | Type | Details | Datetime |
|---|---|---|---|
| 85.38.164.51 | attack | Aug 14 21:55:53 TORMINT sshd\[31422\]: Invalid user user from 85.38.164.51 Aug 14 21:55:53 TORMINT sshd\[31422\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.38.164.51 Aug 14 21:55:56 TORMINT sshd\[31422\]: Failed password for invalid user user from 85.38.164.51 port 29135 ssh2 ... |
2019-08-15 09:57:41 |
| 122.114.79.35 | attack | Aug 15 03:28:10 debian sshd\[6001\]: Invalid user test from 122.114.79.35 port 58108 Aug 15 03:28:10 debian sshd\[6001\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.114.79.35 ... |
2019-08-15 10:30:48 |
| 211.252.17.254 | attack | Automatic report - Banned IP Access |
2019-08-15 10:13:45 |
| 92.118.37.74 | attack | Aug 15 01:22:23 mail kernel: [913766.981788] [UFW BLOCK] IN=eth0 OUT= MAC=fa:16:3e:d3:64:42:4c:5e:0c:c9:30:5f:08:00 SRC=92.118.37.74 DST=185.101.93.72 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=29031 PROTO=TCP SPT=46525 DPT=40271 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 15 01:23:03 mail kernel: [913807.001948] [UFW BLOCK] IN=eth0 OUT= MAC=fa:16:3e:d3:64:42:4c:5e:0c:c9:30:5f:08:00 SRC=92.118.37.74 DST=185.101.93.72 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=18031 PROTO=TCP SPT=46525 DPT=25500 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 15 01:23:04 mail kernel: [913808.024969] [UFW BLOCK] IN=eth0 OUT= MAC=fa:16:3e:d3:64:42:4c:5e:0c:c9:30:5f:08:00 SRC=92.118.37.74 DST=185.101.93.72 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=24343 PROTO=TCP SPT=46525 DPT=33261 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 15 01:24:25 mail kernel: [913888.920668] [UFW BLOCK] IN=eth0 OUT= MAC=fa:16:3e:d3:64:42:4c:5e:0c:c9:30:5f:08:00 SRC=92.118.37.74 DST=185.101.93.72 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=25011 PROTO=TCP SPT=46525 DPT=10748 WINDOW=1024 RES=0x00 SYN URGP |
2019-08-15 09:43:05 |
| 113.1.51.244 | attackspam | Honeypot attack, port: 23, PTR: PTR record not found |
2019-08-15 10:25:00 |
| 197.83.207.210 | attackbots | Automatic report - Port Scan Attack |
2019-08-15 10:16:57 |
| 83.239.70.234 | attackspambots | Unauthorised access (Aug 15) SRC=83.239.70.234 LEN=44 TTL=240 ID=7913 TCP DPT=139 WINDOW=1024 SYN Unauthorised access (Aug 14) SRC=83.239.70.234 LEN=44 TTL=240 ID=35762 TCP DPT=139 WINDOW=1024 SYN Unauthorised access (Aug 12) SRC=83.239.70.234 LEN=44 TTL=240 ID=34432 TCP DPT=139 WINDOW=1024 SYN |
2019-08-15 10:09:25 |
| 167.71.10.240 | attack | Aug 15 03:51:30 vps647732 sshd[16850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.10.240 Aug 15 03:51:32 vps647732 sshd[16850]: Failed password for invalid user ulbrechT from 167.71.10.240 port 49626 ssh2 ... |
2019-08-15 10:13:23 |
| 92.53.65.52 | attack | 08/14/2019-19:32:19.419290 92.53.65.52 Protocol: 6 ET SCAN NMAP -sS window 1024 |
2019-08-15 10:26:17 |
| 186.64.120.195 | attackspam | Aug 15 04:43:00 server sshd\[17869\]: Invalid user diane from 186.64.120.195 port 47275 Aug 15 04:43:00 server sshd\[17869\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.195 Aug 15 04:43:03 server sshd\[17869\]: Failed password for invalid user diane from 186.64.120.195 port 47275 ssh2 Aug 15 04:48:42 server sshd\[5629\]: User root from 186.64.120.195 not allowed because listed in DenyUsers Aug 15 04:48:42 server sshd\[5629\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.64.120.195 user=root |
2019-08-15 10:00:24 |
| 198.12.127.111 | attackbotsspam | 19/8/14@19:33:58: FAIL: Alarm-Intrusion address from=198.12.127.111 ... |
2019-08-15 09:46:48 |
| 185.247.119.165 | attack | Aug 14 16:14:39 host sshd[17306]: Address 185.247.119.165 maps to easykeyholdandrentals.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Aug 14 16:14:39 host sshd[17306]: Invalid user anjor from 185.247.119.165 Aug 14 16:14:39 host sshd[17306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.119.165 Aug 14 16:14:41 host sshd[17306]: Failed password for invalid user anjor from 185.247.119.165 port 39994 ssh2 Aug 14 16:14:41 host sshd[17306]: Received disconnect from 185.247.119.165: 11: Bye Bye [preauth] Aug 14 16:24:44 host sshd[20093]: Address 185.247.119.165 maps to easykeyholdandrentals.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Aug 14 16:24:44 host sshd[20093]: Invalid user cod3 from 185.247.119.165 Aug 14 16:24:44 host sshd[20093]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.247.119.165 Aug 14 16:24:46 host ss........ ------------------------------- |
2019-08-15 10:28:28 |
| 150.223.23.56 | attack | Aug 15 08:10:22 webhost01 sshd[21336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.223.23.56 Aug 15 08:10:24 webhost01 sshd[21336]: Failed password for invalid user lulu from 150.223.23.56 port 55230 ssh2 ... |
2019-08-15 09:49:12 |
| 178.128.125.61 | attackbotsspam | Aug 15 03:36:16 v22018076622670303 sshd\[19301\]: Invalid user sysadmin@123 from 178.128.125.61 port 57006 Aug 15 03:36:16 v22018076622670303 sshd\[19301\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.125.61 Aug 15 03:36:18 v22018076622670303 sshd\[19301\]: Failed password for invalid user sysadmin@123 from 178.128.125.61 port 57006 ssh2 ... |
2019-08-15 09:58:52 |
| 62.102.148.68 | attack | Aug 15 01:42:04 thevastnessof sshd[11896]: Failed password for root from 62.102.148.68 port 36870 ssh2 ... |
2019-08-15 10:02:35 |