117.2.142.132 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Viet Nam

运营商(isp): Viettel Corporation

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Attempt to attack host OS, exploiting network vulnerabilities, on 27-09-2019 13:05:33.	2019-09-28 04:49:19
attack	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-09-11 17:21:57,165 INFO [amun_request_handler] PortScan Detected on Port: 445 (117.2.142.132)	2019-09-12 09:31:11

类型

评论内容

时间

attack

Attempt to attack host OS, exploiting network vulnerabilities, on 27-09-2019 13:05:33.

2019-09-28 04:49:19

attack

@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-09-11 17:21:57,165 INFO [amun_request_handler] PortScan Detected on Port: 445 (117.2.142.132)

2019-09-12 09:31:11

相同子网IP讨论:

IP	类型	评论内容	时间
117.2.142.139	attackspam	Sun, 21 Jul 2019 07:36:11 +0000 likely compromised host or open proxy. ddos rate spidering	2019-07-21 22:31:14

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 117.2.142.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57430
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;117.2.142.132.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019050900 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Thu May 09 14:52:31 +08 2019
;; MSG SIZE  rcvd: 117

HOST信息:

132.142.2.117.in-addr.arpa domain name pointer localhost.

NSLOOKUP信息:

Server:		67.207.67.3
Address:	67.207.67.3#53

Non-authoritative answer:
132.142.2.117.in-addr.arpa	name = localhost.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
112.85.42.172	attackbotsspam	Oct 4 22:40:28 amit sshd\[17806\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.172 user=root Oct 4 22:40:30 amit sshd\[17806\]: Failed password for root from 112.85.42.172 port 5826 ssh2 Oct 4 22:40:49 amit sshd\[17808\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.172 user=root ...	2020-10-05 04:43:26
123.149.211.140	attackbotsspam	Lines containing failures of 123.149.211.140 (max 1000) Oct 3 19:22:20 UTC__SANYALnet-Labs__cac1 sshd[22204]: Connection from 123.149.211.140 port 5243 on 64.137.179.160 port 22 Oct 3 19:22:21 UTC__SANYALnet-Labs__cac1 sshd[22204]: Invalid user admin from 123.149.211.140 port 5243 Oct 3 19:22:21 UTC__SANYALnet-Labs__cac1 sshd[22204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.149.211.140 Oct 3 19:22:23 UTC__SANYALnet-Labs__cac1 sshd[22204]: Failed password for invalid user admin from 123.149.211.140 port 5243 ssh2 Oct 3 19:22:23 UTC__SANYALnet-Labs__cac1 sshd[22204]: Received disconnect from 123.149.211.140 port 5243:11: Bye Bye [preauth] Oct 3 19:22:23 UTC__SANYALnet-Labs__cac1 sshd[22204]: Disconnected from 123.149.211.140 port 5243 [preauth] Oct 3 19:25:38 UTC__SANYALnet-Labs__cac1 sshd[22319]: Connection from 123.149.211.140 port 5360 on 64.137.179.160 port 22 Oct 3 19:25:40 UTC__SANYALnet-Labs__cac1 sshd[22319........ ------------------------------	2020-10-05 05:15:58
122.194.229.122	attack	2020-10-04T23:49:49.459364lavrinenko.info sshd[16158]: Failed password for root from 122.194.229.122 port 54720 ssh2 2020-10-04T23:49:54.246413lavrinenko.info sshd[16158]: Failed password for root from 122.194.229.122 port 54720 ssh2 2020-10-04T23:49:59.898912lavrinenko.info sshd[16158]: Failed password for root from 122.194.229.122 port 54720 ssh2 2020-10-04T23:50:04.891243lavrinenko.info sshd[16158]: Failed password for root from 122.194.229.122 port 54720 ssh2 2020-10-04T23:50:10.344300lavrinenko.info sshd[16158]: Failed password for root from 122.194.229.122 port 54720 ssh2 ...	2020-10-05 04:52:08
157.245.108.35	attackbotsspam	SSH brute-force attack detected from [157.245.108.35]	2020-10-05 05:11:06
114.231.82.172	attack	(sshd) Failed SSH login from 114.231.82.172 (CN/China/-): 10 in the last 3600 secs	2020-10-05 04:43:50
78.128.113.121	attackspam	Oct 4 22:31:43 galaxy event: galaxy/lswi: smtp: seggert@wi.uni-potsdam.de [78.128.113.121] authentication failure using internet password Oct 4 22:31:45 galaxy event: galaxy/lswi: smtp: seggert [78.128.113.121] authentication failure using internet password Oct 4 22:34:52 galaxy event: galaxy/lswi: smtp: anne.baumgrass@wi.uni-potsdam.de [78.128.113.121] authentication failure using internet password Oct 4 22:34:53 galaxy event: galaxy/lswi: smtp: anne.baumgrass [78.128.113.121] authentication failure using internet password Oct 4 22:37:10 galaxy event: galaxy/lswi: smtp: moreen.heine@wi.uni-potsdam.de [78.128.113.121] authentication failure using internet password ...	2020-10-05 04:37:49
191.188.70.30	attackbots	Oct 4 19:25:01 master sshd[22049]: Failed password for root from 191.188.70.30 port 53450 ssh2	2020-10-05 04:41:10
35.224.216.78	attack	/wp-login.php	2020-10-05 04:39:47
106.12.174.227	attackbotsspam	Oct 5 03:33:52 itv-usvr-02 sshd[8675]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.174.227 user=root Oct 5 03:38:05 itv-usvr-02 sshd[8821]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.174.227 user=root Oct 5 03:42:07 itv-usvr-02 sshd[9039]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.174.227 user=root	2020-10-05 05:12:46
112.85.42.230	attackbotsspam	Oct 4 23:08:49 theomazars sshd[10915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.230 user=root Oct 4 23:08:50 theomazars sshd[10915]: Failed password for root from 112.85.42.230 port 43388 ssh2	2020-10-05 05:12:33
213.231.11.168	attackbotsspam	Oct 3 22:29:14 kunden sshd[23242]: Did not receive identification string from 213.231.11.168 Oct 3 22:29:14 kunden sshd[23241]: Did not receive identification string from 213.231.11.168 Oct 3 22:29:14 kunden sshd[23239]: Did not receive identification string from 213.231.11.168 Oct 3 22:29:14 kunden sshd[23240]: Did not receive identification string from 213.231.11.168 Oct 3 22:29:17 kunden sshd[23243]: Did not receive identification string from 213.231.11.168 Oct 3 22:29:31 kunden sshd[23244]: Invalid user admin1 from 213.231.11.168 Oct 3 22:29:31 kunden sshd[23246]: Invalid user admin1 from 213.231.11.168 Oct 3 22:29:32 kunden sshd[23247]: Invalid user admin1 from 213.231.11.168 Oct 3 22:29:32 kunden sshd[23245]: Invalid user admin1 from 213.231.11.168 Oct 3 22:29:32 kunden sshd[23248]: Invalid user admin1 from 213.231.11.168 Oct 3 22:29:32 kunden sshd[23244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.231.11........ -------------------------------	2020-10-05 04:57:37
161.35.45.182	attack	Lines containing failures of 161.35.45.182 Oct 3 22:11:58 node2d sshd[19120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.45.182 user=r.r Oct 3 22:12:00 node2d sshd[19120]: Failed password for r.r from 161.35.45.182 port 39600 ssh2 Oct 3 22:12:00 node2d sshd[19120]: Received disconnect from 161.35.45.182 port 39600:11: Bye Bye [preauth] Oct 3 22:12:00 node2d sshd[19120]: Disconnected from authenticating user r.r 161.35.45.182 port 39600 [preauth] Oct 3 22:26:19 node2d sshd[21607]: Invalid user cos from 161.35.45.182 port 54492 Oct 3 22:26:19 node2d sshd[21607]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=161.35.45.182 Oct 3 22:26:21 node2d sshd[21607]: Failed password for invalid user cos from 161.35.45.182 port 54492 ssh2 Oct 3 22:26:21 node2d sshd[21607]: Received disconnect from 161.35.45.182 port 54492:11: Bye Bye [preauth] Oct 3 22:26:21 node2d sshd[21607]: Disco........ ------------------------------	2020-10-05 04:59:41
218.92.0.248	attackbotsspam	2020-10-04T20:36:31.731636abusebot-2.cloudsearch.cf sshd[25875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.248 user=root 2020-10-04T20:36:33.783362abusebot-2.cloudsearch.cf sshd[25875]: Failed password for root from 218.92.0.248 port 11902 ssh2 2020-10-04T20:36:37.292285abusebot-2.cloudsearch.cf sshd[25875]: Failed password for root from 218.92.0.248 port 11902 ssh2 2020-10-04T20:36:31.731636abusebot-2.cloudsearch.cf sshd[25875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.248 user=root 2020-10-04T20:36:33.783362abusebot-2.cloudsearch.cf sshd[25875]: Failed password for root from 218.92.0.248 port 11902 ssh2 2020-10-04T20:36:37.292285abusebot-2.cloudsearch.cf sshd[25875]: Failed password for root from 218.92.0.248 port 11902 ssh2 2020-10-04T20:36:31.731636abusebot-2.cloudsearch.cf sshd[25875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rho ...	2020-10-05 04:41:58
23.97.180.45	attackbots	Coordinated SSH brute-force attack from different IPs. pam_unix(sshd:auth):	2020-10-05 05:13:12
109.102.31.87	attackbots	TCP (SYN) 109.102.31.87:30358 -> port 8080, len 40	2020-10-05 04:44:06

最近上报的IP列表

81.104.164.20	95.178.159.185	229.16.189.24	103.73.181.10
185.32.146.214	193.27.243.122	182.76.202.33	94.182.98.12
36.72.16.134	180.60.255.244	103.86.135.184	17.43.101.145
27.16.216.49	95.160.157.92	150.255.8.116	168.128.84.230
89.110.10.99	62.48.206.213	37.29.118.68	45.118.34.203