31.173.80.106 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Russian Federation

运营商(isp): PJSC MegaFon

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	1597235979 - 08/12/2020 14:39:39 Host: 31.173.80.106/31.173.80.106 Port: 445 TCP Blocked	2020-08-13 00:55:38

相同子网IP讨论:

IP	类型	评论内容	时间
31.173.80.182	attack	Unauthorized connection attempt from IP address 31.173.80.182 on Port 445(SMB)	2020-04-01 02:04:42
31.173.80.48	attack	Mar 29 14:36:39 mxgate1 postfix/postscreen[1093]: CONNECT from [31.173.80.48]:15545 to [176.31.12.44]:25 Mar 29 14:36:40 mxgate1 postfix/dnsblog[1105]: addr 31.173.80.48 listed by domain b.barracudacentral.org as 127.0.0.2 Mar 29 14:36:40 mxgate1 postfix/dnsblog[1103]: addr 31.173.80.48 listed by domain zen.spamhaus.org as 127.0.0.3 Mar 29 14:36:40 mxgate1 postfix/dnsblog[1103]: addr 31.173.80.48 listed by domain zen.spamhaus.org as 127.0.0.4 Mar 29 14:36:40 mxgate1 postfix/dnsblog[1103]: addr 31.173.80.48 listed by domain zen.spamhaus.org as 127.0.0.11 Mar 29 14:36:40 mxgate1 postfix/dnsblog[1106]: addr 31.173.80.48 listed by domain cbl.abuseat.org as 127.0.0.2 Mar 29 14:36:45 mxgate1 postfix/postscreen[1093]: DNSBL rank 4 for [31.173.80.48]:15545 Mar 29 14:36:46 mxgate1 postfix/tlsproxy[1124]: CONNECT from [31.173.80.48]:15545 Mar x@x Mar 29 14:36:47 mxgate1 postfix/tlsproxy[1124]: DISCONNECT [31.173.80.48]:15545 Mar 29 14:36:47 mxgate1 postfix/postscreen[1093]: HANGU........ -------------------------------	2020-03-30 05:00:50

类型

评论内容

时间

31.173.80.182

attack

Unauthorized connection attempt from IP address 31.173.80.182 on Port 445(SMB)

2020-04-01 02:04:42

31.173.80.48

attack

Mar 29 14:36:39 mxgate1 postfix/postscreen[1093]: CONNECT from [31.173.80.48]:15545 to [176.31.12.44]:25
Mar 29 14:36:40 mxgate1 postfix/dnsblog[1105]: addr 31.173.80.48 listed by domain b.barracudacentral.org as 127.0.0.2
Mar 29 14:36:40 mxgate1 postfix/dnsblog[1103]: addr 31.173.80.48 listed by domain zen.spamhaus.org as 127.0.0.3
Mar 29 14:36:40 mxgate1 postfix/dnsblog[1103]: addr 31.173.80.48 listed by domain zen.spamhaus.org as 127.0.0.4
Mar 29 14:36:40 mxgate1 postfix/dnsblog[1103]: addr 31.173.80.48 listed by domain zen.spamhaus.org as 127.0.0.11
Mar 29 14:36:40 mxgate1 postfix/dnsblog[1106]: addr 31.173.80.48 listed by domain cbl.abuseat.org as 127.0.0.2
Mar 29 14:36:45 mxgate1 postfix/postscreen[1093]: DNSBL rank 4 for [31.173.80.48]:15545
Mar 29 14:36:46 mxgate1 postfix/tlsproxy[1124]: CONNECT from [31.173.80.48]:15545
Mar x@x
Mar 29 14:36:47 mxgate1 postfix/tlsproxy[1124]: DISCONNECT [31.173.80.48]:15545
Mar 29 14:36:47 mxgate1 postfix/postscreen[1093]: HANGU........
-------------------------------

2020-03-30 05:00:50

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 31.173.80.106
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1061
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;31.173.80.106.			IN	A

;; AUTHORITY SECTION:
.			580	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020081201 1800 900 604800 86400

;; Query time: 29 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Aug 13 00:55:32 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

Host 106.80.173.31.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 106.80.173.31.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
124.248.216.219	attack	IP blocked	2020-02-04 09:02:20
110.137.176.92	attack	20/2/3@19:06:11: FAIL: Alarm-Network address from=110.137.176.92 20/2/3@19:06:12: FAIL: Alarm-Network address from=110.137.176.92 ...	2020-02-04 09:25:13
138.255.144.87	attack	Feb 4 01:06:18 grey postfix/smtpd\[5530\]: NOQUEUE: reject: RCPT from unknown\[138.255.144.87\]: 554 5.7.1 Service unavailable\; Client host \[138.255.144.87\] blocked using cbl.abuseat.org\; Blocked - see http://www.abuseat.org/lookup.cgi\?ip=138.255.144.87\; from=\ to=\ proto=ESMTP helo=\<\[138.255.144.87\]\> ...	2020-02-04 09:21:16
181.1.55.11	attack	Lines containing failures of 181.1.55.11 Feb 4 00:46:23 shared02 sshd[6011]: Invalid user supervisor from 181.1.55.11 port 59434 Feb 4 00:46:23 shared02 sshd[6011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.1.55.11 Feb 4 00:46:25 shared02 sshd[6011]: Failed password for invalid user supervisor from 181.1.55.11 port 59434 ssh2 Feb 4 00:46:26 shared02 sshd[6011]: Connection closed by invalid user supervisor 181.1.55.11 port 59434 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=181.1.55.11	2020-02-04 09:09:48
198.143.155.140	attackspam	02/03/2020-19:07:09.823806 198.143.155.140 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-02-04 08:45:04
49.88.112.71	attackspambots	Feb 4 00:06:57 localhost sshd\[14528\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.71 user=root Feb 4 00:07:00 localhost sshd\[14528\]: Failed password for root from 49.88.112.71 port 19958 ssh2 Feb 4 00:07:02 localhost sshd\[14528\]: Failed password for root from 49.88.112.71 port 19958 ssh2 ...	2020-02-04 08:48:38
69.94.158.117	attackspam	Feb 4 01:06:33 exim[8131]: [1\53] 1iyljb-000279-MA H=barometer.swingthelamp.com (barometer.ecuawif.com) [69.94.158.117] F= rejected after DATA: This message scored 101.6 spam points.	2020-02-04 08:47:01
120.244.56.77	attack	sshd jail - ssh hack attempt	2020-02-04 09:18:39
181.223.246.66	attackbots	trying to access non-authorized port	2020-02-04 09:17:42
123.234.165.49	attackbots	MIRAI HOST Mon Feb 3 17:06:41 2020 - Child process 35817 handling connection Mon Feb 3 17:06:41 2020 - New connection from: 123.234.165.49:44609 Mon Feb 3 17:06:41 2020 - Sending data to client: [Login: ] Mon Feb 3 17:06:41 2020 - Got data: root Mon Feb 3 17:06:42 2020 - Sending data to client: [Password: ] Mon Feb 3 17:06:43 2020 - Got data: 00000000 Mon Feb 3 17:06:45 2020 - Child 35818 granting shell Mon Feb 3 17:06:45 2020 - Child 35817 exiting Mon Feb 3 17:06:45 2020 - Sending data to client: [Logged in] Mon Feb 3 17:06:45 2020 - Sending data to client: [Welcome to MX990 Embedded Linux] Mon Feb 3 17:06:45 2020 - Sending data to client: [[root@dvrdvs /]# ] Mon Feb 3 17:06:45 2020 - Got data: enable system shell sh Mon Feb 3 17:06:45 2020 - Sending data to client: [Command not found] Mon Feb 3 17:06:45 2020 - Sending data to client: [[root@dvrdvs /]# ] Mon Feb 3 17:06:46 2020 - Got data: cat /proc/mounts; /bin/busybox LIYWY Mon Feb 3 17:06:46 2020 - Sending data to clien	2020-02-04 08:52:28
146.88.240.4	attack	146.88.240.4 was recorded 26 times by 13 hosts attempting to connect to the following ports: 19,47808,3283. Incident counter (4h, 24h, all-time): 26, 247, 48304	2020-02-04 08:43:44
180.150.66.88	attack	Feb 4 01:12:52 lnxmysql61 sshd[4790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.150.66.88	2020-02-04 09:07:02
187.76.236.242	attack	1580774786 - 02/04/2020 01:06:26 Host: 187.76.236.242/187.76.236.242 Port: 445 TCP Blocked	2020-02-04 09:14:57
136.232.106.58	attackspam	Feb 4 01:12:24 mail sshd[11860]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=136.232.106.58 Feb 4 01:12:26 mail sshd[11860]: Failed password for invalid user chloe from 136.232.106.58 port 54085 ssh2 Feb 4 01:18:50 mail sshd[12985]: Failed password for root from 136.232.106.58 port 54039 ssh2	2020-02-04 08:54:40
178.165.72.177	attack	Feb 4 01:04:36 v22019058497090703 sshd[13172]: Failed password for root from 178.165.72.177 port 54276 ssh2 ...	2020-02-04 08:48:03

最近上报的IP列表

178.19.182.43	178.19.175.245	178.19.158.165	149.129.227.5
140.148.249.67	138.75.47.224	124.202.208.122	119.115.205.233
116.96.238.228	114.29.105.13	111.248.16.153	105.96.57.44
103.142.218.2	95.54.39.74	91.240.118.4	91.144.21.200
91.124.36.20	86.34.243.21	80.13.210.119	78.188.235.212