42.118.52.231 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Viet Nam

运营商(isp): FPT Telecom Company

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Fixed Line ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	Unauthorized connection attempt from IP address 42.118.52.231 on Port 445(SMB)	2019-06-28 20:39:49

相同子网IP讨论:

IP	类型	评论内容	时间
42.118.52.147	attackspambots	Attempt to attack host OS, exploiting network vulnerabilities, on 15-10-2019 04:50:23.	2019-10-15 14:53:48
42.118.52.190	attackspambots	Attempt to attack host OS, exploiting network vulnerabilities, on 28-09-2019 04:51:21.	2019-09-28 16:20:29
42.118.52.128	attack	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-05 16:17:44,536 INFO [shellcode_manager] (42.118.52.128) no match, writing hexdump (14a08f663ca68fd40464e2a8e8776c48 :2246455) - MS17010 (EternalBlue)	2019-07-06 03:33:12

类型

评论内容

时间

42.118.52.147

attackspambots

Attempt to attack host OS, exploiting network vulnerabilities, on 15-10-2019 04:50:23.

2019-10-15 14:53:48

42.118.52.190

attackspambots

Attempt to attack host OS, exploiting network vulnerabilities, on 28-09-2019 04:51:21.

2019-09-28 16:20:29

42.118.52.128

attack

@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-05 16:17:44,536 INFO [shellcode_manager] (42.118.52.128) no match, writing hexdump (14a08f663ca68fd40464e2a8e8776c48 :2246455) - MS17010 (EternalBlue)

2019-07-06 03:33:12

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.118.52.231
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15857
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.118.52.231.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019062800 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Jun 28 20:39:41 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

Host 231.52.118.42.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 231.52.118.42.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
104.244.230.210	attackbotsspam	Host Scan	2019-12-05 19:51:39
145.239.42.107	attackspam	SSH brute-force: detected 33 distinct usernames within a 24-hour window.	2019-12-05 19:57:58
51.254.33.188	attack	Dec 5 11:50:10 venus sshd\[6467\]: Invalid user peltier from 51.254.33.188 port 55088 Dec 5 11:50:10 venus sshd\[6467\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.254.33.188 Dec 5 11:50:13 venus sshd\[6467\]: Failed password for invalid user peltier from 51.254.33.188 port 55088 ssh2 ...	2019-12-05 19:50:27
51.68.190.223	attack	$f2bV_matches	2019-12-05 19:41:54
118.24.83.41	attackspam	Dec 5 11:29:14 hcbbdb sshd\[11916\]: Invalid user apache from 118.24.83.41 Dec 5 11:29:14 hcbbdb sshd\[11916\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.83.41 Dec 5 11:29:16 hcbbdb sshd\[11916\]: Failed password for invalid user apache from 118.24.83.41 port 35066 ssh2 Dec 5 11:36:05 hcbbdb sshd\[12676\]: Invalid user terrariaserver from 118.24.83.41 Dec 5 11:36:05 hcbbdb sshd\[12676\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.83.41	2019-12-05 19:41:21
185.65.244.172	attackbotsspam	2019-12-05T04:14:27.698388ns547587 sshd\[8141\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=vps-32391.vps-default-host.net user=root 2019-12-05T04:14:29.844147ns547587 sshd\[8141\]: Failed password for root from 185.65.244.172 port 50402 ssh2 2019-12-05T04:22:38.544892ns547587 sshd\[11260\]: Invalid user server from 185.65.244.172 port 33102 2019-12-05T04:22:38.550702ns547587 sshd\[11260\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=vps-32391.vps-default-host.net ...	2019-12-05 19:38:14
212.129.140.89	attackbotsspam	Dec 5 02:15:12 TORMINT sshd\[28087\]: Invalid user cbrown from 212.129.140.89 Dec 5 02:15:12 TORMINT sshd\[28087\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.129.140.89 Dec 5 02:15:15 TORMINT sshd\[28087\]: Failed password for invalid user cbrown from 212.129.140.89 port 47912 ssh2 ...	2019-12-05 19:50:40
103.104.49.134	attack	TCP Port Scanning	2019-12-05 20:00:38
197.0.57.122	attackbotsspam	TCP Port Scanning	2019-12-05 19:56:02
103.125.191.45	attack	They tried to acces my yahoo mail address !	2019-12-05 19:53:09
59.148.173.231	attackspam	Dec 5 12:15:23 sbg01 sshd[14447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.148.173.231 Dec 5 12:15:25 sbg01 sshd[14447]: Failed password for invalid user named from 59.148.173.231 port 46206 ssh2 Dec 5 12:21:05 sbg01 sshd[14473]: Failed password for root from 59.148.173.231 port 54852 ssh2	2019-12-05 19:48:03
104.248.149.130	attackbots	Lines containing failures of 104.248.149.130 Dec 4 03:15:55 mailserver sshd[6274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.149.130 user=r.r Dec 4 03:15:57 mailserver sshd[6274]: Failed password for r.r from 104.248.149.130 port 51256 ssh2 Dec 4 03:15:57 mailserver sshd[6274]: Received disconnect from 104.248.149.130 port 51256:11: Bye Bye [preauth] Dec 4 03:15:57 mailserver sshd[6274]: Disconnected from authenticating user r.r 104.248.149.130 port 51256 [preauth] Dec 4 03:25:55 mailserver sshd[7364]: Invalid user admin from 104.248.149.130 port 54382 Dec 4 03:25:55 mailserver sshd[7364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.149.130 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=104.248.149.130	2019-12-05 20:02:00
51.77.185.73	attack	Web bot pretended to be a good bot (identified based on gethostbyaddr)	2019-12-05 19:19:43
196.43.196.108	attack	Invalid user rony from 196.43.196.108 port 59044 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.43.196.108 Failed password for invalid user rony from 196.43.196.108 port 59044 ssh2 Invalid user kundrotas from 196.43.196.108 port 55816 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.43.196.108	2019-12-05 19:57:04
62.234.91.113	attackbotsspam	Dec 5 12:07:31 vps666546 sshd\[2350\]: Invalid user patin from 62.234.91.113 port 43206 Dec 5 12:07:31 vps666546 sshd\[2350\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.91.113 Dec 5 12:07:34 vps666546 sshd\[2350\]: Failed password for invalid user patin from 62.234.91.113 port 43206 ssh2 Dec 5 12:14:07 vps666546 sshd\[2668\]: Invalid user test from 62.234.91.113 port 45719 Dec 5 12:14:07 vps666546 sshd\[2668\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.234.91.113 ...	2019-12-05 19:39:18

最近上报的IP列表

171.237.26.126	66.249.64.153	110.77.217.210	204.111.134.200
125.234.129.74	103.66.78.170	180.183.17.60	108.167.200.217
157.55.39.92	177.11.167.42	148.240.178.132	183.91.4.105
27.72.56.102	59.99.165.37	217.118.79.46	112.78.134.131
129.156.118.57	114.36.227.8	123.154.93.187	46.175.76.227