42.4.251.20 - IPInfo

基本信息:

城市(city): unknown

省份(region): Liaoning

国家(country): China

运营商(isp): Unicom Liaoning Province Network

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	DATE:2020-02-02 16:06:54, IP:42.4.251.20, PORT:telnet Telnet brute force auth on honeypot server (honey-neo-dc)	2020-02-03 04:53:27

相同子网IP讨论:

暂无关于此IP所属子网相关IP的讨论.

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 42.4.251.20
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 53561
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;42.4.251.20.			IN	A

;; AUTHORITY SECTION:
.			399	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020020201 1800 900 604800 86400

;; Query time: 68 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Feb 03 04:53:24 CST 2020
;; MSG SIZE  rcvd: 115

HOST信息:

Host 20.251.4.42.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 20.251.4.42.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
45.95.168.164	attackbotsspam	smtp probe/invalid login attempt	2020-04-23 12:36:43
183.129.141.30	attack	Apr 22 18:35:09 wbs sshd\[15476\]: Invalid user cv from 183.129.141.30 Apr 22 18:35:09 wbs sshd\[15476\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.129.141.30 Apr 22 18:35:11 wbs sshd\[15476\]: Failed password for invalid user cv from 183.129.141.30 port 46374 ssh2 Apr 22 18:39:35 wbs sshd\[15773\]: Invalid user admin from 183.129.141.30 Apr 22 18:39:35 wbs sshd\[15773\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.129.141.30	2020-04-23 12:47:53
146.88.240.4	attack	Apr 23 06:34:30 debian-2gb-nbg1-2 kernel: \[9875420.800747\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=146.88.240.4 DST=195.201.40.59 LEN=34 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=UDP SPT=5093 DPT=5093 LEN=14	2020-04-23 12:38:33
128.199.165.53	attackspambots	Apr 23 06:09:13 OPSO sshd\[6558\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.165.53 user=root Apr 23 06:09:15 OPSO sshd\[6558\]: Failed password for root from 128.199.165.53 port 40239 ssh2 Apr 23 06:13:48 OPSO sshd\[7552\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.165.53 user=root Apr 23 06:13:49 OPSO sshd\[7552\]: Failed password for root from 128.199.165.53 port 44372 ssh2 Apr 23 06:18:20 OPSO sshd\[8502\]: Invalid user ftpuser1 from 128.199.165.53 port 48507 Apr 23 06:18:20 OPSO sshd\[8502\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.165.53	2020-04-23 12:20:38
106.12.56.126	attackbotsspam	Apr 23 05:48:35 ns382633 sshd\[12725\]: Invalid user yg from 106.12.56.126 port 53220 Apr 23 05:48:35 ns382633 sshd\[12725\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.56.126 Apr 23 05:48:37 ns382633 sshd\[12725\]: Failed password for invalid user yg from 106.12.56.126 port 53220 ssh2 Apr 23 05:55:45 ns382633 sshd\[14206\]: Invalid user zi from 106.12.56.126 port 35190 Apr 23 05:55:45 ns382633 sshd\[14206\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.56.126	2020-04-23 12:30:34
49.233.81.191	attackspam	(sshd) Failed SSH login from 49.233.81.191 (CN/China/-): 5 in the last 3600 secs	2020-04-23 12:21:55
213.180.203.143	attackbots	[Thu Apr 23 10:55:55.295400 2020] [:error] [pid 1385:tid 140011974424320] [client 213.180.203.143:62826] [client 213.180.203.143] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "XqERy0zRDYCvRusdpssivgAAA1g"] ...	2020-04-23 12:19:59
64.225.25.59	attackspam	Fail2Ban - SSH Bruteforce Attempt	2020-04-23 12:49:33
168.128.86.35	attackbotsspam	$f2bV_matches	2020-04-23 12:49:47
183.88.243.179	attack	Brute force attempt	2020-04-23 12:37:39
5.196.201.7	attackbots	Apr 23 04:58:56 mail postfix/smtpd\[28278\]: warning: unknown\[5.196.201.7\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Apr 23 05:08:18 mail postfix/smtpd\[28490\]: warning: unknown\[5.196.201.7\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Apr 23 05:17:49 mail postfix/smtpd\[28473\]: warning: unknown\[5.196.201.7\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Apr 23 05:55:53 mail postfix/smtpd\[29188\]: warning: unknown\[5.196.201.7\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\	2020-04-23 12:23:39
210.18.159.82	attackbots	DATE:2020-04-23 05:55:45, IP:210.18.159.82, PORT:ssh SSH brute force auth (docker-dc)	2020-04-23 12:29:39
183.88.209.26	attack	Distributed brute force attack	2020-04-23 12:54:12
171.231.244.12	attack	Attempted to login into my email	2020-04-23 12:53:53
115.238.129.140	attack	Apr 23 05:55:51 debian-2gb-nbg1-2 kernel: \[9873102.191323\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=115.238.129.140 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=12772 PROTO=TCP SPT=50151 DPT=13080 WINDOW=1024 RES=0x00 SYN URGP=0	2020-04-23 12:24:58

最近上报的IP列表

31.52.160.236	96.30.254.242	177.79.86.28	185.227.6.108
159.158.79.217	141.101.15.130	175.32.235.180	37.49.226.108
185.185.31.36	37.49.226.5	44.203.39.144	107.121.96.108
151.45.222.128	72.78.59.183	183.141.180.128	82.79.140.105
162.186.189.151	191.163.116.131	82.168.254.33	99.196.15.121