221.13.12.43 - IPInfo

基本信息:

城市(city): Guiyang

省份(region): Guizhou

国家(country): China

运营商(isp): China Unicom Guizhou Province Network

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	The IP has triggered Cloudflare WAF. CF-Ray: 5416c1548ce3eb59 \| WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: disqus.skk.moe \| User-Agent: Mozilla/4.074482891 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 03:26:59

类型

评论内容

时间

attackspam

The IP has triggered Cloudflare WAF. CF-Ray: 5416c1548ce3eb59 | WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 | WAF_Kind: firewall | CF_Action: drop | Country: CN | CF_IPClass: noRecord | Protocol: HTTP/1.1 | Method: GET | Host: disqus.skk.moe | User-Agent: Mozilla/4.074482891 Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0 | CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-08 03:26:59

相同子网IP讨论:

IP	类型	评论内容	时间
221.13.12.79	attack	Unauthorized connection attempt detected from IP address 221.13.12.79 to port 123	2020-06-13 06:05:18
221.13.12.19	attack	Web Server Scan. RayID: 592aa77abd9b0256, UA: Mozilla/4.049897920 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729), Country: CN	2020-05-21 03:47:26
221.13.12.222	attackspam	China's GFW probe	2020-05-15 17:35:44
221.13.12.235	attack	Unauthorized connection attempt detected from IP address 221.13.12.235 to port 992 [T]	2020-04-15 02:25:36
221.13.12.179	attackspam	Unauthorized connection attempt detected from IP address 221.13.12.179 to port 3389 [J]	2020-03-03 02:05:51
221.13.12.142	attackspam	Unauthorized connection attempt detected from IP address 221.13.12.142 to port 8899 [J]	2020-03-02 20:47:11
221.13.12.187	attack	Unauthorized connection attempt detected from IP address 221.13.12.187 to port 22 [J]	2020-03-02 19:21:12
221.13.12.104	attackbots	Unauthorized connection attempt detected from IP address 221.13.12.104 to port 22 [J]	2020-03-02 17:29:07
221.13.12.65	attack	Unauthorized connection attempt detected from IP address 221.13.12.65 to port 8081 [J]	2020-03-02 16:58:59
221.13.12.133	attackspam	Unauthorized connection attempt detected from IP address 221.13.12.133 to port 8082 [J]	2020-03-02 16:29:37
221.13.12.98	attack	Unauthorized connection attempt detected from IP address 221.13.12.98 to port 8118 [J]	2020-03-02 14:47:39
221.13.12.91	attack	Unauthorized connection attempt detected from IP address 221.13.12.91 to port 8000 [J]	2020-03-02 14:14:42
221.13.12.97	attackbots	Unauthorized connection attempt detected from IP address 221.13.12.97 to port 8443 [J]	2020-02-05 09:04:55
221.13.12.118	attackbots	Unauthorized connection attempt detected from IP address 221.13.12.118 to port 443 [J]	2020-01-31 22:42:35
221.13.12.224	attackspam	Unauthorized connection attempt detected from IP address 221.13.12.224 to port 9011 [T]	2020-01-29 10:16:31

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 221.13.12.43
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2896
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;221.13.12.43.			IN	A

;; AUTHORITY SECTION:
.			419	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019120700 1800 900 604800 86400

;; Query time: 52 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Dec 08 03:26:56 CST 2019
;; MSG SIZE  rcvd: 116

HOST信息:

Host 43.12.13.221.in-addr.arpa not found: 2(SERVFAIL)

NSLOOKUP信息:

;; Got SERVFAIL reply from 183.60.83.19, trying next server
Server:		183.60.82.98
Address:	183.60.82.98#53

** server can't find 43.12.13.221.in-addr.arpa: SERVFAIL

最新评论:

IP	类型	评论内容	时间
176.126.83.22	attackbotsspam	\[2019-07-09 17:41:27\] NOTICE\[6698\] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '\' failed for '176.126.83.22:1257' \(callid: 914379366-582010081-697467353\) - Failed to authenticate \[2019-07-09 17:41:27\] SECURITY\[3671\] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2019-07-09T17:41:27.293+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="\",SessionID="914379366-582010081-697467353",LocalAddress="IPV4/UDP/188.40.118.248/5060",RemoteAddress="IPV4/UDP/176.126.83.22/1257",Challenge="1562686887/b663ac3104ef5213cf4f61c9031b1db9",Response="809f57dadf7941ed7b2dfb9931eb661d",ExpectedResponse="" \[2019-07-09 17:41:27\] NOTICE\[13863\] res_pjsip/pjsip_distributor.c: Request 'REGISTER' from '\' failed for '176.126.83.22:1257' \(callid: 914379366-582010081-697467353\) - Failed to authenticate \[2019-07-09 17:41:27\] SECURITY\[3671\] res_security_log.c: SecurityEvent="ChallengeResponseFaile	2019-07-09 23:47:13
206.180.160.83	attackspam	19/7/9@09:41:38: FAIL: Alarm-Intrusion address from=206.180.160.83 ...	2019-07-09 23:49:21
41.40.80.127	attack	Honeypot attack, port: 23, PTR: host-41.40.80.127.tedata.net.	2019-07-09 22:47:15
91.134.120.5	attack	port scan and connect, tcp 22 (ssh)	2019-07-09 22:38:21
77.247.109.72	attackbots	\[2019-07-09 11:13:15\] NOTICE\[13443\] chan_sip.c: Registration from '"7000" \' failed for '77.247.109.72:5642' - Wrong password \[2019-07-09 11:13:15\] SECURITY\[13451\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-07-09T11:13:15.120-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="7000",SessionID="0x7f02f876b078",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/77.247.109.72/5642",Challenge="78a247e7",ReceivedChallenge="78a247e7",ReceivedHash="e18b7ffffd428e6003483d5749d3255d" \[2019-07-09 11:13:15\] NOTICE\[13443\] chan_sip.c: Registration from '"7000" \' failed for '77.247.109.72:5642' - Wrong password \[2019-07-09 11:13:15\] SECURITY\[13451\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-07-09T11:13:15.338-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="7000",SessionID="0x7f02f81c5a28",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV	2019-07-09 23:33:15
94.60.153.246	attack	Honeypot attack, port: 23, PTR: 246.153.60.94.rev.vodafone.pt.	2019-07-09 22:43:37
86.127.46.2	attackspambots	Honeypot attack, port: 23, PTR: 86-127-46-2.rdsnet.ro.	2019-07-09 22:44:07
188.40.149.68	attackspambots	Jul 9 15:13:27 server658 sshd[18258]: Did not receive identification string from 188.40.149.68 Jul 9 15:14:14 server658 sshd[18260]: Invalid user oracle from 188.40.149.68 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=188.40.149.68	2019-07-09 22:43:02
200.119.204.59	attackspam	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-08 16:31:15,346 INFO [shellcode_manager] (200.119.204.59) no match, writing hexdump (ced145d0bb500c83037060375e9b7064 :2052332) - MS17010 (EternalBlue)	2019-07-09 22:44:50
167.86.117.95	attackspam	SSH Server BruteForce Attack	2019-07-09 23:43:06
141.144.120.163	attackspambots	Jul 9 15:37:26 lnxweb61 sshd[21519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.144.120.163 Jul 9 15:37:28 lnxweb61 sshd[21519]: Failed password for invalid user eric from 141.144.120.163 port 45969 ssh2 Jul 9 15:42:01 lnxweb61 sshd[25564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.144.120.163	2019-07-09 23:39:50
156.211.129.169	attack	Jul 9 15:36:53 keyhelp sshd[29684]: Invalid user admin from 156.211.129.169 Jul 9 15:36:53 keyhelp sshd[29684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=156.211.129.169 Jul 9 15:36:54 keyhelp sshd[29684]: Failed password for invalid user admin from 156.211.129.169 port 56860 ssh2 Jul 9 15:36:55 keyhelp sshd[29684]: Connection closed by 156.211.129.169 port 56860 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=156.211.129.169	2019-07-09 23:51:23
194.244.0.60	attackbotsspam	Automatic report - Web App Attack	2019-07-09 22:27:50
69.94.159.243	attackspambots	Jul 9 15:42:09 server postfix/smtpd[2429]: NOQUEUE: reject: RCPT from pin.v9-radardetektor-ro.com[69.94.159.243]: 554 5.7.1 Service unavailable; Client host [69.94.159.243] blocked using zen.spamhaus.org; https://www.spamhaus.org/sbl/query/SBLCSS; from= to= proto=ESMTP helo=	2019-07-09 23:34:34
77.42.117.78	attackspam	DATE:2019-07-09 15:43:10, IP:77.42.117.78, PORT:telnet - Telnet brute force auth on a honeypot server (epe-dc)	2019-07-09 23:04:26

最近上报的IP列表

85.6.235.45	88.86.213.66	101.120.69.248	209.141.32.104
1.31.24.225	97.216.8.155	182.138.137.90	180.111.164.44
56.136.138.233	116.237.195.225	175.184.167.138	235.20.139.31
64.125.71.215	171.34.178.240	101.113.43.145	149.129.110.113
72.58.7.147	223.118.236.226	124.235.138.33	99.33.58.49