51.144.73.94 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Netherlands

Internet Service Provider: Microsoft Limited

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	(sshd) Failed SSH login from 51.144.73.94 (NL/Netherlands/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 24 21:51:00 optimus sshd[421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.144.73.94 user=root Sep 24 21:51:00 optimus sshd[422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.144.73.94 user=root Sep 24 21:51:00 optimus sshd[424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.144.73.94 user=root Sep 24 21:51:00 optimus sshd[425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.144.73.94 user=root Sep 24 21:51:00 optimus sshd[420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.144.73.94 user=root	2020-09-25 10:30:13

Type

Details

Datetime

attack

(sshd) Failed SSH login from 51.144.73.94 (NL/Netherlands/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 24 21:51:00 optimus sshd[421]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.144.73.94  user=root
Sep 24 21:51:00 optimus sshd[422]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.144.73.94  user=root
Sep 24 21:51:00 optimus sshd[424]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.144.73.94  user=root
Sep 24 21:51:00 optimus sshd[425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.144.73.94  user=root
Sep 24 21:51:00 optimus sshd[420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.144.73.94  user=root

2020-09-25 10:30:13

Comments on same subnet:

IP	Type	Details	Datetime
51.144.73.114	attackspam	51.144.73.114 - - [09/Aug/2020:22:48:48 +0200] "GET /wp-login.php HTTP/1.1" 200 6060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [09/Aug/2020:22:48:49 +0200] "POST /wp-login.php HTTP/1.1" 200 6311 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [09/Aug/2020:22:48:49 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-10 06:08:32
51.144.73.114	attackspambots	51.144.73.114 - - [07/Aug/2020:14:08:01 +0200] "GET /wp-login.php HTTP/1.1" 200 6310 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [07/Aug/2020:14:08:02 +0200] "POST /wp-login.php HTTP/1.1" 200 6561 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [07/Aug/2020:14:08:02 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-07 21:08:46
51.144.73.114	attack	51.144.73.114 - - [02/Aug/2020:04:53:34 +0100] "POST /wp-login.php HTTP/1.1" 200 2261 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [02/Aug/2020:04:53:35 +0100] "POST /wp-login.php HTTP/1.1" 200 2258 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [02/Aug/2020:04:53:35 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-02 14:05:18
51.144.73.114	attack	51.144.73.114 - - [30/Jul/2020:10:09:55 +0200] "GET /wp-login.php HTTP/1.1" 200 5738 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [30/Jul/2020:10:09:56 +0200] "POST /wp-login.php HTTP/1.1" 200 5989 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [30/Jul/2020:10:09:57 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-07-30 20:03:54
51.144.73.114	attack	Hacking activity	2020-07-28 01:12:01
51.144.73.114	attackspam	diesunddas.net 51.144.73.114 [04/Jul/2020:04:22:08 +0200] "POST /wp-login.php HTTP/1.1" 200 8449 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" diesunddas.net 51.144.73.114 [04/Jul/2020:04:22:08 +0200] "POST /wp-login.php HTTP/1.1" 200 8449 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-07-04 11:01:03
51.144.73.114	attackbots	51.144.73.114 has been banned for [WebApp Attack] ...	2020-06-28 06:22:05
51.144.73.114	attackspambots	51.144.73.114 - - \[25/Jun/2020:20:14:36 +0200\] "POST /wp-login.php HTTP/1.1" 200 9954 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - \[25/Jun/2020:20:14:37 +0200\] "POST /wp-login.php HTTP/1.1" 200 9823 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" ...	2020-06-26 03:06:26
51.144.73.114	attackbots	51.144.73.114 - - [23/Jun/2020:09:10:18 +0100] "POST /wp-login.php HTTP/1.1" 200 1996 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [23/Jun/2020:09:10:20 +0100] "POST /wp-login.php HTTP/1.1" 200 1924 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [23/Jun/2020:09:10:22 +0100] "POST /xmlrpc.php HTTP/1.1" 200 247 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-06-23 18:34:34
51.144.73.114	attack	51.144.73.114 - - [22/Jun/2020:10:39:17 +0100] "POST /wp-login.php HTTP/1.1" 200 1927 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [22/Jun/2020:10:39:18 +0100] "POST /wp-login.php HTTP/1.1" 200 1885 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [22/Jun/2020:10:39:18 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-06-22 19:33:42
51.144.73.114	attackspam	51.144.73.114 - - [19/Jun/2020:01:02:42 +0200] "GET /wp-login.php HTTP/1.1" 200 5738 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [19/Jun/2020:01:02:43 +0200] "POST /wp-login.php HTTP/1.1" 200 5989 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [19/Jun/2020:01:02:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-06-19 07:45:05
51.144.73.114	attack	Automatic report - XMLRPC Attack	2020-06-06 22:59:23
51.144.73.114	attackspambots	51.144.73.114 - - [04/Jun/2020:14:09:28 +0200] "GET /wp-login.php HTTP/1.1" 200 1689 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [04/Jun/2020:14:09:28 +0200] "POST /wp-login.php HTTP/1.1" 200 1811 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [04/Jun/2020:14:09:28 +0200] "GET /wp-login.php HTTP/1.1" 200 1689 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [04/Jun/2020:14:09:28 +0200] "POST /wp-login.php HTTP/1.1" 200 1799 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [04/Jun/2020:14:09:28 +0200] "GET /wp-login.php HTTP/1.1" 200 1689 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [04/Jun/2020:14:09:28 +0200] "POST /wp-login.php HTTP/1.1" 200 1798 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Fir ...	2020-06-04 20:49:19
51.144.73.114	attack	51.144.73.114 - - [03/Jun/2020:18:04:05 +0200] "POST /xmlrpc.php HTTP/1.1" 403 15310 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 51.144.73.114 - - [03/Jun/2020:18:07:56 +0200] "POST /xmlrpc.php HTTP/1.1" 403 611 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-06-04 01:31:55
51.144.73.114	attack	xmlrpc attack	2020-06-02 13:04:43

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 51.144.73.94
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1939
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;51.144.73.94.			IN	A

;; AUTHORITY SECTION:
.			289	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020092402 1800 900 604800 86400

;; Query time: 19 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Sep 25 10:30:10 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 94.73.144.51.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 94.73.144.51.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
87.204.167.252	attack	Sep 13 18:23:57 mail.srvfarm.net postfix/smtpd[1229040]: warning: unknown[87.204.167.252]: SASL PLAIN authentication failed: Sep 13 18:23:57 mail.srvfarm.net postfix/smtpd[1229040]: lost connection after AUTH from unknown[87.204.167.252] Sep 13 18:29:27 mail.srvfarm.net postfix/smtpd[1232281]: warning: unknown[87.204.167.252]: SASL PLAIN authentication failed: Sep 13 18:29:27 mail.srvfarm.net postfix/smtpd[1232281]: lost connection after AUTH from unknown[87.204.167.252] Sep 13 18:33:43 mail.srvfarm.net postfix/smtpd[1230212]: warning: unknown[87.204.167.252]: SASL PLAIN authentication failed:	2020-09-14 19:37:56
180.166.208.56	attackbotsspam	failed_logins	2020-09-14 19:31:26
51.89.68.141	attack	Sep 14 11:38:50 hosting sshd[24017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip141.ip-51-89-68.eu user=root Sep 14 11:38:51 hosting sshd[24017]: Failed password for root from 51.89.68.141 port 60366 ssh2 ...	2020-09-14 19:19:49
91.83.161.153	attack	Sep 13 18:33:46 mail.srvfarm.net postfix/smtpd[1233116]: warning: unknown[91.83.161.153]: SASL PLAIN authentication failed: Sep 13 18:33:46 mail.srvfarm.net postfix/smtpd[1233116]: lost connection after AUTH from unknown[91.83.161.153] Sep 13 18:38:17 mail.srvfarm.net postfix/smtpd[1232281]: warning: unknown[91.83.161.153]: SASL PLAIN authentication failed: Sep 13 18:38:17 mail.srvfarm.net postfix/smtpd[1232281]: lost connection after AUTH from unknown[91.83.161.153] Sep 13 18:41:52 mail.srvfarm.net postfix/smtpd[1234121]: warning: unknown[91.83.161.153]: SASL PLAIN authentication failed:	2020-09-14 19:37:39
200.73.130.156	attackbots	2020-09-14T04:49:55.066038server.mjenks.net sshd[1121100]: Invalid user sybase from 200.73.130.156 port 52242 2020-09-14T04:49:55.073369server.mjenks.net sshd[1121100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.73.130.156 2020-09-14T04:49:55.066038server.mjenks.net sshd[1121100]: Invalid user sybase from 200.73.130.156 port 52242 2020-09-14T04:49:57.472240server.mjenks.net sshd[1121100]: Failed password for invalid user sybase from 200.73.130.156 port 52242 ssh2 2020-09-14T04:54:35.964297server.mjenks.net sshd[1121666]: Invalid user openelec from 200.73.130.156 port 39266 ...	2020-09-14 19:07:23
207.248.109.244	attackbotsspam	Sep 13 17:57:25 mail.srvfarm.net postfix/smtpd[1214684]: warning: unknown[207.248.109.244]: SASL PLAIN authentication failed: Sep 13 17:57:25 mail.srvfarm.net postfix/smtpd[1214684]: lost connection after AUTH from unknown[207.248.109.244] Sep 13 18:04:17 mail.srvfarm.net postfix/smtps/smtpd[1216382]: warning: unknown[207.248.109.244]: SASL PLAIN authentication failed: Sep 13 18:04:17 mail.srvfarm.net postfix/smtps/smtpd[1216382]: lost connection after AUTH from unknown[207.248.109.244] Sep 13 18:06:58 mail.srvfarm.net postfix/smtpd[1215356]: warning: unknown[207.248.109.244]: SASL PLAIN authentication failed:	2020-09-14 19:41:12
82.177.80.73	attackspambots	Sep 13 18:46:48 mail.srvfarm.net postfix/smtpd[1233117]: warning: unknown[82.177.80.73]: SASL PLAIN authentication failed: Sep 13 18:46:48 mail.srvfarm.net postfix/smtpd[1233117]: lost connection after AUTH from unknown[82.177.80.73] Sep 13 18:49:44 mail.srvfarm.net postfix/smtpd[1232282]: warning: unknown[82.177.80.73]: SASL PLAIN authentication failed: Sep 13 18:49:44 mail.srvfarm.net postfix/smtpd[1232282]: lost connection after AUTH from unknown[82.177.80.73] Sep 13 18:50:08 mail.srvfarm.net postfix/smtpd[1231911]: warning: unknown[82.177.80.73]: SASL PLAIN authentication failed:	2020-09-14 19:14:56
183.57.46.131	attackbots	Port scan: Attack repeated for 24 hours	2020-09-14 19:26:14
125.40.90.188	attackspambots	Invalid user ubuntu from 125.40.90.188 port 58802	2020-09-14 19:08:24
138.36.200.12	attackbots	Sep 13 18:26:11 mail.srvfarm.net postfix/smtpd[1232020]: warning: unknown[138.36.200.12]: SASL PLAIN authentication failed: Sep 13 18:26:12 mail.srvfarm.net postfix/smtpd[1232020]: lost connection after AUTH from unknown[138.36.200.12] Sep 13 18:26:24 mail.srvfarm.net postfix/smtpd[1232282]: warning: unknown[138.36.200.12]: SASL PLAIN authentication failed: Sep 13 18:26:24 mail.srvfarm.net postfix/smtpd[1232282]: lost connection after AUTH from unknown[138.36.200.12] Sep 13 18:35:02 mail.srvfarm.net postfix/smtps/smtpd[1230769]: warning: unknown[138.36.200.12]: SASL PLAIN authentication failed:	2020-09-14 19:36:01
182.61.150.42	attackbots	sshd: Failed password for invalid user .... from 182.61.150.42 port 44326 ssh2 (8 attempts)	2020-09-14 18:59:14
185.250.205.84	attackspambots	firewall-block, port(s): 5491/tcp, 21264/tcp, 49398/tcp, 59114/tcp, 65205/tcp	2020-09-14 19:27:10
103.40.200.175	attack	Sep 13 18:37:13 mail.srvfarm.net postfix/smtps/smtpd[1230507]: warning: unknown[103.40.200.175]: SASL PLAIN authentication failed: Sep 13 18:37:13 mail.srvfarm.net postfix/smtps/smtpd[1230507]: lost connection after AUTH from unknown[103.40.200.175] Sep 13 18:41:07 mail.srvfarm.net postfix/smtps/smtpd[1230509]: warning: unknown[103.40.200.175]: SASL PLAIN authentication failed: Sep 13 18:41:08 mail.srvfarm.net postfix/smtps/smtpd[1230509]: lost connection after AUTH from unknown[103.40.200.175] Sep 13 18:43:19 mail.srvfarm.net postfix/smtpd[1232282]: warning: unknown[103.40.200.175]: SASL PLAIN authentication failed:	2020-09-14 19:36:35
51.77.140.111	attackbots	Invalid user admin from 51.77.140.111 port 55596	2020-09-14 19:03:38
5.188.206.30	attackspam	5.188.206.30:63067 - - [13/Sep/2020:18:44:02 +0200] "\x03" 400 311	2020-09-14 19:32:45

Recently Reported IPs

231.88.183.145	50.130.71.175	46.204.64.137	52.143.50.250
45.132.12.59	45.172.108.88	13.82.87.55	223.182.19.25
210.245.95.172	82.223.120.25	114.254.176.197	113.128.231.198
234.162.46.45	45.173.89.40	14.242.59.137	217.115.112.198
172.68.24.44	253.221.200.103	13.68.147.197	24.231.50.101