2400:dd0d:2000:0:7966:fdff:74a1:4ba3

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): China Science and Technology Network

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Fixed Line ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	The IP has triggered Cloudflare WAF. CF-Ray: 541336144a84bca8 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: api.skk.moe \| User-Agent: Mozilla/5.0 (iPad; CPU OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1 \| CF_DC: SEA. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 06:18:02

类型

评论内容

时间

attackspam

The IP has triggered Cloudflare WAF. CF-Ray: 541336144a84bca8 | WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 | WAF_Kind: firewall | CF_Action: challenge | Country: CN | CF_IPClass: noRecord | Protocol: HTTP/1.1 | Method: GET | Host: api.skk.moe | User-Agent: Mozilla/5.0 (iPad; CPU OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1 | CF_DC: SEA. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-08 06:18:02

相同子网IP讨论:

暂无关于此IP所属子网相关IP的讨论.

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 2400:dd0d:2000:0:7966:fdff:74a1:4ba3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26106
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;2400:dd0d:2000:0:7966:fdff:74a1:4ba3. IN A

;; AUTHORITY SECTION:
.			10800	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019120701 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 100.100.2.136#53(100.100.2.136)
;; WHEN: Sun Dec 08 06:21:30 CST 2019
;; MSG SIZE  rcvd: 140

HOST信息:

Host 3.a.b.4.1.a.4.7.f.f.d.f.6.6.9.7.0.0.0.0.0.0.0.2.d.0.d.d.0.0.4.2.ip6.arpa not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 3.a.b.4.1.a.4.7.f.f.d.f.6.6.9.7.0.0.0.0.0.0.0.2.d.0.d.d.0.0.4.2.ip6.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
51.68.181.121	attackspambots	[2020-05-08 17:19:21] NOTICE[1157] chan_sip.c: Registration from '' failed for '51.68.181.121:54446' - Wrong password [2020-05-08 17:19:21] SECURITY[1173] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-05-08T17:19:21.353-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="260",SessionID="0x7f5f100266a8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/51.68.181.121/54446",Challenge="205086a3",ReceivedChallenge="205086a3",ReceivedHash="7219b432035bf9d9bc95b571a8af2a2a" [2020-05-08 17:23:37] NOTICE[1157] chan_sip.c: Registration from '' failed for '51.68.181.121:61364' - Wrong password [2020-05-08 17:23:37] SECURITY[1173] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-05-08T17:23:37.608-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="9000",SessionID="0x7f5f100266a8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/51.68.181.121/6 ...	2020-05-09 05:28:50
195.162.81.89	attackbotsspam	firewall-block, port(s): 80/tcp	2020-05-09 05:34:21
175.207.29.235	attackspam	May 8 22:48:05 localhost sshd\[27849\]: Invalid user sk from 175.207.29.235 May 8 22:48:05 localhost sshd\[27849\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.207.29.235 May 8 22:48:07 localhost sshd\[27849\]: Failed password for invalid user sk from 175.207.29.235 port 40332 ssh2 May 8 22:51:17 localhost sshd\[28115\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.207.29.235 user=root May 8 22:51:18 localhost sshd\[28115\]: Failed password for root from 175.207.29.235 port 34204 ssh2 ...	2020-05-09 05:18:13
185.216.140.31	attackspambots	firewall-block, port(s): 8433/tcp	2020-05-09 05:37:01
54.36.150.17	attackbotsspam	[Sat May 09 03:50:58.009485 2020] [:error] [pid 6965:tid 139913174984448] [client 54.36.150.17:29774] [client 54.36.150.17] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "AhrefsBot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "183"] [id "913102"] [msg "Found User-Agent associated with web crawler/bot"] [data "Matched Data: AhrefsBot found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; ahrefsbot/6.1; +http://ahrefs.com/robot/)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-crawler"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/CRAWLER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/alamat/1789-klimatologi/agroklimatologi/kalender-tanam-katam-terpadu/kalender-tanam-katam ...	2020-05-09 05:11:54
198.11.142.20	attackspambots	198.11.142.20	2020-05-09 05:22:04
210.113.7.61	attackbotsspam	May 8 23:06:16 server sshd[1414]: Failed password for root from 210.113.7.61 port 59162 ssh2 May 8 23:09:14 server sshd[4064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.113.7.61 May 8 23:09:16 server sshd[4064]: Failed password for invalid user art from 210.113.7.61 port 49890 ssh2 ...	2020-05-09 05:12:26
45.55.86.19	attackbotsspam	SSH authentication failure x 6 reported by Fail2Ban ...	2020-05-09 05:04:58
45.14.150.52	attack	RO_Parfumuri Femei.com SRL_<177>1588971058 [1:2403348:57130] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 25 [Classification: Misc Attack] [Priority: 2]: {TCP} 45.14.150.52:46788	2020-05-09 05:10:27
198.23.59.78	attackspam	198.23.59.78 - - \[08/May/2020:23:08:56 +0200\] "POST /wp-login.php HTTP/1.0" 200 6524 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 198.23.59.78 - - \[08/May/2020:23:08:58 +0200\] "POST /wp-login.php HTTP/1.0" 200 6343 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 198.23.59.78 - - \[08/May/2020:23:09:00 +0200\] "POST /wp-login.php HTTP/1.0" 200 6347 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-05-09 05:20:44
196.52.43.90	attackbots	" "	2020-05-09 05:30:50
45.143.220.163	attackbotsspam	" "	2020-05-09 05:14:38
51.75.208.179	attackspam	May 8 22:49:05 ns382633 sshd\[12692\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.208.179 user=root May 8 22:49:07 ns382633 sshd\[12692\]: Failed password for root from 51.75.208.179 port 36710 ssh2 May 8 22:50:20 ns382633 sshd\[13213\]: Invalid user administrador from 51.75.208.179 port 42194 May 8 22:50:20 ns382633 sshd\[13213\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.208.179 May 8 22:50:22 ns382633 sshd\[13213\]: Failed password for invalid user administrador from 51.75.208.179 port 42194 ssh2	2020-05-09 05:36:45
54.36.148.33	attack	[Sat May 09 03:50:39.250483 2020] [:error] [pid 6964:tid 139913166591744] [client 54.36.148.33:56566] [client 54.36.148.33] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "AhrefsBot" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "183"] [id "913102"] [msg "Found User-Agent associated with web crawler/bot"] [data "Matched Data: AhrefsBot found within REQUEST_HEADERS:User-Agent: mozilla/5.0 (compatible; ahrefsbot/6.1; +http://ahrefs.com/robot/)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-crawler"] [tag "OWASP_CRS"] [tag "OWASP_CRS/AUTOMATION/CRAWLER"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/pelayanan-jasa/1638-klimatologi/agroklimatologi/kalender-tanam-katam-terpadu/kalender-tan ...	2020-05-09 05:26:23
79.105.92.4	attackspam	1588971022 - 05/08/2020 22:50:22 Host: 79.105.92.4/79.105.92.4 Port: 445 TCP Blocked	2020-05-09 05:36:13

最近上报的IP列表

182.138.162.253	175.42.1.201	171.12.10.95	150.255.2.207
69.44.9.4	124.235.138.172	123.191.157.96	119.178.186.39
24.152.180.215	119.39.46.34	118.140.196.134	117.60.206.168
117.14.145.176	116.252.2.233	113.200.72.202	113.58.227.15
113.24.85.14	111.224.7.10	111.206.222.137	111.206.221.11