204.93.180.6 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): Rethem Hosting LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	port scanning	2019-11-30 15:51:43

相同子网IP讨论:

IP	类型	评论内容	时间
204.93.180.12	attackbots	Unauthorized SMTP/IMAP/POP3 connection attempt	2020-02-13 03:17:01

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 204.93.180.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42001
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;204.93.180.6.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019080600 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Tue Aug 06 20:08:38 CST 2019
;; MSG SIZE  rcvd: 116

HOST信息:

6.180.93.204.in-addr.arpa domain name pointer unknown.scnet.net.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
6.180.93.204.in-addr.arpa	name = unknown.scnet.net.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
203.160.91.226	attackbotsspam	Feb 27 22:08:57 motanud sshd\[9767\]: Invalid user zhu from 203.160.91.226 port 47134 Feb 27 22:08:57 motanud sshd\[9767\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.160.91.226 Feb 27 22:08:59 motanud sshd\[9767\]: Failed password for invalid user zhu from 203.160.91.226 port 47134 ssh2	2019-08-11 05:20:59
187.189.109.138	attackspam	Jan 12 00:38:53 motanud sshd\[15907\]: Invalid user vnc from 187.189.109.138 port 55608 Jan 12 00:38:53 motanud sshd\[15907\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.189.109.138 Jan 12 00:38:56 motanud sshd\[15907\]: Failed password for invalid user vnc from 187.189.109.138 port 55608 ssh2	2019-08-11 06:04:30
162.243.144.22	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-08-11 05:22:09
122.143.162.157	attack	Honeypot attack, port: 23, PTR: 157.162.143.122.adsl-pool.jlccptt.net.cn.	2019-08-11 05:45:04
213.194.169.40	attackspambots	Aug 10 22:42:58 v22018076622670303 sshd\[12160\]: Invalid user debora from 213.194.169.40 port 48158 Aug 10 22:42:58 v22018076622670303 sshd\[12160\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.194.169.40 Aug 10 22:43:00 v22018076622670303 sshd\[12160\]: Failed password for invalid user debora from 213.194.169.40 port 48158 ssh2 ...	2019-08-11 05:46:33
101.251.237.228	attackbots	$f2bV_matches_ltvn	2019-08-11 05:50:10
187.73.231.244	attackspambots	[Sat Aug 10 19:08:37.022344 2019] [:error] [pid 31623:tid 139714648553216] [client 187.73.231.244:39454] [client 187.73.231.244] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.1.1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "792"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197:80"] [severity "WARNING"] [ver "OWASP_CRS/3.1.1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "XU6zxe2gkJ4JTbKrdjtzzgAAABM"] ...	2019-08-11 06:05:24
178.128.37.180	attack	Aug 10 18:46:11 XXX sshd[40371]: Invalid user wen from 178.128.37.180 port 43588	2019-08-11 05:38:31
123.200.11.230	attack	Mail sent to address hacked/leaked from Last.fm	2019-08-11 06:01:39
118.126.113.113	attackspam	109.230.239.171 118.126.113.113 \[10/Aug/2019:14:09:33 +0200\] "GET /scripts/setup.php HTTP/1.1" 301 546 "-" "Mozilla/5.0 $X11\; Linux x86_64\; rv:28.0$ Gecko/20100101 Firefox/28.0" 109.230.239.171 118.126.113.113 \[10/Aug/2019:14:09:33 +0200\] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 301 568 "-" "Mozilla/5.0 $X11\; Linux x86_64\; rv:28.0$ Gecko/20100101 Firefox/28.0" 109.230.239.171 118.126.113.113 \[10/Aug/2019:14:09:33 +0200\] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 301 568 "-" "Mozilla/5.0 $X11\; Linux x86_64\; rv:28.0$ Gecko/20100101 Firefox/28.0"	2019-08-11 05:28:09
139.59.154.219	attack	Apr 10 10:44:34 motanud sshd\[22429\]: Invalid user ubuntu from 139.59.154.219 port 49712 Apr 10 10:44:34 motanud sshd\[22429\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.154.219 Apr 10 10:44:36 motanud sshd\[22429\]: Failed password for invalid user ubuntu from 139.59.154.219 port 49712 ssh2	2019-08-11 05:23:17
189.51.104.161	attackspam	failed_logins	2019-08-11 05:29:17
139.59.149.183	attackbots	Aug 10 12:41:57 unicornsoft sshd\[9853\]: Invalid user pdf from 139.59.149.183 Aug 10 12:41:57 unicornsoft sshd\[9853\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.149.183 Aug 10 12:41:59 unicornsoft sshd\[9853\]: Failed password for invalid user pdf from 139.59.149.183 port 34715 ssh2	2019-08-11 05:29:36
139.59.135.84	attackbots	Feb 23 23:36:00 motanud sshd\[1525\]: Invalid user dspace from 139.59.135.84 port 39972 Feb 23 23:36:00 motanud sshd\[1525\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.135.84 Feb 23 23:36:02 motanud sshd\[1525\]: Failed password for invalid user dspace from 139.59.135.84 port 39972 ssh2	2019-08-11 05:37:58
179.162.96.121	attackspambots	Automatic report - Port Scan Attack	2019-08-11 05:48:23

最近上报的IP列表

218.89.98.228	2001:2d8:e877:51fa::9e1:b0a4	111.6.78.158	49.69.175.116
114.25.112.225	3.19.51.34	185.74.189.184	211.134.214.51
159.65.150.85	109.254.173.9	77.42.114.61	47.188.124.243
42.176.134.38	192.241.152.168	180.126.59.45	37.202.112.140
155.138.206.153	90.206.98.74	148.70.97.250	96.61.152.44