113.161.1.111 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Vietnam

运营商(isp): Vietnam Posts and Telecommunications Group

主机名(hostname): unknown

机构(organization): VNPT Corp

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbots	Mar 23 21:19:32 v22018086721571380 sshd[25323]: Failed password for invalid user ir from 113.161.1.111 port 46976 ssh2 Mar 23 21:22:56 v22018086721571380 sshd[25991]: Failed password for invalid user cacti from 113.161.1.111 port 45766 ssh2	2020-03-24 04:33:00
attackbotsspam	detected by Fail2Ban	2020-03-23 21:24:06
attack	Feb 22 05:08:01 game-panel sshd[10633]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111 Feb 22 05:08:03 game-panel sshd[10633]: Failed password for invalid user takamatsu from 113.161.1.111 port 46736 ssh2 Feb 22 05:11:22 game-panel sshd[10796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111	2020-02-22 20:05:40
attackbots	"SSH brute force auth login attempt."	2020-01-23 19:01:17
attack	Unauthorized connection attempt detected from IP address 113.161.1.111 to port 2220 [J]	2020-01-21 07:19:11
attackspam	Jan 11 23:16:55 meumeu sshd[28260]: Failed password for root from 113.161.1.111 port 51552 ssh2 Jan 11 23:19:49 meumeu sshd[28777]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111 Jan 11 23:19:50 meumeu sshd[28777]: Failed password for invalid user os from 113.161.1.111 port 35915 ssh2 ...	2020-01-12 06:28:49
attack	Dec 1 23:43:50 MainVPS sshd[17402]: Invalid user bind from 113.161.1.111 port 54934 Dec 1 23:43:50 MainVPS sshd[17402]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111 Dec 1 23:43:50 MainVPS sshd[17402]: Invalid user bind from 113.161.1.111 port 54934 Dec 1 23:43:52 MainVPS sshd[17402]: Failed password for invalid user bind from 113.161.1.111 port 54934 ssh2 Dec 1 23:50:14 MainVPS sshd[28514]: Invalid user NetLinx from 113.161.1.111 port 60883 ...	2019-12-02 07:26:21
attack	Nov 25 17:52:29 h2177944 sshd\[25529\]: Invalid user wiroll from 113.161.1.111 port 36976 Nov 25 17:52:29 h2177944 sshd\[25529\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111 Nov 25 17:52:31 h2177944 sshd\[25529\]: Failed password for invalid user wiroll from 113.161.1.111 port 36976 ssh2 Nov 25 17:59:25 h2177944 sshd\[25942\]: Invalid user ching from 113.161.1.111 port 54125 ...	2019-11-26 01:24:28
attackspambots	Nov 25 08:20:36 pkdns2 sshd\[43542\]: Address 113.161.1.111 maps to static.vnpt.vn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!Nov 25 08:20:36 pkdns2 sshd\[43542\]: Invalid user dorri from 113.161.1.111Nov 25 08:20:38 pkdns2 sshd\[43542\]: Failed password for invalid user dorri from 113.161.1.111 port 34220 ssh2Nov 25 08:27:43 pkdns2 sshd\[43824\]: Address 113.161.1.111 maps to static.vnpt.vn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!Nov 25 08:27:43 pkdns2 sshd\[43824\]: Invalid user kazmer from 113.161.1.111Nov 25 08:27:46 pkdns2 sshd\[43824\]: Failed password for invalid user kazmer from 113.161.1.111 port 51834 ssh2 ...	2019-11-25 17:12:03
attackspambots	Oct 28 19:02:37 tdfoods sshd\[10591\]: Invalid user 123 from 113.161.1.111 Oct 28 19:02:37 tdfoods sshd\[10591\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111 Oct 28 19:02:39 tdfoods sshd\[10591\]: Failed password for invalid user 123 from 113.161.1.111 port 39428 ssh2 Oct 28 19:07:13 tdfoods sshd\[10952\]: Invalid user 1a2b3c4d5e6f7g from 113.161.1.111 Oct 28 19:07:13 tdfoods sshd\[10952\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111	2019-10-29 17:36:50
attackspambots	Oct 25 16:13:36 vps01 sshd[25220]: Failed password for root from 113.161.1.111 port 35204 ssh2	2019-10-25 22:32:18
attack	Oct 18 09:48:57 web9 sshd\[32067\]: Invalid user luka123 from 113.161.1.111 Oct 18 09:48:57 web9 sshd\[32067\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111 Oct 18 09:48:59 web9 sshd\[32067\]: Failed password for invalid user luka123 from 113.161.1.111 port 45467 ssh2 Oct 18 09:53:39 web9 sshd\[32684\]: Invalid user changeme from 113.161.1.111 Oct 18 09:53:39 web9 sshd\[32684\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111	2019-10-19 04:07:35
attack	Sep 17 11:38:50 eventyay sshd[19563]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111 Sep 17 11:38:52 eventyay sshd[19563]: Failed password for invalid user hp from 113.161.1.111 port 54981 ssh2 Sep 17 11:43:41 eventyay sshd[19678]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111 ...	2019-09-17 19:37:22
attack	2019-09-05T03:24:22.529910abusebot-8.cloudsearch.cf sshd\[23514\]: Invalid user userftp from 113.161.1.111 port 51979	2019-09-05 11:32:43
attackspambots	Invalid user jayden from 113.161.1.111 port 36056	2019-08-31 15:09:00
attackbots	$f2bV_matches	2019-08-20 07:45:05
attack	Aug 15 07:08:03 microserver sshd[30875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111 user=root Aug 15 07:08:04 microserver sshd[30875]: Failed password for root from 113.161.1.111 port 42167 ssh2 Aug 15 07:13:23 microserver sshd[31657]: Invalid user teamspeak from 113.161.1.111 port 37754 Aug 15 07:13:23 microserver sshd[31657]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111 Aug 15 07:13:24 microserver sshd[31657]: Failed password for invalid user teamspeak from 113.161.1.111 port 37754 ssh2 Aug 15 07:23:52 microserver sshd[33227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111 user=root Aug 15 07:23:54 microserver sshd[33227]: Failed password for root from 113.161.1.111 port 57158 ssh2 Aug 15 07:29:12 microserver sshd[34001]: Invalid user guest from 113.161.1.111 port 52747 Aug 15 07:29:12 microserver sshd[34001]: pam_unix(sshd:auth): authen	2019-08-15 14:01:17
attackbots	ssh failed login	2019-08-12 08:56:19
attackspambots	Jul 31 08:27:21 site3 sshd\[121370\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111 user=root Jul 31 08:27:24 site3 sshd\[121370\]: Failed password for root from 113.161.1.111 port 33812 ssh2 Jul 31 08:32:27 site3 sshd\[121479\]: Invalid user aleja from 113.161.1.111 Jul 31 08:32:27 site3 sshd\[121479\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111 Jul 31 08:32:29 site3 sshd\[121479\]: Failed password for invalid user aleja from 113.161.1.111 port 58930 ssh2 ...	2019-07-31 15:15:15
attackspam	Jul 18 15:01:43 aat-srv002 sshd[18906]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111 Jul 18 15:01:45 aat-srv002 sshd[18906]: Failed password for invalid user test from 113.161.1.111 port 48252 ssh2 Jul 18 15:07:23 aat-srv002 sshd[19022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111 Jul 18 15:07:24 aat-srv002 sshd[19022]: Failed password for invalid user temp from 113.161.1.111 port 46959 ssh2 ...	2019-07-19 04:29:08
attackbotsspam	Jul 18 09:15:50 vps691689 sshd[31287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111 Jul 18 09:15:52 vps691689 sshd[31287]: Failed password for invalid user simon from 113.161.1.111 port 39648 ssh2 Jul 18 09:21:41 vps691689 sshd[31352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111 ...	2019-07-18 15:22:06
attackbots	Jul 17 18:47:06 vps691689 sshd[19559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.1.111 Jul 17 18:47:08 vps691689 sshd[19559]: Failed password for invalid user oracle from 113.161.1.111 port 48432 ssh2 ...	2019-07-18 00:56:58
attack	ssh failed login	2019-07-01 17:09:09

相同子网IP讨论:

IP	类型	评论内容	时间
113.161.160.8	attackspam	TCP ports : 445 / 1433	2020-09-29 04:17:24
113.161.160.8	attack	TCP ports : 445 / 1433	2020-09-28 20:31:34
113.161.160.8	attackbotsspam	firewall-block, port(s): 1433/tcp	2020-09-28 12:37:40
113.161.151.29	attackspambots	(imapd) Failed IMAP login from 113.161.151.29 (VN/Vietnam/static.vnpt.vn): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: Sep 11 19:38:39 ir1 dovecot[3110802]: imap-login: Disconnected (auth failed, 1 attempts in 4 secs): user=, method=PLAIN, rip=113.161.151.29, lip=5.63.12.44, TLS: Connection closed, session=	2020-09-12 00:57:18
113.161.151.29	attackspambots	Distributed brute force attack	2020-09-11 16:54:00
113.161.151.29	attackbotsspam	Distributed brute force attack	2020-09-11 09:07:08
113.161.150.162	attackbots	Icarus honeypot on github	2020-08-30 05:01:33
113.161.161.141	attack	445/tcp 445/tcp 445/tcp... [2020-07-06/08-28]4pkt,1pt.(tcp)	2020-08-28 18:54:33
113.161.176.14	attack	firewall-block, port(s): 445/tcp	2020-08-26 19:02:04
113.161.128.158	attackbots	20/8/23@23:52:07: FAIL: Alarm-Network address from=113.161.128.158 ...	2020-08-24 16:31:09
113.161.144.254	attack	Aug 22 05:51:45 root sshd[2872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 Aug 22 05:51:47 root sshd[2872]: Failed password for invalid user divya from 113.161.144.254 port 2442 ssh2 Aug 22 05:55:47 root sshd[3385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 ...	2020-08-22 12:26:35
113.161.128.192	attack	srvr1: (mod_security) mod_security (id:942100) triggered by 113.161.128.192 (VN/-/static.vnpt.vn): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/21 12:05:47 [error] 482759#0: 840589 [client 113.161.128.192] ModSecurity: Access denied with code 406 (phase 2). [file "/etc/modsecurity.d/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "45"] [id "942100"] [rev ""] [msg ""] [redacted] [severity "0"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/152/248/66"] [tag "PCI/6.5.2"] [redacted] [uri "/forum/viewthread.php"] [unique_id "159801154742.003820"] [ref ""], client: 113.161.128.192, [redacted] request: "GET /forum/viewthread.php?thread_id=1122%27%29%29+OR+++%28%286544%3D0 HTTP/1.1" [redacted]	2020-08-21 22:41:19
113.161.186.193	attackbotsspam	2 Attack(s) Detected [DoS Attack: RST Scan] from source: 113.161.186.193, port 38380, Wednesday, August 19, 2020 04:51:25 [DoS Attack: RST Scan] from source: 113.161.186.193, port 36684, Wednesday, August 19, 2020 04:49:48	2020-08-20 18:17:41
113.161.144.254	attack	Aug 19 23:58:08 itv-usvr-01 sshd[6697]: Invalid user document from 113.161.144.254 Aug 19 23:58:08 itv-usvr-01 sshd[6697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 Aug 19 23:58:08 itv-usvr-01 sshd[6697]: Invalid user document from 113.161.144.254 Aug 19 23:58:10 itv-usvr-01 sshd[6697]: Failed password for invalid user document from 113.161.144.254 port 47062 ssh2	2020-08-20 02:42:09
113.161.198.166	attack	1597722501 - 08/18/2020 05:48:21 Host: 113.161.198.166/113.161.198.166 Port: 445 TCP Blocked	2020-08-18 19:26:12

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 113.161.1.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38726
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;113.161.1.111.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019042501 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Fri Apr 26 03:04:09 +08 2019
;; MSG SIZE  rcvd: 117

HOST信息:

111.1.161.113.in-addr.arpa domain name pointer static.vnpt.vn.

NSLOOKUP信息:

Server:		67.207.67.3
Address:	67.207.67.3#53

Non-authoritative answer:
111.1.161.113.in-addr.arpa	name = static.vnpt.vn.

Authoritative answers can be found from:

IP	类型	评论内容	时间
162.142.125.37	attackbotsspam	Oct 9 23:44:33 baraca inetd[34221]: refused connection from scanner-04.ch1.censys-scanner.com, service sshd (tcp) Oct 9 23:44:35 baraca inetd[34222]: refused connection from scanner-04.ch1.censys-scanner.com, service sshd (tcp) Oct 9 23:44:36 baraca inetd[34225]: refused connection from scanner-04.ch1.censys-scanner.com, service sshd (tcp) ...	2020-10-11 04:07:26
162.142.125.44	attack	Oct 9 23:44:33 baraca inetd[34221]: refused connection from scanner-04.ch1.censys-scanner.com, service sshd (tcp) Oct 9 23:44:35 baraca inetd[34222]: refused connection from scanner-04.ch1.censys-scanner.com, service sshd (tcp) Oct 9 23:44:36 baraca inetd[34225]: refused connection from scanner-04.ch1.censys-scanner.com, service sshd (tcp) ...	2020-10-11 04:03:28
49.233.11.118	attackbotsspam	SSH invalid-user multiple login try	2020-10-11 03:43:34
41.249.250.209	attackbots	Oct 10 19:51:52 lnxmysql61 sshd[16136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.249.250.209	2020-10-11 03:55:21
165.227.152.10	attack	Invalid user oracle from 165.227.152.10 port 59378	2020-10-11 03:47:42
183.102.99.209	attackspam	Oct 10 07:01:59 ssh2 sshd[59678]: Invalid user user from 183.102.99.209 port 52684 Oct 10 07:01:59 ssh2 sshd[59678]: Failed password for invalid user user from 183.102.99.209 port 52684 ssh2 Oct 10 07:02:00 ssh2 sshd[59678]: Connection closed by invalid user user 183.102.99.209 port 52684 [preauth] ...	2020-10-11 03:59:12
186.91.32.211	attack	Oct 8 00:00:53 hidden sshd[14930]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.91.32.211 Oct 8 00:00:55 hidden sshd[14930]: Failed password for invalid user guest from 186.91.32.211 port 50056 ssh2 Oct 8 00:01:00 hidden sshd[21247]: Invalid user nagios from 186.91.32.211 port 50982	2020-10-11 03:52:14
80.82.70.178	attack	SMTP auth attack	2020-10-11 03:54:15
189.180.24.97	attackbotsspam	Oct 8 17:13:45 server770 sshd[16250]: Invalid user Parviz_ from 189.180.24.97 port 44754 Oct 8 17:13:45 server770 sshd[16250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.180.24.97 Oct 8 17:13:48 server770 sshd[16250]: Failed password for invalid user Parviz_ from 189.180.24.97 port 44754 ssh2 Oct 8 17:13:48 server770 sshd[16250]: Received disconnect from 189.180.24.97 port 44754:11: Bye Bye [preauth] Oct 8 17:13:48 server770 sshd[16250]: Disconnected from 189.180.24.97 port 44754 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=189.180.24.97	2020-10-11 03:41:07
188.131.233.36	attackspam	Oct 10 18:17:27 cdc sshd[14876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.131.233.36 user=root Oct 10 18:17:28 cdc sshd[14876]: Failed password for invalid user root from 188.131.233.36 port 43590 ssh2	2020-10-11 03:56:06
45.14.224.182	attack	SSH break in attempt ...	2020-10-11 04:00:18
190.202.109.244	attack	2020-10-11T02:21:20.723367billing sshd[22440]: Invalid user cricket from 190.202.109.244 port 41626 2020-10-11T02:21:22.784970billing sshd[22440]: Failed password for invalid user cricket from 190.202.109.244 port 41626 ssh2 2020-10-11T02:25:56.631354billing sshd[32766]: Invalid user internet from 190.202.109.244 port 32780 ...	2020-10-11 03:34:33
183.103.181.248	attackspambots	Oct 10 00:00:48 ssh2 sshd[19907]: User root from 183.103.181.248 not allowed because not listed in AllowUsers Oct 10 00:00:48 ssh2 sshd[19907]: Failed password for invalid user root from 183.103.181.248 port 47878 ssh2 Oct 10 00:00:48 ssh2 sshd[19907]: Connection closed by invalid user root 183.103.181.248 port 47878 [preauth] ...	2020-10-11 03:57:33
185.239.242.201	attackspam	[f2b] sshd bruteforce, retries: 1	2020-10-11 03:54:30
89.134.126.89	attackbots	SSH BruteForce Attack	2020-10-11 03:45:56

最近上报的IP列表

117.0.248.231	194.67.195.157	89.107.227.227	57.30.244.22
126.85.8.102	217.11.37.62	139.99.221.61	185.16.247.56
5.63.12.196	77.11.72.142	77.32.156.176	93.33.17.50
73.76.31.181	89.32.248.82	181.109.220.166	208.82.77.4
60.182.37.127	125.5.139.213	102.147.245.57	45.57.236.202