113.161.14.3 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Viet Nam

运营商(isp): Vietnam Posts and Telecommunications Group

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Attempt to attack host OS, exploiting network vulnerabilities, on 21-09-2019 13:50:17.	2019-09-22 04:23:48
attackspam	445/tcp [2019-06-27]1pkt	2019-06-27 21:19:32

相同子网IP讨论:

IP	类型	评论内容	时间
113.161.144.254	attack	Aug 22 05:51:45 root sshd[2872]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 Aug 22 05:51:47 root sshd[2872]: Failed password for invalid user divya from 113.161.144.254 port 2442 ssh2 Aug 22 05:55:47 root sshd[3385]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 ...	2020-08-22 12:26:35
113.161.144.254	attack	Aug 19 23:58:08 itv-usvr-01 sshd[6697]: Invalid user document from 113.161.144.254 Aug 19 23:58:08 itv-usvr-01 sshd[6697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 Aug 19 23:58:08 itv-usvr-01 sshd[6697]: Invalid user document from 113.161.144.254 Aug 19 23:58:10 itv-usvr-01 sshd[6697]: Failed password for invalid user document from 113.161.144.254 port 47062 ssh2	2020-08-20 02:42:09
113.161.144.254	attackbotsspam	Automatic report - Banned IP Access	2020-08-17 00:06:25
113.161.144.254	attackspambots	Lines containing failures of 113.161.144.254 Aug 11 07:04:59 nbi-636 sshd[19377]: User r.r from 113.161.144.254 not allowed because not listed in AllowUsers Aug 11 07:04:59 nbi-636 sshd[19377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 user=r.r Aug 11 07:05:00 nbi-636 sshd[19377]: Failed password for invalid user r.r from 113.161.144.254 port 53704 ssh2 Aug 11 07:05:01 nbi-636 sshd[19377]: Received disconnect from 113.161.144.254 port 53704:11: Bye Bye [preauth] Aug 11 07:05:01 nbi-636 sshd[19377]: Disconnected from invalid user r.r 113.161.144.254 port 53704 [preauth] Aug 11 07:08:10 nbi-636 sshd[20253]: User r.r from 113.161.144.254 not allowed because not listed in AllowUsers Aug 11 07:08:10 nbi-636 sshd[20253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 user=r.r Aug 11 07:08:12 nbi-636 sshd[20253]: Failed password for invalid user r.r from 113......... ------------------------------	2020-08-15 21:02:47
113.161.144.254	attack	Lines containing failures of 113.161.144.254 Aug 11 07:04:59 nbi-636 sshd[19377]: User r.r from 113.161.144.254 not allowed because not listed in AllowUsers Aug 11 07:04:59 nbi-636 sshd[19377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 user=r.r Aug 11 07:05:00 nbi-636 sshd[19377]: Failed password for invalid user r.r from 113.161.144.254 port 53704 ssh2 Aug 11 07:05:01 nbi-636 sshd[19377]: Received disconnect from 113.161.144.254 port 53704:11: Bye Bye [preauth] Aug 11 07:05:01 nbi-636 sshd[19377]: Disconnected from invalid user r.r 113.161.144.254 port 53704 [preauth] Aug 11 07:08:10 nbi-636 sshd[20253]: User r.r from 113.161.144.254 not allowed because not listed in AllowUsers Aug 11 07:08:10 nbi-636 sshd[20253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 user=r.r Aug 11 07:08:12 nbi-636 sshd[20253]: Failed password for invalid user r.r from 113......... ------------------------------	2020-08-14 05:14:51
113.161.144.254	attackbots	Lines containing failures of 113.161.144.254 Aug 11 07:04:59 nbi-636 sshd[19377]: User r.r from 113.161.144.254 not allowed because not listed in AllowUsers Aug 11 07:04:59 nbi-636 sshd[19377]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 user=r.r Aug 11 07:05:00 nbi-636 sshd[19377]: Failed password for invalid user r.r from 113.161.144.254 port 53704 ssh2 Aug 11 07:05:01 nbi-636 sshd[19377]: Received disconnect from 113.161.144.254 port 53704:11: Bye Bye [preauth] Aug 11 07:05:01 nbi-636 sshd[19377]: Disconnected from invalid user r.r 113.161.144.254 port 53704 [preauth] Aug 11 07:08:10 nbi-636 sshd[20253]: User r.r from 113.161.144.254 not allowed because not listed in AllowUsers Aug 11 07:08:10 nbi-636 sshd[20253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 user=r.r Aug 11 07:08:12 nbi-636 sshd[20253]: Failed password for invalid user r.r from 113......... ------------------------------	2020-08-14 00:08:38
113.161.144.254	attackspam	Aug 13 14:01:03 pkdns2 sshd\[35778\]: Address 113.161.144.254 maps to static.vnpt.vn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!Aug 13 14:01:04 pkdns2 sshd\[35778\]: Failed password for root from 113.161.144.254 port 45532 ssh2Aug 13 14:04:51 pkdns2 sshd\[35918\]: Address 113.161.144.254 maps to static.vnpt.vn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!Aug 13 14:04:53 pkdns2 sshd\[35918\]: Failed password for root from 113.161.144.254 port 47644 ssh2Aug 13 14:08:45 pkdns2 sshd\[36101\]: Address 113.161.144.254 maps to static.vnpt.vn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!Aug 13 14:08:47 pkdns2 sshd\[36101\]: Failed password for root from 113.161.144.254 port 49754 ssh2 ...	2020-08-13 19:24:32
113.161.144.254	attackbots	Lines containing failures of 113.161.144.254 Aug 6 03:31:04 jarvis sshd[7253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 user=r.r Aug 6 03:31:06 jarvis sshd[7253]: Failed password for r.r from 113.161.144.254 port 37814 ssh2 Aug 6 03:31:08 jarvis sshd[7253]: Received disconnect from 113.161.144.254 port 37814:11: Bye Bye [preauth] Aug 6 03:31:08 jarvis sshd[7253]: Disconnected from authenticating user r.r 113.161.144.254 port 37814 [preauth] Aug 6 03:44:36 jarvis sshd[8041]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.161.144.254 user=r.r Aug 6 03:44:38 jarvis sshd[8041]: Failed password for r.r from 113.161.144.254 port 35830 ssh2 Aug 6 03:44:39 jarvis sshd[8041]: Received disconnect from 113.161.144.254 port 35830:11: Bye Bye [preauth] Aug 6 03:44:39 jarvis sshd[8041]: Disconnected from authenticating user r.r 113.161.144.254 port 35830 [preauth] Aug ........ ------------------------------	2020-08-08 08:11:15
113.161.148.61	attackspambots	Honeypot attack, port: 445, PTR: static.vnpt.vn.	2020-07-01 23:49:49
113.161.147.51	attackbots	This IOC was found in a paste: https://paste.cryptolaemus.com/emotet/2020/03/23/emotet-c2-rsa-update-03-23-20-1.html with the title "Emotet C2 and RSA Key Update - 03/23/2020 09:45" For more information, or to report interesting/incorrect findings, contact us - bot@tines.io	2020-03-27 02:39:29
113.161.149.68	attack	Unauthorized connection attempt from IP address 113.161.149.68 on Port 445(SMB)	2020-03-11 03:30:46
113.161.143.173	attack	1583297784 - 03/04/2020 05:56:24 Host: 113.161.143.173/113.161.143.173 Port: 445 TCP Blocked	2020-03-04 16:38:09
113.161.144.238	attackspam	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-10 15:24:42
113.161.146.62	attack	unauthorized connection attempt	2020-01-12 14:14:18
113.161.149.47	attack	Invalid user negretta from 113.161.149.47 port 59846	2019-12-25 05:21:38

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 113.161.14.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3143
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;113.161.14.3.			IN	A

;; AUTHORITY SECTION:
.			3475	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019062700 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu Jun 27 21:19:22 CST 2019
;; MSG SIZE  rcvd: 116

HOST信息:

3.14.161.113.in-addr.arpa domain name pointer static.vnpt.vn.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
3.14.161.113.in-addr.arpa	name = static.vnpt.vn.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
137.116.226.168	attackspam	Jun 15 22:43:38 server dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=137.116.226.168, lip=144.91.77.193, session= Jun 15 22:43:44 server dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=137.116.226.168, lip=144.91.77.193, session= Jun 15 22:43:47 server dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=137.116.226.168, lip=144.91.77.193, session=<3c5seyWow1SJdOKo> Jun 15 22:43:54 server dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 10 secs): user=, method=PLAIN, rip=137.116.226.168, lip=144.91.77.193, session=<2GSceyWoxFSJdOKo> Jun 15 22:43:57 server dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 10 secs): user=, method=PLAIN, rip=137.116.226.168, lip=144.91.77.193, session=	2020-06-16 05:51:30
140.255.62.173	attackspambots	spam (f2b h2)	2020-06-16 06:01:20
45.119.41.62	attackspambots	2 attempts against mh-modsecurity-ban on twig	2020-06-16 05:56:54
109.232.109.58	attackbots	Jun 16 04:40:30 webhost01 sshd[7496]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.232.109.58 Jun 16 04:40:32 webhost01 sshd[7496]: Failed password for invalid user salman from 109.232.109.58 port 46708 ssh2 ...	2020-06-16 05:43:02
123.30.157.239	attackbotsspam	SSH Invalid Login	2020-06-16 06:04:30
106.12.209.227	attack	2020-06-15T22:43:52+0200 Failed SSH Authentication/Brute Force Attack.(Server 2)	2020-06-16 05:57:35
37.187.105.36	attackbots	Jun 15 23:10:34 server sshd[15653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.187.105.36 Jun 15 23:10:36 server sshd[15653]: Failed password for invalid user aqq from 37.187.105.36 port 38570 ssh2 Jun 15 23:15:57 server sshd[16084]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.187.105.36 ...	2020-06-16 05:41:04
114.67.253.68	attackspam	Jun 15 23:33:12 srv-ubuntu-dev3 sshd[53632]: Invalid user com from 114.67.253.68 Jun 15 23:33:12 srv-ubuntu-dev3 sshd[53632]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.253.68 Jun 15 23:33:12 srv-ubuntu-dev3 sshd[53632]: Invalid user com from 114.67.253.68 Jun 15 23:33:14 srv-ubuntu-dev3 sshd[53632]: Failed password for invalid user com from 114.67.253.68 port 38326 ssh2 Jun 15 23:36:48 srv-ubuntu-dev3 sshd[54201]: Invalid user obama from 114.67.253.68 Jun 15 23:36:48 srv-ubuntu-dev3 sshd[54201]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.253.68 Jun 15 23:36:48 srv-ubuntu-dev3 sshd[54201]: Invalid user obama from 114.67.253.68 Jun 15 23:36:50 srv-ubuntu-dev3 sshd[54201]: Failed password for invalid user obama from 114.67.253.68 port 52252 ssh2 Jun 15 23:39:53 srv-ubuntu-dev3 sshd[54671]: Invalid user garibaldi from 114.67.253.68 ...	2020-06-16 05:42:31
1.55.119.36	attack	SSH Invalid Login	2020-06-16 05:47:11
124.239.216.233	attackbots	Jun 15 23:43:28 home sshd[20053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.239.216.233 Jun 15 23:43:30 home sshd[20053]: Failed password for invalid user test04 from 124.239.216.233 port 59160 ssh2 Jun 15 23:46:20 home sshd[20381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.239.216.233 ...	2020-06-16 06:03:25
122.117.117.137	attack	port scan and connect, tcp 8080 (http-proxy)	2020-06-16 05:32:52
122.114.113.158	attackspam	SSH Invalid Login	2020-06-16 05:45:44
213.202.211.200	attack	Jun 15 20:41:10 ip-172-31-61-156 sshd[19989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.202.211.200 Jun 15 20:41:10 ip-172-31-61-156 sshd[19989]: Invalid user admin from 213.202.211.200 Jun 15 20:41:12 ip-172-31-61-156 sshd[19989]: Failed password for invalid user admin from 213.202.211.200 port 47518 ssh2 Jun 15 20:44:01 ip-172-31-61-156 sshd[20149]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.202.211.200 user=root Jun 15 20:44:03 ip-172-31-61-156 sshd[20149]: Failed password for root from 213.202.211.200 port 47318 ssh2 ...	2020-06-16 05:39:21
222.186.30.76	attackbotsspam	Jun 15 23:33:54 * sshd[8069]: Failed password for root from 222.186.30.76 port 62556 ssh2	2020-06-16 05:40:01
62.102.148.69	attack	SSH invalid-user multiple login attempts	2020-06-16 05:58:38

最近上报的IP列表

151.234.87.27	123.17.34.14	218.61.16.187	178.172.246.20
107.148.223.211	1.165.161.158	213.48.9.32	189.203.8.137
186.232.15.144	107.148.214.139	183.194.57.186	84.201.138.165
123.192.25.172	1.173.103.173	41.42.167.192	178.128.241.99
111.246.157.119	103.87.27.90	106.83.113.87	218.57.72.138