195.133.20.42 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Czech Republic

运营商(isp): unknown

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

暂无关于此IP的讨论, 沙发请点上方按钮

相同子网IP讨论:

IP	类型	评论内容	时间
195.133.20.193	attack	Router logs showing dos and port scanning [DoS attack: TCP Port Scan] from source: 195.133.20.193:65533 Sunday, September 18,2022 16:33:43 Im seeing a ton of initial hits by russian based ip.. followed up after infection by what seems to be chinese methods of digging in below the os and also building a complex networking system to remove chokepoints and provide redundancy.. its happening at scale im not a direct target just a vector potentially to get into very large corporate headquarters in the area.. have found this... well remote access trojan.. in 3 businesses all major transaction business and 2 with a ton of proprietary information and designs. This is alarming and no one seems to take it as serious as it is.. in my own home ive fiddle and tested what it can do and its jaw dropping.. the level of working knowledge across sooo many systems down to the chipset instruction codes and bootloader... even using a non-storage devices rom for other purposes and moving what was originally there to else where with a working path to retrieve it so they system and hardware continues to function as it should.. just with quirks all the while making a bios flash and entirely new drive and os media useless because the malware or rogue code goes into action long before the os does.	2022-09-20 01:21:00
195.133.206.202	attack	Mar 5 05:53:55 [munged] sshd[18528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.133.206.202	2020-03-05 14:05:04

类型

评论内容

时间

195.133.20.193

attack

Router logs showing dos and port scanning
[DoS attack: TCP Port Scan] from source: 195.133.20.193:65533 Sunday, September 18,2022 16:33:43
Im seeing a ton of initial hits by russian based ip.. followed up after infection by what seems to be chinese methods of digging in below the os and also building a complex networking system to remove chokepoints and provide redundancy.. its happening at scale im not a direct target just a vector potentially to get into very large corporate headquarters in the area.. have found this... well remote access trojan.. in 3 businesses all major transaction business and 2 with a ton of proprietary information and designs. This is alarming and no one seems to take it as serious as it is.. in my own home ive fiddle and tested what it can do and its jaw dropping.. the level of working knowledge across sooo many systems down to the chipset instruction codes and bootloader... even using a non-storage devices rom for other purposes and moving what was originally there to else where with a working path to retrieve it so they system and hardware continues to function as it should.. just with quirks all the while making a bios flash and entirely new drive and os media useless because the malware or rogue code goes into action long before the os does.

2022-09-20 01:21:00

195.133.206.202

attack

Mar  5 05:53:55 [munged] sshd[18528]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.133.206.202

2020-03-05 14:05:04

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 195.133.20.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 10303
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;195.133.20.42.			IN	A

;; AUTHORITY SECTION:
.			142	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2021110500 1800 900 604800 86400

;; Query time: 64 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Nov 05 19:10:41 CST 2021
;; MSG SIZE  rcvd: 106

HOST信息:

Host 42.20.133.195.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 42.20.133.195.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
124.161.231.150	attackbots	2019-11-24T16:41:39.163251abusebot-2.cloudsearch.cf sshd\[18242\]: Invalid user info from 124.161.231.150 port 5787	2019-11-25 00:41:46
177.42.254.184	attackbots	Nov 24 06:30:04 hpm sshd\[26520\]: Invalid user rajang from 177.42.254.184 Nov 24 06:30:04 hpm sshd\[26520\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.42.254.184 Nov 24 06:30:07 hpm sshd\[26520\]: Failed password for invalid user rajang from 177.42.254.184 port 56894 ssh2 Nov 24 06:34:57 hpm sshd\[26932\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.42.254.184 user=sync Nov 24 06:34:58 hpm sshd\[26932\]: Failed password for sync from 177.42.254.184 port 47480 ssh2	2019-11-25 00:40:58
41.223.142.211	attack	Nov 24 15:52:06 ns382633 sshd\[32245\]: Invalid user Aarto from 41.223.142.211 port 58687 Nov 24 15:52:06 ns382633 sshd\[32245\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.142.211 Nov 24 15:52:08 ns382633 sshd\[32245\]: Failed password for invalid user Aarto from 41.223.142.211 port 58687 ssh2 Nov 24 16:26:14 ns382633 sshd\[6001\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.142.211 user=root Nov 24 16:26:15 ns382633 sshd\[6001\]: Failed password for root from 41.223.142.211 port 53329 ssh2	2019-11-25 00:34:15
5.45.6.66	attackbots	2019-11-24T17:43:09.422410scmdmz1 sshd\[3308\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=066-006-045-005.ip-addr.inexio.net user=root 2019-11-24T17:43:11.474254scmdmz1 sshd\[3308\]: Failed password for root from 5.45.6.66 port 38688 ssh2 2019-11-24T17:48:57.269337scmdmz1 sshd\[3729\]: Invalid user info from 5.45.6.66 port 44918 ...	2019-11-25 01:02:05
134.90.146.98	attackbotsspam	/xmlrpc.php	2019-11-25 00:39:13
81.171.85.139	attack	\[2019-11-24 11:19:23\] NOTICE\[2754\] chan_sip.c: Registration from '\' failed for '81.171.85.139:54856' - Wrong password \[2019-11-24 11:19:23\] SECURITY\[2765\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-24T11:19:23.400-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="608",SessionID="0x7f26c452fc98",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.139/54856",Challenge="3c3e14d0",ReceivedChallenge="3c3e14d0",ReceivedHash="b50ae21db0b448ee65545cf6ebdb3712" \[2019-11-24 11:19:46\] NOTICE\[2754\] chan_sip.c: Registration from '\' failed for '81.171.85.139:52134' - Wrong password \[2019-11-24 11:19:46\] SECURITY\[2765\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-24T11:19:46.476-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="609",SessionID="0x7f26c4b7dbd8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.139	2019-11-25 00:22:36
138.68.18.232	attackspam	2019-11-24T16:05:00.002705hub.schaetter.us sshd\[478\]: Invalid user danger123 from 138.68.18.232 port 46748 2019-11-24T16:05:00.014940hub.schaetter.us sshd\[478\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.18.232 2019-11-24T16:05:02.474114hub.schaetter.us sshd\[478\]: Failed password for invalid user danger123 from 138.68.18.232 port 46748 ssh2 2019-11-24T16:11:33.346757hub.schaetter.us sshd\[522\]: Invalid user cesler from 138.68.18.232 port 54464 2019-11-24T16:11:33.359413hub.schaetter.us sshd\[522\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.18.232 ...	2019-11-25 00:23:55
45.136.108.12	attackspam	3389BruteforceFW22	2019-11-25 00:29:50
52.247.223.210	attack	Nov 24 17:34:07 srv206 sshd[2917]: Invalid user fatimonhar from 52.247.223.210 ...	2019-11-25 00:47:49
82.3.98.11	attackbotsspam	Nov 24 10:49:18 Tower sshd[11771]: Connection from 82.3.98.11 port 52186 on 192.168.10.220 port 22 Nov 24 10:49:19 Tower sshd[11771]: Invalid user www-data from 82.3.98.11 port 52186 Nov 24 10:49:19 Tower sshd[11771]: error: Could not get shadow information for NOUSER Nov 24 10:49:19 Tower sshd[11771]: Failed password for invalid user www-data from 82.3.98.11 port 52186 ssh2 Nov 24 10:49:19 Tower sshd[11771]: Received disconnect from 82.3.98.11 port 52186:11: Bye Bye [preauth] Nov 24 10:49:19 Tower sshd[11771]: Disconnected from invalid user www-data 82.3.98.11 port 52186 [preauth]	2019-11-25 00:33:12
188.147.43.211	attackbots	Autoban 188.147.43.211 AUTH/CONNECT	2019-11-25 00:26:07
106.75.10.4	attack	Nov 24 19:09:00 debian sshd\[20741\]: Invalid user mary from 106.75.10.4 port 44553 Nov 24 19:09:00 debian sshd\[20741\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.10.4 Nov 24 19:09:02 debian sshd\[20741\]: Failed password for invalid user mary from 106.75.10.4 port 44553 ssh2 ...	2019-11-25 00:59:22
5.135.152.97	attackspam	Nov 24 16:58:27 MK-Soft-Root2 sshd[662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.135.152.97 Nov 24 16:58:30 MK-Soft-Root2 sshd[662]: Failed password for invalid user nickyp from 5.135.152.97 port 33320 ssh2 ...	2019-11-25 00:37:22
180.76.187.94	attackbotsspam	Nov 24 11:44:02 linuxvps sshd\[28368\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.187.94 user=root Nov 24 11:44:04 linuxvps sshd\[28368\]: Failed password for root from 180.76.187.94 port 58612 ssh2 Nov 24 11:51:21 linuxvps sshd\[32936\]: Invalid user hiruru from 180.76.187.94 Nov 24 11:51:21 linuxvps sshd\[32936\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.187.94 Nov 24 11:51:23 linuxvps sshd\[32936\]: Failed password for invalid user hiruru from 180.76.187.94 port 59910 ssh2	2019-11-25 00:56:08
202.131.126.142	attackbotsspam	$f2bV_matches_ltvn	2019-11-25 00:46:17

最近上报的IP列表

182.99.43.134	100.118.30.135	88.132.236.227	183.193.126.33
3.17.180.215	139.180.190.110	45.146.252.32	45.148.120.220
45.165.61.237	202.97.82.21	195.158.248.123	49.149.69.51
172.31.64.1	209.85.220.4	34.221.245.190	211.36.133.61
2a00:102a:4000:c1a7:428:242:80e3:9d21	92.186.117.24	93.203.132.5	45.81.18.5