42.51.216.20 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Henan Telcom Union Technology Co. Ltd

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	MultiHost/MultiPort Probe, Scan, Hack -	2019-07-29 08:20:35

Comments on same subnet:

IP	Type	Details	Datetime
42.51.216.15	attack	PHP Info File Request - Possible PHP Version Scan	2020-06-26 14:57:38
42.51.216.4	attackbots	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/42.51.216.4/ CN - 1H : (314) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : CN NAME ASN : ASN56005 IP : 42.51.216.4 CIDR : 42.51.128.0/17 PREFIX COUNT : 3 UNIQUE IP COUNT : 66560 WYKRYTE ATAKI Z ASN56005 : 1H - 1 3H - 1 6H - 1 12H - 1 24H - 1 INFO : SYN Flood DDoS Attack Denial-of-Service Attack (DoS) Detected and Blocked by ADMIN - data recovery	2019-09-17 05:53:38

Type

Details

Datetime

42.51.216.15

attack

PHP Info File Request - Possible PHP Version Scan

2020-06-26 14:57:38

42.51.216.4

attackbots

IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/42.51.216.4/ 
 CN - 1H : (314)  
 Protection Against DDoS WordPress plugin :  
 "odzyskiwanie danych help-dysk" 
 IP Address Ranges by Country : CN 
 NAME ASN : ASN56005 
 
 IP : 42.51.216.4 
 
 CIDR : 42.51.128.0/17 
 
 PREFIX COUNT : 3 
 
 UNIQUE IP COUNT : 66560 
 
 
 WYKRYTE ATAKI Z ASN56005 :  
  1H - 1 
  3H - 1 
  6H - 1 
 12H - 1 
 24H - 1 
 
 INFO : SYN Flood DDoS Attack Denial-of-Service Attack (DoS) Detected and Blocked by ADMIN  - data recovery

2019-09-17 05:53:38

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.51.216.20
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25513
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.51.216.20.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019072801 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Mon Jul 29 08:20:28 CST 2019
;; MSG SIZE  rcvd: 116

Host info

20.216.51.42.in-addr.arpa domain name pointer idc.ly.ha.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
20.216.51.42.in-addr.arpa	name = idc.ly.ha.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
87.97.76.16	attack	Jul 10 21:47:09 localhost sshd\[7475\]: Invalid user ubuntu from 87.97.76.16 Jul 10 21:47:09 localhost sshd\[7475\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.97.76.16 Jul 10 21:47:12 localhost sshd\[7475\]: Failed password for invalid user ubuntu from 87.97.76.16 port 60795 ssh2 Jul 10 21:50:43 localhost sshd\[7723\]: Invalid user adriana from 87.97.76.16 Jul 10 21:50:43 localhost sshd\[7723\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.97.76.16 ...	2019-07-11 04:54:28
188.131.145.123	attackspam	Jul 10 21:00:43 mail sshd[24845]: Invalid user lucio from 188.131.145.123 Jul 10 21:00:43 mail sshd[24845]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.131.145.123 Jul 10 21:00:43 mail sshd[24845]: Invalid user lucio from 188.131.145.123 Jul 10 21:00:45 mail sshd[24845]: Failed password for invalid user lucio from 188.131.145.123 port 56294 ssh2 Jul 10 21:06:46 mail sshd[28958]: Invalid user gh from 188.131.145.123 ...	2019-07-11 05:16:53
81.170.224.6	attackbotsspam	Unauthorised access (Jul 10) SRC=81.170.224.6 LEN=40 TTL=50 ID=43746 TCP DPT=8080 WINDOW=57835 SYN Unauthorised access (Jul 10) SRC=81.170.224.6 LEN=40 TTL=50 ID=21153 TCP DPT=8080 WINDOW=39138 SYN	2019-07-11 04:35:37
129.211.52.70	attack	2019-07-10T19:24:51.876528abusebot-4.cloudsearch.cf sshd\[27443\]: Invalid user oracle from 129.211.52.70 port 43574	2019-07-11 05:21:57
90.22.255.116	attackspambots	Jul 10 21:36:22 shared09 sshd[2912]: Invalid user reseller from 90.22.255.116 Jul 10 21:36:22 shared09 sshd[2912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=90.22.255.116 Jul 10 21:36:25 shared09 sshd[2912]: Failed password for invalid user reseller from 90.22.255.116 port 55084 ssh2 Jul 10 21:36:25 shared09 sshd[2912]: Received disconnect from 90.22.255.116 port 55084:11: Bye Bye [preauth] Jul 10 21:36:25 shared09 sshd[2912]: Disconnected from 90.22.255.116 port 55084 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=90.22.255.116	2019-07-11 05:22:39
1.160.34.191	attackbotsspam	Scanning random ports - tries to find possible vulnerable services	2019-07-11 05:03:06
222.186.15.217	attack	2019-07-10T18:28:57.850010Z \[cowrie.ssh.factory.CowrieSSHFactory\] New connection: 222.186.15.217:61909 \(107.175.91.48:22\) \[session: 1d8bf6f7599f\] 2019-07-10T20:49:16.959308Z \[cowrie.ssh.factory.CowrieSSHFactory\] New connection: 222.186.15.217:24249 \(107.175.91.48:22\) \[session: 28463ad177b7\] ...	2019-07-11 05:08:59
2.183.215.251	attackbots	Caught in portsentry honeypot	2019-07-11 04:50:54
138.197.162.28	attack	detected by Fail2Ban	2019-07-11 05:15:35
115.90.219.20	attackspambots	Jul 10 20:26:09 XXX sshd[2985]: Invalid user nb from 115.90.219.20 port 53708	2019-07-11 05:15:56
122.225.100.82	attack	Jul 10 21:06:37 vpn01 sshd\[25812\]: Invalid user agostino from 122.225.100.82 Jul 10 21:06:37 vpn01 sshd\[25812\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.225.100.82 Jul 10 21:06:39 vpn01 sshd\[25812\]: Failed password for invalid user agostino from 122.225.100.82 port 33736 ssh2	2019-07-11 05:11:14
118.25.7.123	attackspam	Jul 10 21:00:51 uapps sshd[11823]: Failed password for invalid user diamond from 118.25.7.123 port 57806 ssh2 Jul 10 21:00:51 uapps sshd[11823]: Received disconnect from 118.25.7.123: 11: Bye Bye [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=118.25.7.123	2019-07-11 05:19:50
219.73.101.194	attackbotsspam	Jul 10 21:41:55 [host] sshd[12686]: Invalid user vikas from 219.73.101.194 Jul 10 21:41:55 [host] sshd[12686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=219.73.101.194 Jul 10 21:41:56 [host] sshd[12686]: Failed password for invalid user vikas from 219.73.101.194 port 60092 ssh2	2019-07-11 05:22:54
139.59.44.60	attackspambots	SSH-bruteforce attempts	2019-07-11 04:53:45
193.187.174.70	attackbots	Jul 10 20:57:22 mail1 sshd[7088]: Invalid user control from 193.187.174.70 port 46898 Jul 10 20:57:22 mail1 sshd[7088]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.187.174.70 Jul 10 20:57:25 mail1 sshd[7088]: Failed password for invalid user control from 193.187.174.70 port 46898 ssh2 Jul 10 20:57:25 mail1 sshd[7088]: Received disconnect from 193.187.174.70 port 46898:11: Bye Bye [preauth] Jul 10 20:57:25 mail1 sshd[7088]: Disconnected from 193.187.174.70 port 46898 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=193.187.174.70	2019-07-11 04:40:06

Recently Reported IPs

71.227.91.65	51.68.225.229	65.113.222.36	105.121.74.162
187.51.140.18	6.90.68.104	124.29.217.168	2a02:2788:1000:0:6037:fc9a:27ac:f2bf
5.249.160.8	210.86.134.160	160.226.219.172	77.40.103.153
188.166.108.161	210.94.217.12	186.251.169.198	2.40.187.22
77.252.26.48	93.86.138.31	79.51.90.210	129.211.36.183