56.0.252.149 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States of America (the)

运营商(isp): unknown

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

暂无关于此IP的讨论, 沙发请点上方按钮

相同子网IP讨论:

暂无关于此IP所属子网相关IP的讨论.

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 56.0.252.149
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2492
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;56.0.252.149.			IN	A

;; AUTHORITY SECTION:
.			30	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2025021100 1800 900 604800 86400

;; Query time: 59 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Feb 12 02:11:25 CST 2025
;; MSG SIZE  rcvd: 105

HOST信息:

Host 149.252.0.56.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 149.252.0.56.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
24.111.139.42	attack	TCP (SYN) 24.111.139.42:59197 -> port 23, len 44	2020-08-30 03:28:55
103.145.242.246	attackbotsspam	(Aug 29) LEN=40 TTL=50 ID=55071 TCP DPT=8080 WINDOW=38412 SYN (Aug 29) LEN=40 TTL=50 ID=7608 TCP DPT=8080 WINDOW=38412 SYN (Aug 28) LEN=40 TTL=50 ID=59260 TCP DPT=8080 WINDOW=38412 SYN (Aug 28) LEN=40 TTL=50 ID=21981 TCP DPT=8080 WINDOW=38412 SYN (Aug 27) LEN=40 TTL=50 ID=10625 TCP DPT=8080 WINDOW=61455 SYN (Aug 27) LEN=40 TTL=50 ID=4225 TCP DPT=8080 WINDOW=38412 SYN (Aug 26) LEN=40 TTL=50 ID=58384 TCP DPT=8080 WINDOW=61455 SYN (Aug 25) LEN=40 TTL=50 ID=30778 TCP DPT=8080 WINDOW=38412 SYN (Aug 25) LEN=40 TTL=50 ID=54227 TCP DPT=8080 WINDOW=38412 SYN (Aug 25) LEN=40 TTL=50 ID=43475 TCP DPT=8080 WINDOW=61455 SYN (Aug 24) LEN=40 TTL=50 ID=19013 TCP DPT=8080 WINDOW=38412 SYN (Aug 23) LEN=40 TTL=50 ID=18248 TCP DPT=8080 WINDOW=38412 SYN (Aug 23) LEN=40 TTL=50 ID=10363 TCP DPT=8080 WINDOW=38412 SYN	2020-08-30 03:29:21
144.217.60.211	attackbotsspam	144.217.60.211 has been banned for [WebApp Attack] ...	2020-08-30 02:59:28
94.232.40.45	attackbots	RDP brute forcing (r)	2020-08-30 03:30:31
95.81.95.77	attackspam	Aug 29 13:03:46 host imapd-ssl: LOGIN FAILED, user=nmas[at][munged], ip=[::ffff:95.81.95.77] Aug 29 13:03:53 host imapd-ssl: LOGIN FAILED, user=nmas[at][munged], ip=[::ffff:95.81.95.77] Aug 29 13:04:01 host imapd-ssl: LOGIN FAILED, user=nmas[at][munged], ip=[::ffff:95.81.95.77] Aug 29 13:04:07 host imapd-ssl: LOGIN FAILED, user=nmas[at][munged], ip=[::ffff:95.81.95.77] Aug 29 13:04:14 host imapd-ssl: LOGIN FAILED, user=nmas[at][munged], ip=[::ffff:95.81.95.77] ...	2020-08-30 03:19:15
187.45.101.28	attackspambots	Attempted Brute Force (dovecot)	2020-08-30 03:23:17
87.246.7.7	attackbotsspam	MAIL: User Login Brute Force Attempt	2020-08-30 03:19:30
192.241.234.211	attack	port scan and connect, tcp 443 (https)	2020-08-30 02:56:25
190.64.64.77	attackbotsspam	leo_www	2020-08-30 03:12:30
59.173.19.66	attackbotsspam	Port scan denied	2020-08-30 03:15:38
192.241.220.154	attackbotsspam	Port scan denied	2020-08-30 03:00:19
93.112.21.51	attackbotsspam	Icarus honeypot on github	2020-08-30 03:23:57
49.146.38.107	attackspambots	20/8/29@08:03:54: FAIL: Alarm-Network address from=49.146.38.107 20/8/29@08:03:55: FAIL: Alarm-Network address from=49.146.38.107 ...	2020-08-30 03:33:41
185.148.38.26	attackbotsspam	Aug 29 14:00:44 Ubuntu-1404-trusty-64-minimal sshd\[15436\]: Invalid user mysql from 185.148.38.26 Aug 29 14:00:44 Ubuntu-1404-trusty-64-minimal sshd\[15436\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.38.26 Aug 29 14:00:47 Ubuntu-1404-trusty-64-minimal sshd\[15436\]: Failed password for invalid user mysql from 185.148.38.26 port 41442 ssh2 Aug 29 14:04:17 Ubuntu-1404-trusty-64-minimal sshd\[17010\]: Invalid user user from 185.148.38.26 Aug 29 14:04:17 Ubuntu-1404-trusty-64-minimal sshd\[17010\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.148.38.26	2020-08-30 03:11:35
139.162.116.133	attack	srvr1: (mod_security) mod_security (id:920350) triggered by 139.162.116.133 (JP/-/scan-66.security.ipip.net): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/29 15:49:44 [error] 27704#0: 112472 [client 139.162.116.133] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "15987161847.535630"] [ref "o0,13v21,13"], client: 139.162.116.133, [redacted] request: "GET / HTTP/1.1" [redacted]	2020-08-30 03:07:41

最近上报的IP列表

240.63.242.44	73.30.11.17	42.224.27.149	219.83.116.78
38.137.7.78	159.146.6.170	41.207.173.79	252.67.122.22
30.25.136.255	250.138.131.10	225.89.48.239	201.181.29.117
227.61.82.40	73.88.138.136	19.132.175.75	172.185.172.171
251.64.107.29	222.36.16.133	189.37.71.164	19.212.83.97