220.164.145.57

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): ChinaNet Yunnan Province Network

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Lines containing failures of 220.164.145.57 Mar 26 13:19:17 shared11 sshd[3493]: Invalid user admin from 220.164.145.57 port 59234 Mar 26 13:19:17 shared11 sshd[3493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.164.145.57 Mar 26 13:19:18 shared11 sshd[3493]: Failed password for invalid user admin from 220.164.145.57 port 59234 ssh2 Mar 26 13:19:19 shared11 sshd[3493]: Connection closed by invalid user admin 220.164.145.57 port 59234 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=220.164.145.57	2020-03-27 04:30:42

类型

评论内容

时间

attack

Lines containing failures of 220.164.145.57
Mar 26 13:19:17 shared11 sshd[3493]: Invalid user admin from 220.164.145.57 port 59234
Mar 26 13:19:17 shared11 sshd[3493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.164.145.57
Mar 26 13:19:18 shared11 sshd[3493]: Failed password for invalid user admin from 220.164.145.57 port 59234 ssh2
Mar 26 13:19:19 shared11 sshd[3493]: Connection closed by invalid user admin 220.164.145.57 port 59234 [preauth]


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=220.164.145.57

2020-03-27 04:30:42

相同子网IP讨论:

IP	类型	评论内容	时间
220.164.145.63	attack	ssh brute force	2019-09-14 03:40:18

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 220.164.145.57
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39469
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;220.164.145.57.			IN	A

;; AUTHORITY SECTION:
.			234	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020032601 1800 900 604800 86400

;; Query time: 36 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Mar 27 04:30:39 CST 2020
;; MSG SIZE  rcvd: 118

HOST信息:

57.145.164.220.in-addr.arpa domain name pointer 57.145.164.220.broad.sm.yn.dynamic.163data.com.cn.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
57.145.164.220.in-addr.arpa	name = 57.145.164.220.broad.sm.yn.dynamic.163data.com.cn.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
200.89.178.12	attackbotsspam	Apr 1 17:05:40 xxxxxxx8434580 sshd[16072]: Failed password for r.r from 200.89.178.12 port 33904 ssh2 Apr 1 17:05:40 xxxxxxx8434580 sshd[16072]: Received disconnect from 200.89.178.12: 11: Bye Bye [preauth] Apr 1 17:14:42 xxxxxxx8434580 sshd[16280]: Failed password for r.r from 200.89.178.12 port 35882 ssh2 Apr 1 17:14:43 xxxxxxx8434580 sshd[16280]: Received disconnect from 200.89.178.12: 11: Bye Bye [preauth] Apr 1 17:19:53 xxxxxxx8434580 sshd[16399]: Failed password for r.r from 200.89.178.12 port 50064 ssh2 Apr 1 17:19:53 xxxxxxx8434580 sshd[16399]: Received disconnect from 200.89.178.12: 11: Bye Bye [preauth] Apr 1 17:25:00 xxxxxxx8434580 sshd[16489]: Failed password for r.r from 200.89.178.12 port 36010 ssh2 Apr 1 17:25:01 xxxxxxx8434580 sshd[16489]: Received disconnect from 200.89.178.12: 11: Bye Bye [preauth] Apr 1 17:30:10 xxxxxxx8434580 sshd[16559]: Invalid user zhaolu from 200.89.178.12 Apr 1 17:30:12 xxxxxxx8434580 sshd[16559]: Failed password for i........ -------------------------------	2020-04-02 09:01:29
220.134.15.118	attackspam	port scan and connect, tcp 23 (telnet)	2020-04-02 09:04:26
221.158.216.243	attackbotsspam	Apr 1 21:10:10 system,error,critical: login failure for user admin from 221.158.216.243 via telnet Apr 1 21:10:11 system,error,critical: login failure for user root from 221.158.216.243 via telnet Apr 1 21:10:13 system,error,critical: login failure for user admin from 221.158.216.243 via telnet Apr 1 21:10:17 system,error,critical: login failure for user root from 221.158.216.243 via telnet Apr 1 21:10:19 system,error,critical: login failure for user Administrator from 221.158.216.243 via telnet Apr 1 21:10:21 system,error,critical: login failure for user admin from 221.158.216.243 via telnet Apr 1 21:10:25 system,error,critical: login failure for user 666666 from 221.158.216.243 via telnet Apr 1 21:10:27 system,error,critical: login failure for user root from 221.158.216.243 via telnet Apr 1 21:10:28 system,error,critical: login failure for user root from 221.158.216.243 via telnet Apr 1 21:10:33 system,error,critical: login failure for user root from 221.158.216.243 via telnet	2020-04-02 09:37:29
222.186.175.217	attackspambots	Apr 2 03:28:31 eventyay sshd[11880]: Failed password for root from 222.186.175.217 port 56328 ssh2 Apr 2 03:28:35 eventyay sshd[11880]: Failed password for root from 222.186.175.217 port 56328 ssh2 Apr 2 03:28:38 eventyay sshd[11880]: Failed password for root from 222.186.175.217 port 56328 ssh2 Apr 2 03:28:42 eventyay sshd[11880]: Failed password for root from 222.186.175.217 port 56328 ssh2 ...	2020-04-02 09:33:34
51.91.56.133	attackbotsspam	SSH Invalid Login	2020-04-02 09:35:45
35.196.8.137	attackbotsspam	Fail2Ban Ban Triggered	2020-04-02 09:35:59
178.242.186.157	attack	Automatic report - Port Scan Attack	2020-04-02 09:08:42
103.140.190.226	attack	$f2bV_matches	2020-04-02 09:29:38
109.227.63.3	attackbots	Invalid user zenobia from 109.227.63.3 port 57936	2020-04-02 09:00:41
114.119.163.4	attackbots	[Thu Apr 02 04:11:16.867928 2020] [:error] [pid 28641:tid 139905088595712] [client 114.119.163.4:52112] [client 114.119.163.4] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/prakiraan-iklim/agroklimatologi/kalender-tanam/760-kalender-tanam-katam-terpadu-pulau-jawa/kalender-tanam-katam-terpadu-provinsi-jawa-timur/kalender-tanam-katam-terpadu-kabupaten-ngawi/kalender-tanam-katam-terpadu-kecamatan-jogorogo-kabupaten-ng ...	2020-04-02 08:59:10
78.128.113.73	attackbots	Apr 2 03:04:36 relay postfix/smtpd\[8338\]: warning: unknown\[78.128.113.73\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Apr 2 03:04:58 relay postfix/smtpd\[5777\]: warning: unknown\[78.128.113.73\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Apr 2 03:10:59 relay postfix/smtpd\[13244\]: warning: unknown\[78.128.113.73\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Apr 2 03:11:19 relay postfix/smtpd\[13244\]: warning: unknown\[78.128.113.73\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Apr 2 03:11:41 relay postfix/smtpd\[5777\]: warning: unknown\[78.128.113.73\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-04-02 09:14:45
70.65.174.69	attack	Invalid user jianzuoyi from 70.65.174.69 port 35742	2020-04-02 09:02:38
62.210.77.54	attack	Apr 2 03:07:05 ns381471 sshd[32577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.210.77.54 Apr 2 03:07:08 ns381471 sshd[32577]: Failed password for invalid user admin from 62.210.77.54 port 33128 ssh2	2020-04-02 09:21:22
111.90.156.60	attackbotsspam	Automatic report - XMLRPC Attack	2020-04-02 09:12:53
187.163.154.129	attackbots	Automatic report - Port Scan Attack	2020-04-02 09:05:26

最近上报的IP列表

192.92.133.161	49.126.190.150	114.33.196.171	254.90.166.199
44.189.240.63	89.132.52.192	204.2.28.2	115.107.244.171
177.67.14.114	198.123.54.24	247.66.8.103	97.55.184.81
247.220.130.238	137.34.127.177	152.32.104.226	181.54.13.68
180.247.215.235	116.109.66.169	5.218.70.46	2.219.238.226