125.94.21.12 - IPInfo

基本信息:

城市(city): Guangzhou

省份(region): Guangdong

国家(country): China

运营商(isp): unknown

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

暂无关于此IP的讨论, 沙发请点上方按钮

相同子网IP讨论:

IP	类型	评论内容	时间
125.94.213.16	attack	[Tue May 05 13:15:45.645139 2020] [authz_core:error] [pid 11916] [client 125.94.213.16:50392] AH01630: client denied by server configuration: /srv/www/vhosts/rncbc/TP [Tue May 05 13:15:46.201114 2020] [authz_core:error] [pid 11363] [client 125.94.213.16:1602] AH01630: client denied by server configuration: /srv/www/vhosts/rncbc/TP [Tue May 05 13:15:51.746523 2020] [authz_core:error] [pid 10772] [client 125.94.213.16:57973] AH01630: client denied by server configuration: /srv/www/vhosts/rncbc/ ...	2020-05-05 21:56:33
125.94.214.136	attackspambots	Unauthorised access (Sep 1) SRC=125.94.214.136 LEN=40 TTL=237 ID=10978 TCP DPT=445 WINDOW=1024 SYN Unauthorised access (Aug 26) SRC=125.94.214.136 LEN=40 TTL=237 ID=50191 TCP DPT=445 WINDOW=1024 SYN	2019-09-02 10:50:52

类型

评论内容

时间

125.94.213.16

attack

[Tue May 05 13:15:45.645139 2020] [authz_core:error] [pid 11916] [client 125.94.213.16:50392] AH01630: client denied by server configuration: /srv/www/vhosts/rncbc/TP
[Tue May 05 13:15:46.201114 2020] [authz_core:error] [pid 11363] [client 125.94.213.16:1602] AH01630: client denied by server configuration: /srv/www/vhosts/rncbc/TP
[Tue May 05 13:15:51.746523 2020] [authz_core:error] [pid 10772] [client 125.94.213.16:57973] AH01630: client denied by server configuration: /srv/www/vhosts/rncbc/
...

2020-05-05 21:56:33

125.94.214.136

attackspambots

Unauthorised access (Sep  1) SRC=125.94.214.136 LEN=40 TTL=237 ID=10978 TCP DPT=445 WINDOW=1024 SYN 
Unauthorised access (Aug 26) SRC=125.94.214.136 LEN=40 TTL=237 ID=50191 TCP DPT=445 WINDOW=1024 SYN

2019-09-02 10:50:52

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 125.94.21.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64822
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;125.94.21.12.			IN	A

;; AUTHORITY SECTION:
.			30	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2025022602 1800 900 604800 86400

;; Query time: 42 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Feb 27 11:08:29 CST 2025
;; MSG SIZE  rcvd: 105

HOST信息:

12.21.94.125.in-addr.arpa domain name pointer 12.21.94.125.broad.dg.gd.dynamic.163data.com.cn.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
12.21.94.125.in-addr.arpa	name = 12.21.94.125.broad.dg.gd.dynamic.163data.com.cn.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
50.67.178.164	attackspambots	Aug 21 19:51:09 MK-Soft-Root2 sshd\[9651\]: Invalid user tuan from 50.67.178.164 port 50266 Aug 21 19:51:09 MK-Soft-Root2 sshd\[9651\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.67.178.164 Aug 21 19:51:11 MK-Soft-Root2 sshd\[9651\]: Failed password for invalid user tuan from 50.67.178.164 port 50266 ssh2 ...	2019-08-22 02:51:05
139.155.142.208	attackspam	Aug 21 05:46:45 lcdev sshd\[7755\]: Invalid user cacti from 139.155.142.208 Aug 21 05:46:45 lcdev sshd\[7755\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.155.142.208 Aug 21 05:46:47 lcdev sshd\[7755\]: Failed password for invalid user cacti from 139.155.142.208 port 47784 ssh2 Aug 21 05:53:27 lcdev sshd\[8449\]: Invalid user stagiaire from 139.155.142.208 Aug 21 05:53:27 lcdev sshd\[8449\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.155.142.208	2019-08-22 03:10:30
185.176.27.42	attack	08/21/2019-13:11:07.806584 185.176.27.42 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-08-22 02:25:11
78.170.32.244	attack	Automatic report - Port Scan Attack	2019-08-22 02:35:54
113.177.120.101	attackbotsspam	Aug 21 12:57:55 mxgate1 postfix/postscreen[15099]: CONNECT from [113.177.120.101]:21895 to [176.31.12.44]:25 Aug 21 12:57:55 mxgate1 postfix/dnsblog[15101]: addr 113.177.120.101 listed by domain zen.spamhaus.org as 127.0.0.11 Aug 21 12:57:55 mxgate1 postfix/dnsblog[15101]: addr 113.177.120.101 listed by domain zen.spamhaus.org as 127.0.0.4 Aug 21 12:57:55 mxgate1 postfix/dnsblog[15102]: addr 113.177.120.101 listed by domain cbl.abuseat.org as 127.0.0.2 Aug 21 12:57:55 mxgate1 postfix/dnsblog[15100]: addr 113.177.120.101 listed by domain ix.dnsbl.xxxxxx.net as 127.0.0.2 Aug 21 12:57:55 mxgate1 postfix/dnsblog[15110]: addr 113.177.120.101 listed by domain b.barracudacentral.org as 127.0.0.2 Aug 21 12:58:01 mxgate1 postfix/postscreen[15099]: DNSBL rank 5 for [113.177.120.101]:21895 Aug x@x Aug 21 12:58:02 mxgate1 postfix/postscreen[15099]: HANGUP after 0.77 from [113.177.120.101]:21895 in tests after SMTP handshake Aug 21 12:58:02 mxgate1 postfix/postscreen[15099]: DISCONN........ -------------------------------	2019-08-22 03:02:52
92.100.59.125	attack	Fail2Ban Ban Triggered	2019-08-22 02:34:05
181.215.91.202	attackbotsspam	NAME : "" "" CIDR : \| STATUS : 403 {Looking for resource vulnerabilities} DDoS Attack - block certain countries :) IP: 181.215.91.202 Denial-of-Service Attack (DoS) Detected and Blocked by ADMIN - data recovery https://help-dysk.pl	2019-08-22 02:31:03
198.211.110.7	attack	[WedAug2113:25:42.6952142019][:error][pid10599:tid47981860542208][client198.211.110.7:50120][client198.211.110.7]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"\\\\\\\\.sql\$"atREQUEST_FILENAME.[file"/usr/local/apache.ea3/conf/modsec_rules/10_asl_rules.conf"][line"1288"][id"350590"][rev"2"][msg"Atomicorp.comWAFRules:AttackBlocked-Dataleakage-attempttoaccessrawSQLfiles$disablethisruleifyourequireaccesstofilesthatendwith.sql$"][severity"CRITICAL"][hostname"www.specialfood.ch"][uri"/lib.model.schema.sql"][unique_id"XV0qNgkP42e5CtzFzhAUPgAAAE0"][WedAug2113:38:59.2342092019][:error][pid10600:tid47981858440960][client198.211.110.7:36757][client198.211.110.7]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"\\\\\\\\.old\$"atREQUEST_FILENAME.[file"/usr/local/apache.ea3/conf/modsec_rules/10_asl_rules.conf"][line"1263"][id"390583"][rev"1"][msg"Atomicorp.comWAFRules:AttackBlocked-Dataleakage-attempttoaccessbackupfile\(disablethisruleifyourequireaccesstofilesthatendwi	2019-08-22 02:24:45
197.210.221.114	attackspam	Autoban 197.210.221.114 AUTH/CONNECT	2019-08-22 02:26:19
104.236.102.16	attackspambots	Aug 21 07:03:56 friendsofhawaii sshd\[14121\]: Invalid user www from 104.236.102.16 Aug 21 07:03:56 friendsofhawaii sshd\[14121\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.236.102.16 Aug 21 07:03:57 friendsofhawaii sshd\[14121\]: Failed password for invalid user www from 104.236.102.16 port 45626 ssh2 Aug 21 07:08:36 friendsofhawaii sshd\[14528\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.236.102.16 user=uucp Aug 21 07:08:38 friendsofhawaii sshd\[14528\]: Failed password for uucp from 104.236.102.16 port 60924 ssh2	2019-08-22 02:43:35
180.117.134.186	attackspam	Aug 21 05:47:39 web1 sshd\[23810\]: Invalid user admin from 180.117.134.186 Aug 21 05:47:39 web1 sshd\[23810\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.117.134.186 Aug 21 05:47:41 web1 sshd\[23810\]: Failed password for invalid user admin from 180.117.134.186 port 54324 ssh2 Aug 21 05:47:44 web1 sshd\[23810\]: Failed password for invalid user admin from 180.117.134.186 port 54324 ssh2 Aug 21 05:47:45 web1 sshd\[23810\]: Failed password for invalid user admin from 180.117.134.186 port 54324 ssh2	2019-08-22 02:53:22
77.228.136.62	attackspam	Aug 21 19:27:08 www sshd\[25066\]: Invalid user jie from 77.228.136.62Aug 21 19:27:10 www sshd\[25066\]: Failed password for invalid user jie from 77.228.136.62 port 46836 ssh2Aug 21 19:31:32 www sshd\[25084\]: Invalid user jboss from 77.228.136.62 ...	2019-08-22 02:42:27
217.67.189.250	attackbots	SSH Bruteforce attack	2019-08-22 02:39:00
112.85.42.89	attackbots	Aug 21 14:24:21 dcd-gentoo sshd[17552]: User root from 112.85.42.89 not allowed because none of user's groups are listed in AllowGroups Aug 21 14:24:23 dcd-gentoo sshd[17552]: error: PAM: Authentication failure for illegal user root from 112.85.42.89 Aug 21 14:24:21 dcd-gentoo sshd[17552]: User root from 112.85.42.89 not allowed because none of user's groups are listed in AllowGroups Aug 21 14:24:23 dcd-gentoo sshd[17552]: error: PAM: Authentication failure for illegal user root from 112.85.42.89 Aug 21 14:24:21 dcd-gentoo sshd[17552]: User root from 112.85.42.89 not allowed because none of user's groups are listed in AllowGroups Aug 21 14:24:23 dcd-gentoo sshd[17552]: error: PAM: Authentication failure for illegal user root from 112.85.42.89 Aug 21 14:24:23 dcd-gentoo sshd[17552]: Failed keyboard-interactive/pam for invalid user root from 112.85.42.89 port 53289 ssh2 ...	2019-08-22 02:45:30
51.255.168.127	attackspam	Aug 21 07:44:41 hcbb sshd\[12868\]: Invalid user joseph from 51.255.168.127 Aug 21 07:44:41 hcbb sshd\[12868\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.ip-51-255-168.eu Aug 21 07:44:44 hcbb sshd\[12868\]: Failed password for invalid user joseph from 51.255.168.127 port 56200 ssh2 Aug 21 07:48:50 hcbb sshd\[13265\]: Invalid user ushare from 51.255.168.127 Aug 21 07:48:50 hcbb sshd\[13265\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.ip-51-255-168.eu	2019-08-22 03:13:15

最近上报的IP列表

117.114.185.168	13.61.111.119	12.193.136.170	141.217.84.38
115.43.156.102	139.52.153.221	66.153.57.59	76.86.245.226
91.56.195.216	251.206.3.242	174.229.143.112	83.182.91.51
179.231.28.166	195.92.25.68	233.95.74.209	75.85.187.100
67.127.194.175	92.203.52.160	247.157.145.117	2.185.166.209