43.254.125.162

基本信息:

城市(city): Jakarta

省份(region): Jakarta

国家(country): Indonesia

运营商(isp): PT. Palapa Media Indonesia

主机名(hostname): unknown

机构(organization): PT. Palapa Media Indonesia

使用类型(Usage Type): Fixed Line ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	2019-07-17T12:26:34.160781stt-1.[munged] kernel: [7412413.638541] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:97:36:58:84:78:ac:57:aa:c1:08:00 SRC=43.254.125.162 DST=[mungedIP1] LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=14180 DF PROTO=TCP SPT=52620 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 2019-07-17T12:26:37.163766stt-1.[munged] kernel: [7412416.641519] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:97:36:58:84:78:ac:57:aa:c1:08:00 SRC=43.254.125.162 DST=[mungedIP1] LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=14296 DF PROTO=TCP SPT=52620 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 2019-07-17T12:26:43.161277stt-1.[munged] kernel: [7412422.638984] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:97:36:58:84:78:ac:57:aa:c1:08:00 SRC=43.254.125.162 DST=[mungedIP1] LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=14437 DF PROTO=TCP SPT=52620 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0	2019-07-18 06:26:23

类型

评论内容

时间

attack

2019-07-17T12:26:34.160781stt-1.[munged] kernel: [7412413.638541] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:97:36:58:84:78:ac:57:aa:c1:08:00 SRC=43.254.125.162 DST=[mungedIP1] LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=14180 DF PROTO=TCP SPT=52620 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 
2019-07-17T12:26:37.163766stt-1.[munged] kernel: [7412416.641519] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:97:36:58:84:78:ac:57:aa:c1:08:00 SRC=43.254.125.162 DST=[mungedIP1] LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=14296 DF PROTO=TCP SPT=52620 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0 
2019-07-17T12:26:43.161277stt-1.[munged] kernel: [7412422.638984] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:97:36:58:84:78:ac:57:aa:c1:08:00 SRC=43.254.125.162 DST=[mungedIP1] LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=14437 DF PROTO=TCP SPT=52620 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0

2019-07-18 06:26:23

相同子网IP讨论:

暂无关于此IP所属子网相关IP的讨论.

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 43.254.125.162
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50117
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;43.254.125.162.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019071701 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu Jul 18 06:26:16 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

162.125.254.43.in-addr.arpa has no PTR record

NSLOOKUP信息:

Server:		183.60.82.98
Address:	183.60.82.98#53

Non-authoritative answer:
*** Can't find 162.125.254.43.in-addr.arpa.: No answer

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
54.38.36.210	attackbots	Oct 29 20:26:05 tdfoods sshd\[10759\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.36.210 user=root Oct 29 20:26:07 tdfoods sshd\[10759\]: Failed password for root from 54.38.36.210 port 41566 ssh2 Oct 29 20:30:04 tdfoods sshd\[11087\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.36.210 user=root Oct 29 20:30:06 tdfoods sshd\[11087\]: Failed password for root from 54.38.36.210 port 51652 ssh2 Oct 29 20:34:01 tdfoods sshd\[11394\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.36.210 user=root	2019-10-30 18:38:25
61.19.247.121	attackspam	$f2bV_matches	2019-10-30 18:45:25
152.250.135.171	attack	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/152.250.135.171/ BR - 1H : (416) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : BR NAME ASN : ASN27699 IP : 152.250.135.171 CIDR : 152.250.0.0/16 PREFIX COUNT : 267 UNIQUE IP COUNT : 6569728 ATTACKS DETECTED ASN27699 : 1H - 8 3H - 28 6H - 46 12H - 107 24H - 203 DateTime : 2019-10-30 04:48:20 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-10-30 18:33:09
51.158.145.221	attackbots	Oct 30 10:34:29 vmanager6029 sshd\[13958\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.158.145.221 user=root Oct 30 10:34:31 vmanager6029 sshd\[13958\]: Failed password for root from 51.158.145.221 port 56611 ssh2 Oct 30 10:38:04 vmanager6029 sshd\[14035\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.158.145.221 user=root	2019-10-30 18:37:03
149.129.243.158	attackspam	Automatic report - XMLRPC Attack	2019-10-30 18:44:14
139.217.234.68	attackspambots	Oct 30 06:19:13 server sshd\[3699\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.217.234.68 user=root Oct 30 06:19:15 server sshd\[3699\]: Failed password for root from 139.217.234.68 port 40486 ssh2 Oct 30 06:43:51 server sshd\[9645\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.217.234.68 user=root Oct 30 06:43:53 server sshd\[9645\]: Failed password for root from 139.217.234.68 port 41480 ssh2 Oct 30 06:48:25 server sshd\[10786\]: Invalid user odoo from 139.217.234.68 ...	2019-10-30 18:31:50
178.69.233.129	attackspambots	Chat Spam	2019-10-30 18:29:47
114.5.221.142	attackbots	[Wed Oct 30 10:48:27.264476 2019] [:error] [pid 7559:tid 140145034290944] [client 114.5.221.142:6521] [client 114.5.221.142] ModSecurity: Access denied with code 403 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/RESPONSE-950-DATA-LEAKAGES.conf"] [line "118"] [id "950100"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 503 found within RESPONSE_STATUS: 503"] [severity "ERROR"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/profil/peta-instrumentasi"] [unique_id "XbkIC48ZrE8Gf@6lZT6dTQAAAAE"], referer: https://karangploso.jatim.bmkg.go.id/ ...	2019-10-30 18:28:28
157.245.251.97	attackspambots	Oct 29 20:15:35 h2022099 sshd[25368]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.251.97 user=r.r Oct 29 20:15:37 h2022099 sshd[25368]: Failed password for r.r from 157.245.251.97 port 41508 ssh2 Oct 29 20:15:37 h2022099 sshd[25368]: Received disconnect from 157.245.251.97: 11: Bye Bye [preauth] Oct 29 20:25:34 h2022099 sshd[26576]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.251.97 user=r.r Oct 29 20:25:37 h2022099 sshd[26576]: Failed password for r.r from 157.245.251.97 port 58620 ssh2 Oct 29 20:25:37 h2022099 sshd[26576]: Received disconnect from 157.245.251.97: 11: Bye Bye [preauth] Oct 29 20:29:06 h2022099 sshd[26816]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.245.251.97 user=r.r Oct 29 20:29:08 h2022099 sshd[26816]: Failed password for r.r from 157.245.251.97 port 41014 ssh2 Oct 29 20:29:08 h2022099 sshd[26816........ -------------------------------	2019-10-30 18:59:15
91.121.67.107	attack	Oct 30 11:16:02 legacy sshd[570]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.121.67.107 Oct 30 11:16:04 legacy sshd[570]: Failed password for invalid user shriram from 91.121.67.107 port 36390 ssh2 Oct 30 11:19:42 legacy sshd[667]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.121.67.107 ...	2019-10-30 18:30:29
157.230.31.236	attack	Oct 30 09:42:20 hcbbdb sshd\[7125\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.31.236 user=root Oct 30 09:42:22 hcbbdb sshd\[7125\]: Failed password for root from 157.230.31.236 port 48630 ssh2 Oct 30 09:46:15 hcbbdb sshd\[7497\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.31.236 user=root Oct 30 09:46:17 hcbbdb sshd\[7497\]: Failed password for root from 157.230.31.236 port 58454 ssh2 Oct 30 09:50:10 hcbbdb sshd\[7877\]: Invalid user fc from 157.230.31.236	2019-10-30 19:03:08
106.12.205.227	attack	2019-10-30T08:19:57.564720lon01.zurich-datacenter.net sshd\[10830\]: Invalid user cougar from 106.12.205.227 port 43114 2019-10-30T08:19:57.570133lon01.zurich-datacenter.net sshd\[10830\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.205.227 2019-10-30T08:19:59.502746lon01.zurich-datacenter.net sshd\[10830\]: Failed password for invalid user cougar from 106.12.205.227 port 43114 ssh2 2019-10-30T08:25:05.578733lon01.zurich-datacenter.net sshd\[10953\]: Invalid user student!@\# from 106.12.205.227 port 51288 2019-10-30T08:25:05.585783lon01.zurich-datacenter.net sshd\[10953\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.205.227 ...	2019-10-30 18:28:46
125.130.110.20	attackspambots	Invalid user pat from 125.130.110.20 port 39892	2019-10-30 18:39:23
148.70.81.36	attack	Oct 30 07:28:34 firewall sshd[16694]: Failed password for invalid user modem from 148.70.81.36 port 56574 ssh2 Oct 30 07:33:26 firewall sshd[16762]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.81.36 user=root Oct 30 07:33:28 firewall sshd[16762]: Failed password for root from 148.70.81.36 port 39158 ssh2 ...	2019-10-30 18:38:53
202.152.58.90	attack	Unauthorized connection attempt from IP address 202.152.58.90 on Port 445(SMB)	2019-10-30 19:06:21

最近上报的IP列表

222.120.192.102	79.47.106.227	104.131.163.199	39.85.202.111
8.73.30.179	138.255.15.164	147.241.87.65	160.157.224.65
159.197.51.58	88.247.171.93	160.182.238.168	59.103.213.50
82.53.105.96	84.58.1.76	215.5.77.132	139.46.219.121
77.208.106.19	65.124.128.36	113.190.253.184	179.160.179.238