169.1.16.214 - IPInfo

基本信息:

城市(city): Johannesburg

省份(region): Gauteng

国家(country): South Africa

运营商(isp): Afrihost (Pty) Ltd

主机名(hostname): unknown

机构(organization): Afrihost

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Unauthorized connection attempt from IP address 169.1.16.214 on Port 445(SMB)	2020-04-27 00:25:36
attackbotsspam	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-06-26 01:23:52,487 INFO [shellcode_manager] (169.1.16.214) no match, writing hexdump (ef733234252511aeee17ee99d27c61f9 :1901799) - MS17010 (EternalBlue)	2019-06-26 21:42:31

类型

评论内容

时间

attack

Unauthorized connection attempt from IP address 169.1.16.214 on Port 445(SMB)

2020-04-27 00:25:36

attackbotsspam

@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-06-26 01:23:52,487 INFO [shellcode_manager] (169.1.16.214) no match, writing hexdump (ef733234252511aeee17ee99d27c61f9 :1901799) - MS17010 (EternalBlue)

2019-06-26 21:42:31

相同子网IP讨论:

暂无关于此IP所属子网相关IP的讨论.

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 169.1.16.214
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41877
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;169.1.16.214.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019043000 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Tue Apr 30 20:33:37 +08 2019
;; MSG SIZE  rcvd: 116

HOST信息:

214.16.1.169.in-addr.arpa domain name pointer atrygel.net.afrihost.co.za.

NSLOOKUP信息:

Server:		67.207.67.3
Address:	67.207.67.3#53

Non-authoritative answer:
214.16.1.169.in-addr.arpa	name = atrygel.net.afrihost.co.za.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
114.32.153.15	attack	Oct 12 12:09:00 xtremcommunity sshd\[451268\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.32.153.15 user=root Oct 12 12:09:02 xtremcommunity sshd\[451268\]: Failed password for root from 114.32.153.15 port 37914 ssh2 Oct 12 12:13:20 xtremcommunity sshd\[451410\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.32.153.15 user=root Oct 12 12:13:22 xtremcommunity sshd\[451410\]: Failed password for root from 114.32.153.15 port 48866 ssh2 Oct 12 12:17:39 xtremcommunity sshd\[451450\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.32.153.15 user=root ...	2019-10-13 04:37:22
192.241.220.227	attackspam	fail2ban honeypot	2019-10-13 04:28:53
1.183.152.253	attack	Unsolicited bulk porn & phishing - varying ISPs (primarily Chinanet); repetitive redirects from blacklisted IP 92.63.192.124 & .151; spam volume up to 15/day. Unsolicited bulk spam - u-gun.co.jp, CHINANET NeiMengGu province network - 1.183.152.253 Sender domain hekimpor.com = 212.252.63.11 Tellcom Customer LAN Repetitive reply-to in this spam series. Reply-To: nanikarige@yahoo.com Spam series change: no phishing redirect spam link. Malicious attachment - Outlook blocked access to unsafe attachment: 22.jpg	2019-10-13 04:46:27
152.136.76.134	attack	2019-10-12T16:58:39.962916abusebot-2.cloudsearch.cf sshd\[22903\]: Invalid user ROOT@2017 from 152.136.76.134 port 53541	2019-10-13 04:23:22
45.55.38.39	attack	Invalid user 123 from 45.55.38.39 port 48661	2019-10-13 04:28:31
191.189.33.40	attackspambots	Telnetd brute force attack detected by fail2ban	2019-10-13 04:39:54
212.252.63.11	attackspam	Unsolicited bulk porn & phishing - varying ISPs (primarily Chinanet); repetitive redirects from blacklisted IP 92.63.192.124 & .151; spam volume up to 15/day. Unsolicited bulk spam - u-gun.co.jp, CHINANET NeiMengGu province network - 1.183.152.253 Sender domain hekimpor.com = 212.252.63.11 Tellcom Customer LAN Repetitive reply-to in this spam series. Reply-To: nanikarige@yahoo.com Spam series change: no phishing redirect spam link. Malicious attachment - Outlook blocked access to unsafe attachment: 22.jpg	2019-10-13 04:30:40
13.69.168.250	attack	Oct 12 06:03:26 foo sshd[2874]: Did not receive identification string from 13.69.168.250 Oct 12 06:05:53 foo sshd[2896]: Invalid user kafka from 13.69.168.250 Oct 12 06:05:53 foo sshd[2896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.69.168.250 Oct 12 06:05:56 foo sshd[2896]: Failed password for invalid user kafka from 13.69.168.250 port 35942 ssh2 Oct 12 06:05:56 foo sshd[2896]: Received disconnect from 13.69.168.250: 11: Normal Shutdown, Thank you for playing [preauth] Oct 12 06:06:27 foo sshd[2915]: Invalid user kafka from 13.69.168.250 Oct 12 06:06:27 foo sshd[2915]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.69.168.250 Oct 12 06:06:29 foo sshd[2915]: Failed password for invalid user kafka from 13.69.168.250 port 36698 ssh2 Oct 12 06:06:29 foo sshd[2915]: Received disconnect from 13.69.168.250: 11: Normal Shutdown, Thank you for playing [preauth] Oct 12 06:07:02 foo ssh........ -------------------------------	2019-10-13 04:44:27
209.141.41.78	attackbots	Oct 12 04:08:07 web1 sshd\[25605\]: Invalid user acoustic from 209.141.41.78 Oct 12 04:08:07 web1 sshd\[25605\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=209.141.41.78 Oct 12 04:08:09 web1 sshd\[25605\]: Failed password for invalid user acoustic from 209.141.41.78 port 33148 ssh2 Oct 12 04:08:12 web1 sshd\[25605\]: Failed password for invalid user acoustic from 209.141.41.78 port 33148 ssh2 Oct 12 04:08:15 web1 sshd\[25605\]: Failed password for invalid user acoustic from 209.141.41.78 port 33148 ssh2	2019-10-13 04:32:31
188.92.75.248	attackspambots	detected by Fail2Ban	2019-10-13 04:53:48
188.166.159.148	attackspambots	Oct 12 20:25:55 ns41 sshd[9054]: Failed password for root from 188.166.159.148 port 45235 ssh2 Oct 12 20:25:55 ns41 sshd[9054]: Failed password for root from 188.166.159.148 port 45235 ssh2	2019-10-13 04:26:23
119.18.154.196	attackbots	Oct 12 09:44:09 our-server-hostname postfix/smtpd[24780]: connect from unknown[119.18.154.196] Oct x@x Oct x@x Oct x@x Oct x@x Oct 12 09:44:11 our-server-hostname postfix/smtpd[24780]: lost connection after RCPT from unknown[119.18.154.196] Oct 12 09:44:11 our-server-hostname postfix/smtpd[24780]: disconnect from unknown[119.18.154.196] Oct 12 13:32:29 our-server-hostname postfix/smtpd[7948]: connect from unknown[119.18.154.196] Oct x@x Oct 12 13:32:31 our-server-hostname postfix/smtpd[7948]: lost connection after RCPT from unknown[119.18.154.196] Oct 12 13:32:31 our-server-hostname postfix/smtpd[7948]: disconnect from unknown[119.18.154.196] Oct 12 14:23:39 our-server-hostname postfix/smtpd[4250]: connect from unknown[119.18.154.196] Oct x@x Oct x@x Oct x@x Oct x@x Oct x@x Oct x@x Oct 12 14:23:48 our-server-hostname postfix/smtpd[4250]: lost connection after RCPT from unknown[119.18.154.196] Oct 12 14:23:48 our-server-hostname postfix/smtpd[4250]: disconnect from unkno........ -------------------------------	2019-10-13 04:37:00
103.232.123.80	attack	WordPress brute force	2019-10-13 04:43:49
104.131.3.165	attackspam	[munged]::443 104.131.3.165 - - [12/Oct/2019:22:26:21 +0200] "POST /[munged]: HTTP/1.1" 200 9080 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 104.131.3.165 - - [12/Oct/2019:22:26:23 +0200] "POST /[munged]: HTTP/1.1" 200 9080 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 104.131.3.165 - - [12/Oct/2019:22:26:24 +0200] "POST /[munged]: HTTP/1.1" 200 9080 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 104.131.3.165 - - [12/Oct/2019:22:26:26 +0200] "POST /[munged]: HTTP/1.1" 200 9080 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 104.131.3.165 - - [12/Oct/2019:22:26:27 +0200] "POST /[munged]: HTTP/1.1" 200 9080 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 104.131.3.165 - - [12/Oct/2019:22:26:28 +0200] "POST /[munged]: HTTP/1.1" 200 9080 "-" "Mozilla/5.0 (X11; Ubun	2019-10-13 04:52:49
159.203.216.157	attackbots	Oct 12 23:42:36 www sshd\[159629\]: Invalid user P4SS!@\# from 159.203.216.157 Oct 12 23:42:36 www sshd\[159629\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.216.157 Oct 12 23:42:38 www sshd\[159629\]: Failed password for invalid user P4SS!@\# from 159.203.216.157 port 50942 ssh2 ...	2019-10-13 04:48:57

最近上报的IP列表

129.150.68.200	178.239.208.32	168.227.56.130	211.167.71.195
99.180.82.27	156.216.8.59	91.230.97.79	220.101.87.38
79.6.223.152	27.139.147.241	125.104.208.32	179.228.115.4
198.71.235.23	222.246.155.187	211.94.67.42	59.145.113.226
180.150.128.58	76.199.224.119	206.189.86.188	160.238.246.173