220.248.200.132

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Run Mei Internet Cafe

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Commercial

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Apr 14 20:24:21 debian-2gb-nbg1-2 kernel: \[9147650.066337\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=220.248.200.132 DST=195.201.40.59 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=15262 PROTO=TCP SPT=43912 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0	2020-04-15 03:40:26

类型

评论内容

时间

attack

Apr 14 20:24:21 debian-2gb-nbg1-2 kernel: \[9147650.066337\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=220.248.200.132 DST=195.201.40.59 LEN=44 TOS=0x00 PREC=0x00 TTL=232 ID=15262 PROTO=TCP SPT=43912 DPT=1433 WINDOW=1024 RES=0x00 SYN URGP=0

2020-04-15 03:40:26

相同子网IP讨论:

IP	类型	评论内容	时间
220.248.200.226	attack	(mod_security) mod_security (id:230011) triggered by 220.248.200.226 (CN/China/226.200.248.220.adsl-pool.jx.chinaunicom.com): 5 in the last 3600 secs	2020-01-24 06:55:33
220.248.200.226	attack	Autoban 220.248.200.226 ABORTED AUTH	2019-11-18 19:20:46

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 220.248.200.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65020
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;220.248.200.132.		IN	A

;; AUTHORITY SECTION:
.			569	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020030500 1800 900 604800 86400

;; Query time: 47 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Mar 05 18:54:49 CST 2020
;; MSG SIZE  rcvd: 119

HOST信息:

132.200.248.220.in-addr.arpa domain name pointer 132.200.248.220.adsl-pool.jx.chinaunicom.com.

NSLOOKUP信息:

Server:		100.100.2.138
Address:	100.100.2.138#53

Non-authoritative answer:
132.200.248.220.in-addr.arpa	name = 132.200.248.220.adsl-pool.jx.chinaunicom.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
82.159.138.57	attackbotsspam	--- report --- Dec 9 05:56:30 sshd: Connection from 82.159.138.57 port 60739 Dec 9 05:56:31 sshd: Invalid user sinnie from 82.159.138.57 Dec 9 05:56:31 sshd: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.159.138.57.static.user.ono.com Dec 9 05:56:34 sshd: Failed password for invalid user sinnie from 82.159.138.57 port 60739 ssh2 Dec 9 05:56:34 sshd: Received disconnect from 82.159.138.57: 11: Bye Bye [preauth]	2019-12-09 17:07:48
117.81.232.87	attackspam	Dec 9 09:24:07 OPSO sshd\[15997\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.81.232.87 user=admin Dec 9 09:24:10 OPSO sshd\[15997\]: Failed password for admin from 117.81.232.87 port 55252 ssh2 Dec 9 09:29:18 OPSO sshd\[17553\]: Invalid user takitani from 117.81.232.87 port 52814 Dec 9 09:29:18 OPSO sshd\[17553\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.81.232.87 Dec 9 09:29:21 OPSO sshd\[17553\]: Failed password for invalid user takitani from 117.81.232.87 port 52814 ssh2	2019-12-09 16:50:05
37.49.229.166	attackbotsspam	37.49.229.166 was recorded 7 times by 1 hosts attempting to connect to the following ports: 3030,1010,8080,7070,9090,2020,5050. Incident counter (4h, 24h, all-time): 7, 52, 110	2019-12-09 17:20:39
112.250.64.171	attack	Host Scan	2019-12-09 17:10:03
104.211.216.212	attackspambots	[AUTOMATIC REPORT] - 23 tries in total - SSH BRUTE FORCE - IP banned	2019-12-09 16:43:58
188.166.18.69	attackspam	188.166.18.69 - - \[09/Dec/2019:09:14:23 +0100\] "POST /wp-login.php HTTP/1.0" 200 4404 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 188.166.18.69 - - \[09/Dec/2019:09:14:24 +0100\] "POST /wp-login.php HTTP/1.0" 200 4236 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 188.166.18.69 - - \[09/Dec/2019:09:14:25 +0100\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-12-09 17:08:54
142.93.240.103	attackbotsspam	SSH authentication failure x 6 reported by Fail2Ban ...	2019-12-09 16:57:27
209.208.63.235	attackspam	SSH Scan	2019-12-09 16:45:19
131.246.125.99	attack	Dec 9 09:45:09 ArkNodeAT sshd\[8469\]: Invalid user gavra from 131.246.125.99 Dec 9 09:45:09 ArkNodeAT sshd\[8469\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=131.246.125.99 Dec 9 09:45:11 ArkNodeAT sshd\[8469\]: Failed password for invalid user gavra from 131.246.125.99 port 46964 ssh2	2019-12-09 16:48:15
5.189.154.107	attackspambots	Forbidden directory scan :: 2019/12/09 06:29:34 [error] 40444#40444: *633289 access forbidden by rule, client: 5.189.154.107, server: [censored_2], request: "GET /wp-config.php1 HTTP/1.1", host: "[censored_2]", referrer: "http://[censored_2]/wp-config.php1"	2019-12-09 17:19:56
54.39.145.123	attack	2019-12-09T08:28:06.768411shield sshd\[26288\]: Invalid user cabana from 54.39.145.123 port 33316 2019-12-09T08:28:06.772859shield sshd\[26288\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.ip-54-39-145.net 2019-12-09T08:28:08.999295shield sshd\[26288\]: Failed password for invalid user cabana from 54.39.145.123 port 33316 ssh2 2019-12-09T08:33:20.809496shield sshd\[28127\]: Invalid user sites10 from 54.39.145.123 port 40254 2019-12-09T08:33:20.814516shield sshd\[28127\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.ip-54-39-145.net	2019-12-09 17:16:22
140.143.98.35	attack	Dec 9 10:04:09 localhost sshd\[22247\]: Invalid user daros from 140.143.98.35 port 49718 Dec 9 10:04:09 localhost sshd\[22247\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.98.35 Dec 9 10:04:11 localhost sshd\[22247\]: Failed password for invalid user daros from 140.143.98.35 port 49718 ssh2	2019-12-09 17:07:30
117.6.78.253	attackspambots	Dec 9 08:43:35 OPSO sshd\[4938\]: Invalid user li from 117.6.78.253 port 40604 Dec 9 08:43:35 OPSO sshd\[4938\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.6.78.253 Dec 9 08:43:37 OPSO sshd\[4938\]: Failed password for invalid user li from 117.6.78.253 port 40604 ssh2 Dec 9 08:50:33 OPSO sshd\[7047\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.6.78.253 user=root Dec 9 08:50:35 OPSO sshd\[7047\]: Failed password for root from 117.6.78.253 port 50010 ssh2	2019-12-09 16:47:13
54.37.139.235	attackbots	Dec 9 13:34:05 itv-usvr-01 sshd[6398]: Invalid user downloads from 54.37.139.235 Dec 9 13:34:05 itv-usvr-01 sshd[6398]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.139.235 Dec 9 13:34:05 itv-usvr-01 sshd[6398]: Invalid user downloads from 54.37.139.235 Dec 9 13:34:07 itv-usvr-01 sshd[6398]: Failed password for invalid user downloads from 54.37.139.235 port 38732 ssh2 Dec 9 13:41:26 itv-usvr-01 sshd[6818]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.139.235 user=root Dec 9 13:41:28 itv-usvr-01 sshd[6818]: Failed password for root from 54.37.139.235 port 46682 ssh2	2019-12-09 16:44:53
5.18.163.58	attackbotsspam	firewall-block, port(s): 9001/tcp	2019-12-09 16:46:57

最近上报的IP列表

171.249.156.214	117.4.114.87	113.172.220.146	103.36.8.130
195.54.166.26	94.67.255.185	123.21.177.142	113.176.164.51
211.228.39.154	200.111.103.206	91.185.23.218	36.90.95.119
125.40.186.218	42.98.38.120	14.168.44.50	154.126.79.14
95.180.248.136	78.92.199.76	77.28.103.195	14.253.82.101