42.119.201.40 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Viet Nam

运营商(isp): FPT Telecom Company

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Fixed Line ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Unauthorised access (Jun 7) SRC=42.119.201.40 LEN=52 TTL=108 ID=20495 DF TCP DPT=445 WINDOW=8192 SYN	2020-06-08 02:31:18

相同子网IP讨论:

IP	类型	评论内容	时间
42.119.201.181	attackspam	(Oct 3) LEN=40 TTL=47 ID=47178 TCP DPT=8080 WINDOW=32533 SYN (Oct 2) LEN=40 TTL=47 ID=34886 TCP DPT=8080 WINDOW=32533 SYN (Oct 2) LEN=40 TTL=47 ID=19517 TCP DPT=8080 WINDOW=23861 SYN (Oct 2) LEN=40 TTL=47 ID=17855 TCP DPT=8080 WINDOW=18477 SYN (Oct 1) LEN=40 TTL=47 ID=6355 TCP DPT=8080 WINDOW=23861 SYN (Oct 1) LEN=40 TTL=47 ID=29727 TCP DPT=8080 WINDOW=63148 SYN (Oct 1) LEN=40 TTL=47 ID=30662 TCP DPT=8080 WINDOW=23861 SYN (Oct 1) LEN=40 TTL=47 ID=14700 TCP DPT=8080 WINDOW=63148 SYN (Oct 1) LEN=40 TTL=47 ID=43390 TCP DPT=8080 WINDOW=32533 SYN (Oct 1) LEN=40 TTL=47 ID=49416 TCP DPT=8080 WINDOW=32533 SYN (Sep 30) LEN=40 TTL=43 ID=7115 TCP DPT=8080 WINDOW=32533 SYN (Sep 30) LEN=40 TTL=43 ID=35 TCP DPT=8080 WINDOW=63148 SYN (Sep 30) LEN=40 TTL=48 ID=27801 TCP DPT=8080 WINDOW=23861 SYN (Sep 30) LEN=40 TTL=47 ID=14719 TCP DPT=8080 WINDOW=18477 SYN	2019-10-03 08:08:16

类型

评论内容

时间

42.119.201.181

attackspam

(Oct  3)  LEN=40 TTL=47 ID=47178 TCP DPT=8080 WINDOW=32533 SYN 
 (Oct  2)  LEN=40 TTL=47 ID=34886 TCP DPT=8080 WINDOW=32533 SYN 
 (Oct  2)  LEN=40 TTL=47 ID=19517 TCP DPT=8080 WINDOW=23861 SYN 
 (Oct  2)  LEN=40 TTL=47 ID=17855 TCP DPT=8080 WINDOW=18477 SYN 
 (Oct  1)  LEN=40 TTL=47 ID=6355 TCP DPT=8080 WINDOW=23861 SYN 
 (Oct  1)  LEN=40 TTL=47 ID=29727 TCP DPT=8080 WINDOW=63148 SYN 
 (Oct  1)  LEN=40 TTL=47 ID=30662 TCP DPT=8080 WINDOW=23861 SYN 
 (Oct  1)  LEN=40 TTL=47 ID=14700 TCP DPT=8080 WINDOW=63148 SYN 
 (Oct  1)  LEN=40 TTL=47 ID=43390 TCP DPT=8080 WINDOW=32533 SYN 
 (Oct  1)  LEN=40 TTL=47 ID=49416 TCP DPT=8080 WINDOW=32533 SYN 
 (Sep 30)  LEN=40 TTL=43 ID=7115 TCP DPT=8080 WINDOW=32533 SYN 
 (Sep 30)  LEN=40 TTL=43 ID=35 TCP DPT=8080 WINDOW=63148 SYN 
 (Sep 30)  LEN=40 TTL=48 ID=27801 TCP DPT=8080 WINDOW=23861 SYN 
 (Sep 30)  LEN=40 TTL=47 ID=14719 TCP DPT=8080 WINDOW=18477 SYN

2019-10-03 08:08:16

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.119.201.40
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2658
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.119.201.40.			IN	A

;; AUTHORITY SECTION:
.			308	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020060701 1800 900 604800 86400

;; Query time: 58 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Jun 08 02:31:14 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

Host 40.201.119.42.in-addr.arpa not found: 2(SERVFAIL)

NSLOOKUP信息:

;; Got SERVFAIL reply from 183.60.83.19, trying next server
Server:		183.60.82.98
Address:	183.60.82.98#53

** server can't find 40.201.119.42.in-addr.arpa: SERVFAIL

最新评论:

IP	类型	评论内容	时间
198.96.155.3	attackbotsspam	Unauthorized SSH login attempts	2020-07-10 16:20:18
45.61.142.140	attackspam	SYN FLOOD ATTACK SINCE YESTERDAY 07/10/2020-10:50:06.783825 [] [1:2210023:2] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK [] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} ***:80 -> 45.61.142.140:9978 07/10/2020-10:50:10.816101 [] [1:2210023:2] SURICATA STREAM ESTABLISHED SYNACK resend with different ACK [] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} ***:80 -> 45.61.142.140:9978	2020-07-10 15:58:49
74.102.43.30	attack	Icarus honeypot on github	2020-07-10 16:10:30
14.202.193.117	attack	Brute-force general attack.	2020-07-10 15:44:00
35.185.51.208	attack	35.185.51.208 - - [10/Jul/2020:06:00:40 +0200] "POST /xmlrpc.php HTTP/1.1" 403 146 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 35.185.51.208 - - [10/Jul/2020:06:26:55 +0200] "POST /xmlrpc.php HTTP/1.1" 403 146 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-07-10 16:25:30
52.177.17.190	attackbots	(mod_security) mod_security (id:210492) triggered by 52.177.17.190 (US/United States/-): 5 in the last 300 secs	2020-07-10 16:21:57
190.129.47.148	attackbotsspam	Icarus honeypot on github	2020-07-10 15:46:29
79.137.72.121	attack	Jul 10 06:50:32 plex-server sshd[1170942]: Invalid user dorms from 79.137.72.121 port 54084 Jul 10 06:50:32 plex-server sshd[1170942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=79.137.72.121 Jul 10 06:50:32 plex-server sshd[1170942]: Invalid user dorms from 79.137.72.121 port 54084 Jul 10 06:50:34 plex-server sshd[1170942]: Failed password for invalid user dorms from 79.137.72.121 port 54084 ssh2 Jul 10 06:53:52 plex-server sshd[1171271]: Invalid user giuliana from 79.137.72.121 port 50468 ...	2020-07-10 16:06:55
203.196.142.228	attackspam	Jul 10 05:40:02 Ubuntu-1404-trusty-64-minimal sshd\[4172\]: Invalid user hdfs from 203.196.142.228 Jul 10 05:40:02 Ubuntu-1404-trusty-64-minimal sshd\[4172\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.196.142.228 Jul 10 05:40:05 Ubuntu-1404-trusty-64-minimal sshd\[4172\]: Failed password for invalid user hdfs from 203.196.142.228 port 47951 ssh2 Jul 10 05:59:52 Ubuntu-1404-trusty-64-minimal sshd\[13914\]: Invalid user naoki from 203.196.142.228 Jul 10 05:59:52 Ubuntu-1404-trusty-64-minimal sshd\[13914\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.196.142.228	2020-07-10 16:18:29
190.146.184.215	attackspambots	Jul 10 05:53:21 db sshd[4914]: Invalid user mora from 190.146.184.215 port 59054 ...	2020-07-10 15:44:27
185.143.73.203	attackbots	Jul 10 09:54:52 srv01 postfix/smtpd\[20111\]: warning: unknown\[185.143.73.203\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 10 09:55:29 srv01 postfix/smtpd\[3722\]: warning: unknown\[185.143.73.203\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 10 09:56:08 srv01 postfix/smtpd\[3722\]: warning: unknown\[185.143.73.203\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 10 09:56:46 srv01 postfix/smtpd\[13999\]: warning: unknown\[185.143.73.203\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 10 09:57:23 srv01 postfix/smtpd\[13314\]: warning: unknown\[185.143.73.203\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-07-10 16:02:39
132.145.101.248	attackspam	From CCTV User Interface Log ...::ffff:132.145.101.248 - - [09/Jul/2020:23:52:53 +0000] "-" 400 179 ...	2020-07-10 16:03:14
77.95.141.169	attackbotsspam	77.95.141.169 - - [09/Jul/2020:20:54:56 +1000] "POST /wp-login.php HTTP/1.1" 200 1925 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 77.95.141.169 - - [09/Jul/2020:20:54:58 +1000] "POST /wp-login.php HTTP/1.1" 200 1908 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 77.95.141.169 - - [10/Jul/2020:11:19:59 +1000] "POST /wp-login.php HTTP/1.0" 200 6261 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 77.95.141.169 - - [10/Jul/2020:14:35:49 +1000] "POST /wp-login.php HTTP/1.0" 200 6347 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 77.95.141.169 - - [10/Jul/2020:16:26:00 +1000] "POST /wp-login.php HTTP/1.0" 200 6347 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-07-10 16:11:26
101.132.133.125	attack	$f2bV_matches	2020-07-10 16:13:16
192.241.237.172	attackbots	07/10/2020-01:17:50.349321 192.241.237.172 Protocol: 6 ET SCAN Suspicious inbound to Oracle SQL port 1521	2020-07-10 16:11:59

最近上报的IP列表

218.80.252.84	122.170.116.190	64.237.231.59	92.150.31.71
66.168.214.170	171.226.171.52	36.79.132.163	177.209.61.207
116.108.168.230	117.50.77.220	111.251.10.9	3.15.200.74
200.215.219.246	183.88.240.192	14.169.217.191	185.204.209.247
185.134.168.1	177.177.141.164	185.78.16.224	140.10.214.57