42.6.171.103 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Unicom Liaoning Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	MultiHost/MultiPort Probe, Scan, Hack -	2019-07-02 03:50:36

Comments on same subnet:

IP	Type	Details	Datetime
42.6.171.122	attackspam	" "	2020-01-07 07:06:16
42.6.171.57	attackbotsspam	Unauthorised access (Oct 8) SRC=42.6.171.57 LEN=40 TTL=49 ID=25107 TCP DPT=8080 WINDOW=42931 SYN Unauthorised access (Oct 8) SRC=42.6.171.57 LEN=40 TTL=49 ID=41805 TCP DPT=8080 WINDOW=42931 SYN Unauthorised access (Oct 7) SRC=42.6.171.57 LEN=40 TTL=49 ID=37673 TCP DPT=8080 WINDOW=42931 SYN	2019-10-09 07:57:43

Type

Details

Datetime

42.6.171.122

attackspam

" "

2020-01-07 07:06:16

42.6.171.57

attackbotsspam

Unauthorised access (Oct  8) SRC=42.6.171.57 LEN=40 TTL=49 ID=25107 TCP DPT=8080 WINDOW=42931 SYN 
Unauthorised access (Oct  8) SRC=42.6.171.57 LEN=40 TTL=49 ID=41805 TCP DPT=8080 WINDOW=42931 SYN 
Unauthorised access (Oct  7) SRC=42.6.171.57 LEN=40 TTL=49 ID=37673 TCP DPT=8080 WINDOW=42931 SYN

2019-10-09 07:57:43

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.6.171.103
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40315
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.6.171.103.			IN	A

;; AUTHORITY SECTION:
.			2061	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019070101 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Tue Jul 02 03:50:31 CST 2019
;; MSG SIZE  rcvd: 116

Host info

Host 103.171.6.42.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 103.171.6.42.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
201.38.172.76	attack	Mar 1 10:56:15 NPSTNNYC01T sshd[17001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.38.172.76 Mar 1 10:56:17 NPSTNNYC01T sshd[17001]: Failed password for invalid user webuser from 201.38.172.76 port 50002 ssh2 Mar 1 11:00:18 NPSTNNYC01T sshd[17279]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.38.172.76 ...	2020-03-02 00:09:38
106.12.38.175	attack	Feb 28 19:59:58 fwweb01 sshd[22645]: Invalid user user from 106.12.38.175 Feb 28 19:59:58 fwweb01 sshd[22645]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.38.175 Feb 28 20:00:00 fwweb01 sshd[22645]: Failed password for invalid user user from 106.12.38.175 port 54584 ssh2 Feb 28 20:00:00 fwweb01 sshd[22645]: Received disconnect from 106.12.38.175: 11: Bye Bye [preauth] Feb 28 20:03:47 fwweb01 sshd[22824]: Invalid user loyal from 106.12.38.175 Feb 28 20:03:47 fwweb01 sshd[22824]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.38.175 Feb 28 20:03:49 fwweb01 sshd[22824]: Failed password for invalid user loyal from 106.12.38.175 port 43888 ssh2 Feb 28 20:03:49 fwweb01 sshd[22824]: Received disconnect from 106.12.38.175: 11: Bye Bye [preauth] Feb 28 20:07:11 fwweb01 sshd[22948]: Invalid user Ronald from 106.12.38.175 Feb 28 20:07:11 fwweb01 sshd[22948]: pam_unix(sshd:auth): au........ -------------------------------	2020-03-02 00:10:30
159.65.148.91	attackbots	$f2bV_matches	2020-03-02 00:18:31
34.92.108.207	attackspam	Feb 28 17:38:16 de sshd[16130]: User r.r from 207.108.92.34.bc.googleusercontent.com not allowed because not listed in AllowUsers Feb 28 17:38:16 de sshd[16130]: User r.r from 207.108.92.34.bc.googleusercontent.com not allowed because not listed in AllowUsers Feb 28 17:38:16 de sshd[16130]: Failed password for invalid user r.r from 34.92.108.207 port 55818 ssh2 Feb 28 17:39:22 de sshd[16194]: Invalid user e from 34.92.108.207 Feb 28 17:39:22 de sshd[16194]: Failed password for invalid user e from 34.92.108.207 port 35064 ssh2 Feb 28 17:40:35 de sshd[16213]: Invalid user dev from 34.92.108.207 Feb 28 17:40:35 de sshd[16213]: Failed password for invalid user dev from 34.92.108.207 port 42510 ssh2 Feb 28 17:41:40 de sshd[16233]: Invalid user matlab from 34.92.108.207 Feb 28 17:41:40 de sshd[16233]: Failed password for invalid user matlab from 34.92.108.207 port 50090 ssh2 Feb 28 17:42:55 de sshd[16242]: Invalid user deepak from 34.92.108.207 Feb 28 17:42:55 de sshd[16242]: ........ ------------------------------	2020-03-02 00:00:19
45.125.65.42	attackbotsspam	2020-03-01 16:50:24 dovecot_login authenticator failed for $User$ \[45.125.65.42\]: 535 Incorrect authentication data $set_id=147852369$ 2020-03-01 16:50:34 dovecot_login authenticator failed for $User$ \[45.125.65.42\]: 535 Incorrect authentication data $set_id=contact@no-server.de$ 2020-03-01 16:51:44 dovecot_login authenticator failed for $User$ \[45.125.65.42\]: 535 Incorrect authentication data $set_id=contact@no-server.de$ 2020-03-01 16:51:59 dovecot_login authenticator failed for $User$ \[45.125.65.42\]: 535 Incorrect authentication data $set_id=147852369$ 2020-03-01 16:52:03 dovecot_login authenticator failed for $User$ \[45.125.65.42\]: 535 Incorrect authentication data $set_id=147852369$ ...	2020-03-01 23:57:18
188.166.185.236	attackspam	Mar 1 16:50:25 * sshd[17281]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.185.236 Mar 1 16:50:27 * sshd[17281]: Failed password for invalid user tester from 188.166.185.236 port 50056 ssh2	2020-03-02 00:00:43
192.3.34.26	attack	03/01/2020-09:08:42.022727 192.3.34.26 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-03-02 00:13:49
107.173.118.152	attackbots	Mar 1 14:24:36 vps647732 sshd[21792]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.173.118.152 Mar 1 14:24:37 vps647732 sshd[21792]: Failed password for invalid user plex from 107.173.118.152 port 48380 ssh2 ...	2020-03-01 23:35:06
185.175.208.73	attack	Mar 1 05:10:03 wbs sshd\[19908\]: Invalid user tanxjian from 185.175.208.73 Mar 1 05:10:03 wbs sshd\[19908\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.175.208.73 Mar 1 05:10:05 wbs sshd\[19908\]: Failed password for invalid user tanxjian from 185.175.208.73 port 50130 ssh2 Mar 1 05:18:40 wbs sshd\[20660\]: Invalid user rahul from 185.175.208.73 Mar 1 05:18:40 wbs sshd\[20660\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.175.208.73	2020-03-01 23:37:09
185.44.66.99	attack	2020-03-01T15:05:02.682864shield sshd\[32541\]: Invalid user ubuntu from 185.44.66.99 port 42507 2020-03-01T15:05:02.688204shield sshd\[32541\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.44.66.99 2020-03-01T15:05:04.626700shield sshd\[32541\]: Failed password for invalid user ubuntu from 185.44.66.99 port 42507 ssh2 2020-03-01T15:06:40.830404shield sshd\[464\]: Invalid user rabbitmq from 185.44.66.99 port 55185 2020-03-01T15:06:40.841133shield sshd\[464\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.44.66.99	2020-03-01 23:34:49
124.41.211.152	attackspam	Honeypot attack, port: 445, PTR: 152.211.41.124.dynamic.wlink.com.np.	2020-03-02 00:06:21
120.132.30.27	attack	Mar 1 14:24:19 ourumov-web sshd\[22185\]: Invalid user abdullah from 120.132.30.27 port 59608 Mar 1 14:24:19 ourumov-web sshd\[22185\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.132.30.27 Mar 1 14:24:21 ourumov-web sshd\[22185\]: Failed password for invalid user abdullah from 120.132.30.27 port 59608 ssh2 ...	2020-03-01 23:48:52
49.234.60.177	attackspambots	Mar 1 10:23:31 server sshd\[30220\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.60.177 Mar 1 10:23:32 server sshd\[30220\]: Failed password for invalid user cpanelphpmyadmin from 49.234.60.177 port 57766 ssh2 Mar 1 16:24:05 server sshd\[30344\]: Invalid user gpadmin from 49.234.60.177 Mar 1 16:24:05 server sshd\[30344\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.60.177 Mar 1 16:24:07 server sshd\[30344\]: Failed password for invalid user gpadmin from 49.234.60.177 port 46148 ssh2 ...	2020-03-01 23:59:54
185.153.196.80	attackspam	Mar 1 16:51:09 debian-2gb-nbg1-2 kernel: \[5337055.465757\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=185.153.196.80 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=19314 PROTO=TCP SPT=43833 DPT=6001 WINDOW=1024 RES=0x00 SYN URGP=0	2020-03-01 23:51:16
177.37.71.40	attackspambots	Mar 1 16:54:52 silence02 sshd[15695]: Failed password for proxy from 177.37.71.40 port 50580 ssh2 Mar 1 17:00:10 silence02 sshd[15986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.37.71.40 Mar 1 17:00:12 silence02 sshd[15986]: Failed password for invalid user louis from 177.37.71.40 port 56965 ssh2	2020-03-02 00:10:04

Recently Reported IPs

236.142.179.74	35.233.203.245	156.184.247.49	118.156.78.171
46.101.197.131	42.87.0.136	183.83.1.178	42.98.154.103
83.246.93.211	114.41.251.62	45.123.108.254	153.207.23.244
14.139.245.173	45.167.167.18	181.104.237.134	143.0.140.239
97.243.15.221	168.86.231.28	12.128.207.150	102.182.200.14