113.200.201.130

基本信息:

城市(city): Xi'an

省份(region): Shaanxi

国家(country): China

运营商(isp): China Unicom

主机名(hostname): unknown

机构(organization): CHINA UNICOM China169 Backbone

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	113.200.201.130 - - [08/Apr/2019:12:07:26 +0800] "POST /up.php HTTP/1.1" 404 499 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" 113.200.201.130 - - [08/Apr/2019:12:07:26 +0800] "POST /test123.php HTTP/1.1" 404 504 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" 113.200.201.130 - - [08/Apr/2019:12:07:26 +0800] "POST /test123.php HTTP/1.1" 404 504 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" 113.200.201.130 - - [08/Apr/2019:12:07:27 +0800] "POST /fb.php HTTP/1.1" 404 499 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" 113.200.201.130 - - [08/Apr/2019:12:07:27 +0800] "POST /paylog.php HTTP/1.1" 404 503 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0" 113.200.201.130 - - [08/Apr/2019:12:07:27 +0800] "POST /paylog.php HTTP/1.1" 404 503 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0"	2019-04-08 12:08:33

类型

评论内容

时间

attack

113.200.201.130 - - [08/Apr/2019:12:07:26 +0800] "POST /up.php HTTP/1.1" 404 499 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0"
113.200.201.130 - - [08/Apr/2019:12:07:26 +0800] "POST /test123.php HTTP/1.1" 404 504 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0"
113.200.201.130 - - [08/Apr/2019:12:07:26 +0800] "POST /test123.php HTTP/1.1" 404 504 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0"
113.200.201.130 - - [08/Apr/2019:12:07:27 +0800] "POST /fb.php HTTP/1.1" 404 499 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0"
113.200.201.130 - - [08/Apr/2019:12:07:27 +0800] "POST /paylog.php HTTP/1.1" 404 503 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0"
113.200.201.130 - - [08/Apr/2019:12:07:27 +0800] "POST /paylog.php HTTP/1.1" 404 503 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0"

2019-04-08 12:08:33

相同子网IP讨论:

IP	类型	评论内容	时间
113.200.201.29	attackspam	DATE:2020-08-07 14:00:30, IP:113.200.201.29, PORT:1433 MSSQL brute force auth on honeypot server (epe-honey1-hq)	2020-08-08 03:32:08

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 113.200.201.130
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 62427
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;113.200.201.130.		IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019040701 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Mon Apr 08 12:08:32 +08 2019
;; MSG SIZE  rcvd: 119

HOST信息:

Host 130.201.200.113.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 130.201.200.113.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
104.140.188.30	attackbotsspam	Automatic report - Banned IP Access	2020-09-15 01:42:21
45.55.219.114	attackspambots	Sep 14 18:46:15 db sshd[28571]: User root from 45.55.219.114 not allowed because none of user's groups are listed in AllowGroups ...	2020-09-15 01:52:09
104.248.158.98	attackbots	104.248.158.98 - - [14/Sep/2020:18:21:54 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.98 - - [14/Sep/2020:18:22:01 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.248.158.98 - - [14/Sep/2020:18:22:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-15 01:38:42
152.32.166.14	attack	2020-09-14T23:45:36.438019hostname sshd[72624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.32.166.14 user=root 2020-09-14T23:45:38.467934hostname sshd[72624]: Failed password for root from 152.32.166.14 port 47982 ssh2 ...	2020-09-15 01:42:50
182.75.115.59	attackbotsspam	Sep 14 13:16:26 django-0 sshd[6113]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.75.115.59 user=root Sep 14 13:16:28 django-0 sshd[6113]: Failed password for root from 182.75.115.59 port 55482 ssh2 ...	2020-09-15 01:36:23
109.252.138.201	attackspam	IP 109.252.138.201 attacked honeypot on port: 80 at 9/14/2020 6:36:40 AM	2020-09-15 01:27:15
222.186.169.192	attackbots	Sep 14 19:17:42 server sshd[22406]: Failed none for root from 222.186.169.192 port 36858 ssh2 Sep 14 19:17:46 server sshd[22406]: Failed password for root from 222.186.169.192 port 36858 ssh2 Sep 14 19:17:51 server sshd[22406]: Failed password for root from 222.186.169.192 port 36858 ssh2	2020-09-15 01:19:37
207.177.109.182	attackspam	Sep 13 12:53:41 aragorn sshd[12266]: Invalid user admin from 207.177.109.182 Sep 13 12:53:42 aragorn sshd[12268]: Invalid user admin from 207.177.109.182 Sep 13 12:53:42 aragorn sshd[12270]: Invalid user admin from 207.177.109.182 Sep 13 12:53:43 aragorn sshd[12272]: Invalid user admin from 207.177.109.182 ...	2020-09-15 01:17:14
148.235.57.184	attackbotsspam	Sep 14 08:12:13 vmd17057 sshd[25666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.235.57.184 Sep 14 08:12:15 vmd17057 sshd[25666]: Failed password for invalid user ioana from 148.235.57.184 port 46772 ssh2 ...	2020-09-15 01:39:39
185.189.50.187	attack	Fail2Ban Ban Triggered	2020-09-15 01:47:39
94.21.114.228	attackspam	1600015984 - 09/13/2020 18:53:04 Host: 94.21.114.228/94.21.114.228 Port: 445 TCP Blocked	2020-09-15 01:48:38
111.93.200.50	attack	2020-09-13 20:03:09 server sshd[44679]: Failed password for invalid user login from 111.93.200.50 port 33815 ssh2	2020-09-15 01:36:36
106.12.18.168	attackspam	Sep 14 14:41:16 PorscheCustomer sshd[31830]: Failed password for root from 106.12.18.168 port 59530 ssh2 Sep 14 14:45:47 PorscheCustomer sshd[31956]: Failed password for root from 106.12.18.168 port 57074 ssh2 ...	2020-09-15 01:33:14
120.92.166.166	attack	Sep 13 23:35:21 liveconfig01 sshd[22959]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.166.166 user=r.r Sep 13 23:35:23 liveconfig01 sshd[22959]: Failed password for r.r from 120.92.166.166 port 38272 ssh2 Sep 13 23:35:23 liveconfig01 sshd[22959]: Received disconnect from 120.92.166.166 port 38272:11: Bye Bye [preauth] Sep 13 23:35:23 liveconfig01 sshd[22959]: Disconnected from 120.92.166.166 port 38272 [preauth] Sep 13 23:53:43 liveconfig01 sshd[23616]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.166.166 user=r.r Sep 13 23:53:45 liveconfig01 sshd[23616]: Failed password for r.r from 120.92.166.166 port 9079 ssh2 Sep 13 23:53:46 liveconfig01 sshd[23616]: Received disconnect from 120.92.166.166 port 9079:11: Bye Bye [preauth] Sep 13 23:53:46 liveconfig01 sshd[23616]: Disconnected from 120.92.166.166 port 9079 [preauth] Sep 13 23:57:49 liveconfig01 sshd[23728]: pam_unix(........ -------------------------------	2020-09-15 01:46:15
78.193.56.234	attackspam	Port Scan: TCP/443	2020-09-15 01:28:37

最近上报的IP列表

190.9.132.186	161.117.10.46	89.189.183.220	182.76.144.131
103.30.94.210	37.252.65.235	52.187.191.27	94.198.215.22
50.71.229.131	206.41.191.216	184.154.74.66	201.17.23.3
195.242.234.151	191.101.119.150	200.68.137.206	62.82.69.22
23.104.162.248	211.192.203.159	39.67.193.76	222.124.168.170