113.161.14.3 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Viet Nam

运营商(isp): Vietnam Posts and Telecommunications Group

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Attempt to attack host OS, exploiting network vulnerabilities, on 21-09-2019 13:50:17.	2019-09-22 04:23:48
attackspam	445/tcp [2019-06-27]1pkt	2019-06-27 21:19:32

相同子网IP讨论:

IP	类型	评论内容	时间
113.161.144.254	attack	Aug 22 05:51:45 root sshd[2872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 Aug 22 05:51:47 root sshd[2872]: Failed password for invalid user divya from 113.161.144.254 port 2442 ssh2 Aug 22 05:55:47 root sshd[3385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 ...	2020-08-22 12:26:35
113.161.144.254	attack	Aug 19 23:58:08 itv-usvr-01 sshd[6697]: Invalid user document from 113.161.144.254 Aug 19 23:58:08 itv-usvr-01 sshd[6697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 Aug 19 23:58:08 itv-usvr-01 sshd[6697]: Invalid user document from 113.161.144.254 Aug 19 23:58:10 itv-usvr-01 sshd[6697]: Failed password for invalid user document from 113.161.144.254 port 47062 ssh2	2020-08-20 02:42:09
113.161.144.254	attackbotsspam	Automatic report - Banned IP Access	2020-08-17 00:06:25
113.161.144.254	attackspambots	Lines containing failures of 113.161.144.254 Aug 11 07:04:59 nbi-636 sshd[19377]: User r.r from 113.161.144.254 not allowed because not listed in AllowUsers Aug 11 07:04:59 nbi-636 sshd[19377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 user=r.r Aug 11 07:05:00 nbi-636 sshd[19377]: Failed password for invalid user r.r from 113.161.144.254 port 53704 ssh2 Aug 11 07:05:01 nbi-636 sshd[19377]: Received disconnect from 113.161.144.254 port 53704:11: Bye Bye [preauth] Aug 11 07:05:01 nbi-636 sshd[19377]: Disconnected from invalid user r.r 113.161.144.254 port 53704 [preauth] Aug 11 07:08:10 nbi-636 sshd[20253]: User r.r from 113.161.144.254 not allowed because not listed in AllowUsers Aug 11 07:08:10 nbi-636 sshd[20253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 user=r.r Aug 11 07:08:12 nbi-636 sshd[20253]: Failed password for invalid user r.r from 113......... ------------------------------	2020-08-15 21:02:47
113.161.144.254	attack	Lines containing failures of 113.161.144.254 Aug 11 07:04:59 nbi-636 sshd[19377]: User r.r from 113.161.144.254 not allowed because not listed in AllowUsers Aug 11 07:04:59 nbi-636 sshd[19377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 user=r.r Aug 11 07:05:00 nbi-636 sshd[19377]: Failed password for invalid user r.r from 113.161.144.254 port 53704 ssh2 Aug 11 07:05:01 nbi-636 sshd[19377]: Received disconnect from 113.161.144.254 port 53704:11: Bye Bye [preauth] Aug 11 07:05:01 nbi-636 sshd[19377]: Disconnected from invalid user r.r 113.161.144.254 port 53704 [preauth] Aug 11 07:08:10 nbi-636 sshd[20253]: User r.r from 113.161.144.254 not allowed because not listed in AllowUsers Aug 11 07:08:10 nbi-636 sshd[20253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 user=r.r Aug 11 07:08:12 nbi-636 sshd[20253]: Failed password for invalid user r.r from 113......... ------------------------------	2020-08-14 05:14:51
113.161.144.254	attackbots	Lines containing failures of 113.161.144.254 Aug 11 07:04:59 nbi-636 sshd[19377]: User r.r from 113.161.144.254 not allowed because not listed in AllowUsers Aug 11 07:04:59 nbi-636 sshd[19377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 user=r.r Aug 11 07:05:00 nbi-636 sshd[19377]: Failed password for invalid user r.r from 113.161.144.254 port 53704 ssh2 Aug 11 07:05:01 nbi-636 sshd[19377]: Received disconnect from 113.161.144.254 port 53704:11: Bye Bye [preauth] Aug 11 07:05:01 nbi-636 sshd[19377]: Disconnected from invalid user r.r 113.161.144.254 port 53704 [preauth] Aug 11 07:08:10 nbi-636 sshd[20253]: User r.r from 113.161.144.254 not allowed because not listed in AllowUsers Aug 11 07:08:10 nbi-636 sshd[20253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 user=r.r Aug 11 07:08:12 nbi-636 sshd[20253]: Failed password for invalid user r.r from 113......... ------------------------------	2020-08-14 00:08:38
113.161.144.254	attackspam	Aug 13 14:01:03 pkdns2 sshd\[35778\]: Address 113.161.144.254 maps to static.vnpt.vn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!Aug 13 14:01:04 pkdns2 sshd\[35778\]: Failed password for root from 113.161.144.254 port 45532 ssh2Aug 13 14:04:51 pkdns2 sshd\[35918\]: Address 113.161.144.254 maps to static.vnpt.vn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!Aug 13 14:04:53 pkdns2 sshd\[35918\]: Failed password for root from 113.161.144.254 port 47644 ssh2Aug 13 14:08:45 pkdns2 sshd\[36101\]: Address 113.161.144.254 maps to static.vnpt.vn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!Aug 13 14:08:47 pkdns2 sshd\[36101\]: Failed password for root from 113.161.144.254 port 49754 ssh2 ...	2020-08-13 19:24:32
113.161.144.254	attackbots	Lines containing failures of 113.161.144.254 Aug 6 03:31:04 jarvis sshd[7253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 user=r.r Aug 6 03:31:06 jarvis sshd[7253]: Failed password for r.r from 113.161.144.254 port 37814 ssh2 Aug 6 03:31:08 jarvis sshd[7253]: Received disconnect from 113.161.144.254 port 37814:11: Bye Bye [preauth] Aug 6 03:31:08 jarvis sshd[7253]: Disconnected from authenticating user r.r 113.161.144.254 port 37814 [preauth] Aug 6 03:44:36 jarvis sshd[8041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 user=r.r Aug 6 03:44:38 jarvis sshd[8041]: Failed password for r.r from 113.161.144.254 port 35830 ssh2 Aug 6 03:44:39 jarvis sshd[8041]: Received disconnect from 113.161.144.254 port 35830:11: Bye Bye [preauth] Aug 6 03:44:39 jarvis sshd[8041]: Disconnected from authenticating user r.r 113.161.144.254 port 35830 [preauth] Aug ........ ------------------------------	2020-08-08 08:11:15
113.161.148.61	attackspambots	Honeypot attack, port: 445, PTR: static.vnpt.vn.	2020-07-01 23:49:49
113.161.147.51	attackbots	This IOC was found in a paste: https://paste.cryptolaemus.com/emotet/2020/03/23/emotet-c2-rsa-update-03-23-20-1.html with the title "Emotet C2 and RSA Key Update - 03/23/2020 09:45" For more information, or to report interesting/incorrect findings, contact us - bot@tines.io	2020-03-27 02:39:29
113.161.149.68	attack	Unauthorized connection attempt from IP address 113.161.149.68 on Port 445(SMB)	2020-03-11 03:30:46
113.161.143.173	attack	1583297784 - 03/04/2020 05:56:24 Host: 113.161.143.173/113.161.143.173 Port: 445 TCP Blocked	2020-03-04 16:38:09
113.161.144.238	attackspam	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-10 15:24:42
113.161.146.62	attack	unauthorized connection attempt	2020-01-12 14:14:18
113.161.149.47	attack	Invalid user negretta from 113.161.149.47 port 59846	2019-12-25 05:21:38

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 113.161.14.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3143
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;113.161.14.3.			IN	A

;; AUTHORITY SECTION:
.			3475	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019062700 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu Jun 27 21:19:22 CST 2019
;; MSG SIZE  rcvd: 116

HOST信息:

3.14.161.113.in-addr.arpa domain name pointer static.vnpt.vn.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
3.14.161.113.in-addr.arpa	name = static.vnpt.vn.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
119.226.11.100	attack	Invalid user vnc from 119.226.11.100 port 46752	2020-09-28 00:27:48
188.166.58.179	attack	Sep 27 17:51:55 host sshd[3199]: Invalid user contabil from 188.166.58.179 port 56758 ...	2020-09-27 23:59:38
116.20.229.236	attackspam	Found on CINS badguys / proto=6 . srcport=64881 . dstport=23 . (2664)	2020-09-27 23:53:36
128.14.237.239	attackbots	2020-09-27T17:26:01+0200 Failed SSH Authentication/Brute Force Attack. (Server 4)	2020-09-27 23:57:37
195.54.160.183	attackbotsspam	Sep 27 10:41:31 vm0 sshd[16419]: Failed password for invalid user deluge from 195.54.160.183 port 27796 ssh2 Sep 27 18:29:12 vm0 sshd[1781]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.54.160.183 ...	2020-09-28 00:32:08
196.179.187.72	attackbotsspam	Listed on zen-spamhaus also abuseat.org / proto=6 . srcport=55328 . dstport=8291 . (2662)	2020-09-28 00:02:12
222.186.173.154	attackspam	Sep 27 17:50:42 vpn01 sshd[18171]: Failed password for root from 222.186.173.154 port 7766 ssh2 Sep 27 17:50:45 vpn01 sshd[18171]: Failed password for root from 222.186.173.154 port 7766 ssh2 ...	2020-09-27 23:54:28
60.243.167.77	attackspam	Listed on zen-spamhaus also barracudaCentral and abuseat.org / proto=6 . srcport=37039 . dstport=80 . (2657)	2020-09-28 00:32:26
49.235.137.64	attack	timhelmke.de 49.235.137.64 [22/Sep/2020:13:52:20 +0200] "POST /wp-login.php HTTP/1.1" 200 6651 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" timhelmke.de 49.235.137.64 [22/Sep/2020:13:52:25 +0200] "POST /wp-login.php HTTP/1.1" 200 6604 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-28 00:21:06
91.121.30.96	attackbotsspam	$f2bV_matches	2020-09-28 00:09:16
5.15.173.59	attackbotsspam	Automatic report - Port Scan Attack	2020-09-28 00:28:27
140.143.153.79	attack	(sshd) Failed SSH login from 140.143.153.79 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 27 09:50:21 server2 sshd[23390]: Invalid user user13 from 140.143.153.79 Sep 27 09:50:21 server2 sshd[23390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.153.79 Sep 27 09:50:23 server2 sshd[23390]: Failed password for invalid user user13 from 140.143.153.79 port 41872 ssh2 Sep 27 09:59:33 server2 sshd[29623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.153.79 user=root Sep 27 09:59:36 server2 sshd[29623]: Failed password for root from 140.143.153.79 port 33642 ssh2	2020-09-28 00:10:05
181.52.172.107	attack	2020-09-26 12:50:35 server sshd[47184]: Failed password for invalid user kafka from 181.52.172.107 port 57578 ssh2	2020-09-28 00:30:51
122.3.87.69	attack	Unauthorized connection attempt from IP address 122.3.87.69 on Port 445(SMB)	2020-09-28 00:07:17
194.180.224.115	attackbotsspam	Sep 27 17:45:35 pub sshd[8736]: Invalid user user from 194.180.224.115 port 46640 Sep 27 17:45:45 pub sshd[8743]: Invalid user git from 194.180.224.115 port 54512 Sep 27 17:45:55 pub sshd[8745]: Invalid user postgres from 194.180.224.115 port 34018 ...	2020-09-28 00:02:37

最近上报的IP列表

151.234.87.27	123.17.34.14	218.61.16.187	178.172.246.20
107.148.223.211	1.165.161.158	213.48.9.32	189.203.8.137
186.232.15.144	107.148.214.139	183.194.57.186	84.201.138.165
123.192.25.172	1.173.103.173	41.42.167.192	178.128.241.99
111.246.157.119	103.87.27.90	106.83.113.87	218.57.72.138