112.81.195.53 - IPInfo

基本信息:

城市(city): Wuxi

省份(region): Jiangsu

国家(country): China

运营商(isp): China Unicom Jiangsu Province Network

主机名(hostname): unknown

机构(organization): CHINA UNICOM China169 Backbone

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	Jun 21 05:28:21 xxxx sshd[23844]: error: maximum authentication attempts exceeded for invalid user admin from 112.81.195.53 port 50849 ssh2 [preauth]	2019-06-21 15:01:41

相同子网IP讨论:

暂无关于此IP所属子网相关IP的讨论.

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 112.81.195.53
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12870
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;112.81.195.53.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019062100 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Jun 21 15:01:36 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

Host 53.195.81.112.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 53.195.81.112.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
103.23.101.166	attack	srvr1: (mod_security) mod_security (id:942100) triggered by 103.23.101.166 (ID/-/-): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/21 12:01:53 [error] 482759#0: 840087 [client 103.23.101.166] ModSecurity: Access denied with code 406 (phase 2). [file "/etc/modsecurity.d/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "45"] [id "942100"] [rev ""] [msg ""] [redacted] [severity "0"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [redacted] [uri "/forum/viewthread.php"] [unique_id "159801131399.335128"] [ref ""], client: 103.23.101.166, [redacted] request: "GET /forum/viewthread.php?thread_id=1122%29+AND+UPDATEXML%285947%2CCONCAT%280x2e%2C0x746545353047%2C%28SELECT+%28ELT%282836%3D2836%2C1%29%29%29%2C0x746545353047%29%2C5431%29--+YUZJ HTTP/1.1" [redacted]	2020-08-22 02:55:01
189.207.105.76	attackspam	Automatic report - Port Scan Attack	2020-08-22 02:27:41
185.121.165.254	attackspam	firewall-block, port(s): 623/tcp	2020-08-22 02:32:56
61.190.255.186	attack	Attempts against SMTP/SSMTP	2020-08-22 02:25:54
83.110.150.23	attack	20/8/21@08:02:05: FAIL: Alarm-Network address from=83.110.150.23 20/8/21@08:02:05: FAIL: Alarm-Network address from=83.110.150.23 ...	2020-08-22 02:43:07
106.12.207.92	attack	2020-08-21T16:10:27.550121vps751288.ovh.net sshd\[21531\]: Invalid user postgres from 106.12.207.92 port 47914 2020-08-21T16:10:27.557758vps751288.ovh.net sshd\[21531\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.207.92 2020-08-21T16:10:29.792428vps751288.ovh.net sshd\[21531\]: Failed password for invalid user postgres from 106.12.207.92 port 47914 ssh2 2020-08-21T16:15:06.577326vps751288.ovh.net sshd\[21560\]: Invalid user tju1 from 106.12.207.92 port 44060 2020-08-21T16:15:06.583436vps751288.ovh.net sshd\[21560\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.207.92	2020-08-22 02:27:56
112.119.28.92	attack	Bad protocol version identification ''	2020-08-22 02:52:54
85.95.178.149	attack	$f2bV_matches	2020-08-22 02:55:14
5.188.206.194	attackspam	2020-08-21 20:50:45 dovecot_login authenticator failed for $\[5.188.206.194\]$ \[5.188.206.194\]: 535 Incorrect authentication data $set_id=ssl@nophost.com$ 2020-08-21 20:50:57 dovecot_login authenticator failed for $\[5.188.206.194\]$ \[5.188.206.194\]: 535 Incorrect authentication data 2020-08-21 20:51:09 dovecot_login authenticator failed for $\[5.188.206.194\]$ \[5.188.206.194\]: 535 Incorrect authentication data 2020-08-21 20:51:24 dovecot_login authenticator failed for $\[5.188.206.194\]$ \[5.188.206.194\]: 535 Incorrect authentication data 2020-08-21 20:51:27 dovecot_login authenticator failed for $\[5.188.206.194\]$ \[5.188.206.194\]: 535 Incorrect authentication data $set_id=ssl$	2020-08-22 03:01:26
49.206.228.138	attack	SSH Login Bruteforce	2020-08-22 02:40:30
206.189.121.29	attackbots	206.189.121.29 - - [21/Aug/2020:20:28:52 +0200] "GET /wp-login.php HTTP/1.1" 200 8775 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 206.189.121.29 - - [21/Aug/2020:20:28:58 +0200] "POST /wp-login.php HTTP/1.1" 200 9026 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 206.189.121.29 - - [21/Aug/2020:20:28:59 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-22 03:05:02
193.112.171.201	attackspam	Aug 21 11:20:03 firewall sshd[18826]: Invalid user sadmin from 193.112.171.201 Aug 21 11:20:05 firewall sshd[18826]: Failed password for invalid user sadmin from 193.112.171.201 port 47316 ssh2 Aug 21 11:25:31 firewall sshd[19066]: Invalid user hiperg from 193.112.171.201 ...	2020-08-22 02:53:43
212.64.73.102	attackspam	fail2ban	2020-08-22 02:48:21
45.116.233.50	attackbotsspam	Unauthorized connection attempt from IP address 45.116.233.50 on Port 445(SMB)	2020-08-22 02:49:32
5.150.247.132	attackspam	srvr1: (mod_security) mod_security (id:942100) triggered by 5.150.247.132 (SE/-/h-247-132.A328.priv.bahnhof.se): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/21 12:01:42 [error] 482759#0: 840084 [client 5.150.247.132] ModSecurity: Access denied with code 406 (phase 2). [file "/etc/modsecurity.d/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "45"] [id "942100"] [rev ""] [msg ""] [redacted] [severity "0"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [redacted] [uri "/forum/viewthread.php"] [unique_id "159801130283.685144"] [ref ""], client: 5.150.247.132, [redacted] request: "GET /forum/viewthread.php?thread_id=1122%29+OR+UPDATEXML%285947%2CCONCAT%280x2e%2C0x4d4554334764%2C%28SELECT+%28ELT%282836%3D2836%2C1%29%29%29%2C0x4d4554334764%29%2C5431%29%23+jEfb HTTP/1.1" [redacted]	2020-08-22 03:04:50

最近上报的IP列表

83.209.143.189	195.91.155.114	94.195.24.201	141.105.111.244
193.194.92.254	125.113.1.130	8.182.86.185	61.163.159.200
92.145.132.253	106.139.9.184	40.1.198.28	35.109.173.164
1.193.96.139	77.157.10.171	142.17.161.82	70.34.219.224
125.25.230.120	50.223.234.110	96.207.11.168	83.221.250.0