180.111.1.142 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): ChinaNet Jiangsu Province Network

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Jul 17 01:26:41 itv-usvr-01 sshd[31908]: Invalid user alexia from 180.111.1.142 Jul 17 01:26:41 itv-usvr-01 sshd[31908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.111.1.142 Jul 17 01:26:41 itv-usvr-01 sshd[31908]: Invalid user alexia from 180.111.1.142 Jul 17 01:26:43 itv-usvr-01 sshd[31908]: Failed password for invalid user alexia from 180.111.1.142 port 45596 ssh2 Jul 17 01:30:50 itv-usvr-01 sshd[32072]: Invalid user postgres from 180.111.1.142	2020-07-17 02:31:00

类型

评论内容

时间

attack

Jul 17 01:26:41 itv-usvr-01 sshd[31908]: Invalid user alexia from 180.111.1.142
Jul 17 01:26:41 itv-usvr-01 sshd[31908]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.111.1.142
Jul 17 01:26:41 itv-usvr-01 sshd[31908]: Invalid user alexia from 180.111.1.142
Jul 17 01:26:43 itv-usvr-01 sshd[31908]: Failed password for invalid user alexia from 180.111.1.142 port 45596 ssh2
Jul 17 01:30:50 itv-usvr-01 sshd[32072]: Invalid user postgres from 180.111.1.142

2020-07-17 02:31:00

相同子网IP讨论:

IP	类型	评论内容	时间
180.111.185.102	attack	SSH Invalid Login	2020-08-09 07:06:43
180.111.175.72	attack	Unauthorized connection attempt detected from IP address 180.111.175.72 to port 23 [T]	2020-04-10 20:02:48
180.111.175.143	attackspam	sshd: Authentication Failures: unknown (180.111.175.143): 83 Time(s) root (180.111.175.143): 15 Time(s)	2020-01-21 17:25:46
180.111.164.44	attackspambots	The IP has triggered Cloudflare WAF. CF-Ray: 540fc2977cecebbd \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/2 \| Method: GET \| Host: api.skk.moe \| User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 13_2_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.3 Mobile/15E148 Safari/604.1 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 03:29:37
180.111.132.101	attackspambots	Dec 5 20:58:28 mail sshd[6535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.111.132.101 Dec 5 20:58:30 mail sshd[6535]: Failed password for invalid user Pass_hash from 180.111.132.101 port 20342 ssh2 Dec 5 21:05:10 mail sshd[8868]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.111.132.101	2019-12-06 04:10:32
180.111.132.101	attack	Dec 5 11:56:28 vps647732 sshd[5109]: Failed password for root from 180.111.132.101 port 20241 ssh2 Dec 5 12:04:15 vps647732 sshd[5324]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.111.132.101 ...	2019-12-05 19:21:02
180.111.132.101	attack	Dec 4 05:56:39 * sshd[10188]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.111.132.101 Dec 4 05:56:41 * sshd[10188]: Failed password for invalid user tiffany from 180.111.132.101 port 19869 ssh2	2019-12-04 14:15:16
180.111.133.154	attackbots	Nov 3 08:27:02 sso sshd[16371]: Failed password for root from 180.111.133.154 port 5302 ssh2 ...	2019-11-03 16:47:08
180.111.100.24	attack	Jul 29 22:55:13 GIZ-Server-02 sshd[29736]: Invalid user valhalla from 180.111.100.24 Jul 29 22:55:13 GIZ-Server-02 sshd[29736]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.111.100.24 Jul 29 22:55:15 GIZ-Server-02 sshd[29736]: Failed password for invalid user valhalla from 180.111.100.24 port 3801 ssh2 Jul 29 22:55:16 GIZ-Server-02 sshd[29736]: Received disconnect from 180.111.100.24: 11: Bye Bye [preauth] Jul 29 23:06:05 GIZ-Server-02 sshd[29345]: Invalid user darren from 180.111.100.24 Jul 29 23:06:05 GIZ-Server-02 sshd[29345]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.111.100.24 Jul 29 23:06:07 GIZ-Server-02 sshd[29345]: Failed password for invalid user darren from 180.111.100.24 port 3975 ssh2 Jul 29 23:06:07 GIZ-Server-02 sshd[29345]: Received disconnect from 180.111.100.24: 11: Bye Bye [preauth] Jul 29 23:09:03 GIZ-Server-02 sshd[5514]: Invalid user tmbecker from 180........ -------------------------------	2019-07-30 19:21:20

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 180.111.1.142
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44360
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;180.111.1.142.			IN	A

;; AUTHORITY SECTION:
.			598	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020071602 1800 900 604800 86400

;; Query time: 23 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Jul 17 02:30:57 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

Host 142.1.111.180.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 142.1.111.180.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
206.123.204.42	attackbotsspam	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-05 16:17:34,693 INFO [shellcode_manager] (206.123.204.42) no match, writing hexdump (e7006d4857712fff78572186f0832f87 :2371902) - MS17010 (EternalBlue)	2019-07-06 03:53:02
93.39.116.254	attackbotsspam	Jul 5 20:08:14 vpn01 sshd\[22214\]: Invalid user bian from 93.39.116.254 Jul 5 20:08:14 vpn01 sshd\[22214\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.39.116.254 Jul 5 20:08:16 vpn01 sshd\[22214\]: Failed password for invalid user bian from 93.39.116.254 port 38124 ssh2	2019-07-06 03:58:31
164.132.192.219	attackspambots	Jul 5 21:36:43 dedicated sshd[31454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.132.192.219 user=backup Jul 5 21:36:46 dedicated sshd[31454]: Failed password for backup from 164.132.192.219 port 41908 ssh2	2019-07-06 03:39:02
120.52.152.17	attack	05.07.2019 18:57:27 Connection to port 161 blocked by firewall	2019-07-06 03:28:31
87.253.33.241	attackbots	Autoban 87.253.33.241 AUTH/CONNECT	2019-07-06 03:42:47
85.10.33.171	attackspam	Jul 5 21:54:33 rpi sshd[9523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.10.33.171 Jul 5 21:54:35 rpi sshd[9523]: Failed password for invalid user role1 from 85.10.33.171 port 55722 ssh2	2019-07-06 04:08:14
128.199.197.53	attackbots	Jul 5 21:53:55 mail sshd\[5362\]: Invalid user keystone from 128.199.197.53 port 36469 Jul 5 21:53:55 mail sshd\[5362\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.197.53 Jul 5 21:53:57 mail sshd\[5362\]: Failed password for invalid user keystone from 128.199.197.53 port 36469 ssh2 Jul 5 21:56:31 mail sshd\[5745\]: Invalid user deploy from 128.199.197.53 port 49007 Jul 5 21:56:31 mail sshd\[5745\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.197.53	2019-07-06 03:57:44
125.212.253.118	attack	Honeypot attack, port: 445, PTR: PTR record not found	2019-07-06 04:09:35
119.183.243.183	attackbots	" "	2019-07-06 03:55:14
113.141.64.69	attack	Honeypot attack, port: 445, PTR: PTR record not found	2019-07-06 04:03:45
39.96.179.145	attack	Jul 5 20:07:43 www sshd\[10123\]: Invalid user 1111 from 39.96.179.145 port 60308 ...	2019-07-06 04:08:36
101.91.214.178	attackbots	Jul 6 00:21:28 tanzim-HP-Z238-Microtower-Workstation sshd\[26227\]: Invalid user nagios from 101.91.214.178 Jul 6 00:21:28 tanzim-HP-Z238-Microtower-Workstation sshd\[26227\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.91.214.178 Jul 6 00:21:30 tanzim-HP-Z238-Microtower-Workstation sshd\[26227\]: Failed password for invalid user nagios from 101.91.214.178 port 59267 ssh2 ...	2019-07-06 03:39:22
203.118.57.21	attack	Jul 5 20:59:08 jane sshd\[9867\]: Invalid user wangyi from 203.118.57.21 port 47236 Jul 5 20:59:08 jane sshd\[9867\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.118.57.21 Jul 5 20:59:10 jane sshd\[9867\]: Failed password for invalid user wangyi from 203.118.57.21 port 47236 ssh2 ...	2019-07-06 03:29:16
112.30.117.22	attackspambots	Jul 5 21:20:30 dev sshd\[21476\]: Invalid user \#m \#s\{position from 112.30.117.22 port 40343 Jul 5 21:20:30 dev sshd\[21476\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.30.117.22 Jul 5 21:20:32 dev sshd\[21476\]: Failed password for invalid user \#m \#s\{position from 112.30.117.22 port 40343 ssh2	2019-07-06 03:40:53
187.18.175.37	attackspambots	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-05 16:14:41,822 INFO [shellcode_manager] (187.18.175.37) no match, writing hexdump (20bb183) no match, writing hexdump (2219db7c1dfbda08185def7fbcbbbfae :2215165) - MS17010 (EternalBlue)	2019-07-06 03:56:49

最近上报的IP列表

6.123.102.239	17.63.153.14	19.75.110.61	1.174.0.239
111.253.62.32	222.254.123.19	190.200.88.215	169.146.86.210
61.140.74.171	30.213.171.154	96.1.13.49	102.42.120.249
38.53.161.243	235.219.52.232	42.113.155.125	240.110.0.67
234.16.187.134	164.221.225.132	236.80.16.194	83.13.53.58