finally caught godaddy.com on 5/30/2025; 涉美国、德国、荷兰、法国等,一批境外恶意网址和IP曝光--thanks china, finally got 后门 IP网址 did great jobs much better than usa.
2025/06/02 15:50
瀏覽25
迴響0
推薦0
引用0
[site blocked: ocsp.godaddy.com] from source spouse-IPaddress 1 Fri May 30 01:27:54 2025 0.0.0.0:0 spouse-IPaddress
searched [site blocked: ocsp.godaddy.com target 0.0.0.0:0 source myPC-IPaddress ?
no relation to goddaddy why happens?] got : The message "site blocked: ocsp.godaddy.com target 0.0.0.0:0 source myPC-IPaddress" indicates that your computers connection to ocsp.godaddy.com was blocked, and the target IP address was reported as 0.0.0.0
--it should be my router admin block godaddy site, the question is after Hard reset router which wipped off all block sites and i havent add goddady and others to block sites yets. before Hard reset i did block it. so why is that? spouse-IPaddress was fake?
searched [amazon is goddady client?] got: Yes, GoDaddy is a client of Amazon Web Services (AWS). GoDaddy has signed a multi-year agreement with AWS to migrate the majority of its computing infrastructure to the AWS cloud. This means GoDaddy relies on AWS for a significant portion of its technology needs.....GoDaddys Use of AWS: GoDaddy uses various AWS services, including machine learning, analytics, databases, and containers, to support its business.
searched [if router admin block amazon site would also auto block goddady which is amazon client Uses of AWS ?] got: No, blocking Amazon websites through a routers admin panel would not automatically block GoDaddy. While GoDaddy uses AWS (Amazon Web Services) for infrastructure and cloud services, blocking a specific website or domain doesnt affect other sites. Routers typically block access to specific websites or IP addresses based on the DNS or IP address, not on whether they are related to a larger platform or service like AWS. PS i did block amazon and other sites after Hard reset router. now block goddady see any difference
[What does 0.0 0.0 mean?] got : 0.0/0 defines an IP block containing all possible IP addresses. It is commonly used in routing to depict the default route as a destination subnet. It matches all addresses in the IPv4 address space and is present on most hosts, directed towards a local router.
searched [what is ocsp.godaddy.com IP address ?] got : 192.124.249.24
The error "site blocked: ocsp.godaddy.com target 0.0.0.0:0 source my PC-IP address" indicates that your computers IP address is being blocked from accessing
ocsp.godaddy.com
--or the hacker used spouse-IPaddress tried to accessing ocsp.godaddy.com, set up spouse ?
on port 0. This usually means theres a firewall or security setting either on your device or on GoDaddys end preventing the connection.
--if spouse-IPaddress is real that is good to block goddady, is it possible not in block site can auto block it?
Heres a breakdown of the issue and how to troubleshoot it:
Understanding the Error:
ocsp.godaddy.com
This is the server GoDaddy uses for Online Certificate Status Protocol (OCSP) checks, which is a mechanism to verify the validity of SSL/TLS certificates. This likely refers to the source of the blocked connection attempting to access any IP address on port 0, which is a reserved port and usually not in use for legitimate traffic. This means the connection attempt is originating from your computers IP address.
Possible Causes:
Firewall Blocking:
A firewall on your computer or router might be blocking the connection to
ocsp.godaddy.com
GoDaddys website security settings (like a Web Application Firewall) could be blocking your IP address due to suspected malicious activity or a temporary issue. Your IP address might have been temporarily blocked by GoDaddy due to suspicious activity like excessive login attempts or unusual traffic patterns. GoDaddy itself might be experiencing an issue with their servers or security settings.
Troubleshooting Steps:
1. Check Your Firewall:
Temporarily disable your firewall on your computer (if youre comfortable doing so) and see if the connection works. If it does, youll need to configure your firewall to allow connections to
ocsp.godaddy.com
on port 0 or the appropriate port used by GoDaddy. If the issue persists, contact GoDaddys support team to inquire about the block and see if they can help. If youre using GoDaddys security features, you might be able to allow your IP address in the firewall settings, as described in this GoDaddy help article. Some browsers might have security settings that could be blocking the connection. If youre concerned about security, you could try using a VPN to connect to
ocsp.godaddy.com
Important Notes:
Port 0 is a reserved port and not typically used for web traffic, so its unusual to see it mentioned in a blocking error.
target 0.0.0.0:0
source my PC-IP address
GoDaddy Firewall:
Temporary IP Block:
GoDaddy Internal Issues:
2. Check GoDaddys Status:
Visit GoDaddys status page to see if there are any reported issues with their services that might be affecting your connection.
3. Contact GoDaddy Support:
4. Allow IP in GoDaddy Settings:
5. Check Your Browser Settings:
6. Use a VPN:
OCSP checks are essential for ensuring the validity of SSL/TLS certificates, so blocking this connection might cause problems with accessing websites that use these certificates.
--i would rather perform : Investigate the IP Address: You can use online tools to investigate the IP address and potentially find out more about who owns it, though accuracy isnt guaranteed.
C:\Windows\System32>ping
C:\Windows\System32>tracert 192.124.249.24
Tracing route to cloudproxy10024.sucuri.net [192.124.249.24]
over a maximum of 30 hops:
1 2 ms 2 ms 2 ms router-admin-IPaddress
2 11 ms 10 ms 10 ms c3-0.elg-e6k1.nape.il.cable.rcn.net [149.75.184.1]
3 16 ms 12 ms 13 ms 216.80.78.125
4 * * * Request timed out.
5 14 ms 16 ms 15 ms hge0-0-0-4.edge1.ord-eqnx.il.bb.astound.net [207.172.19.171] ps astound sold to RCN
6 25 ms 74 ms 20 ms et-3-0-25.cr9-chi1.ip4.gtt.net [69.174.17.225]
7 14 ms 21 ms 13 ms ip4.gtt.net [208.116.158.6]
8 14 ms 13 ms 12 ms cloudproxy10024.sucuri.net [192.124.249.24]
Trace complete.
searched https://zh-hant.ipshu.com got: 216.80.78.1 是一個公開IP地址,使用者位於美国 伊利诺伊州 芝加哥,其用途是固定電話互聯網服務提供商,類型是寬帶/電纜/光纖。
216.80.78.125 (click it)
216.80.78.125是外網地址,是互聯網上的一個公網IP地址,其對應的設備可以被互聯網上的其他設備訪問。
IP地址可以分為外網地址、内網地址和保留地址。
外網IP地址:絕大多數IP地址是外網地址,需要向國際互聯網管理機構申請註冊。ps RCN 設備 in chicago?
内網 IP 地址:IPv4 地址協議中保留了三個 IP 地址段作為内網地址,供組織內部使用。
保留IP地址:還有一些保留地址,用作私人IP地址空間或用於內部局域網等特殊用途。
ps domains 0 pingable NO router Yes
216.80.78.255網絡廣播地址,不能分配使用
same as 208.116.158.6; 192.124.249.24 外部IP地址,這個IP地址代表互聯網上的一個設備該IP地址連接的設備位於 門尼菲縣、加州、美国
another [DoS attack: SYN Flood] from 142.250.207.67, port 443 1 Sun Jun 01 12:09:57 2025 spousePC-IPaddress 142.250.207.67:443---->Google LLC
142.250.207.67 該IP地址連接的設備位於 金奈、泰米尔纳德邦、印度
why got millions as [DoS attack: TCP- or UDP-based Port Scan] from 208.59.247.45, port 53 1 Sun Jun 01 12:09:47 2025 149.75.231.61:56720 208.59.247.45:53
149.75 and 208.59 are RCN related, 208.59.247.45 是 RCN 的免費公共 DNS 服務器的 IP 地址 位於 普林斯顿、新泽西州、美国
RCN從區域互聯網註冊中心(RIR)申請了一批IP地址,然後將IP地址208.59.247.45分配給位於普林斯顿、新泽西州、美国的服務器。
can RCN cut off 208.59 which got abused reporting as : The IP address 208.59.247.45 has been reported as an abuse IP address, specifically by AbuseIPDB. It was first reported on October 4th, 2023, and the most recent report is from one year ago. However, its possible the IP is no longer involved in abusive activities
--obviously RCN didnt update in 2025 suffering millions 208.59 attacked 149.75. or tried to scare me-type their client to pay extra $40+ to get [take care service]? as we also got [DoS attack: SYN Flood] from 208.59.247.45, port 53 1 Sun Jun 01 12:44:14 2025 spousePC-IP address 208.59.247.45:53---->ns2.dns.rcn.net and [DoS attack: SYN Flood] from 208.59.247.46, port 53 1 Sun Jun 01 13:04:08 2025 spousePC-IP address 208.59.247.46:53---->ns1.dns.rcn.net
[DoS attack: SYN Flood] from 35.211.246.180, port 443 1 Sun Jun 01 12:09:20 2025 spousePC-IPaddress 35.211.246.180:443 互聯網服務提供商 (ISP) 是 Google LLC 從區域互聯網註冊中心(RIR)申請了一批IP地址,然後將IP地址35.211.246.180分配給位於北查尔斯顿、南卡罗来纳州、美国的設備,
[DoS attack: SYN Flood] from 34.117.228.201, port 443 1 Sun Jun 01 16:10:08 2025 spousePC-IPaddress 34.117.228.201:443 ---->該IP地址連接的設備位於 堪薩斯城、密苏里州、美国 互聯網服務提供商 (ISP) 是 Google LLC Google LLC從區域互聯網註冊中心(RIR)申請了一批IP地址,然後將IP地址34.117.228.201分配給位於堪薩斯城、密苏里州、美国的設備 不是代理IP地址 上網速度屬於:T1 屬於 DCH 如數據中心、虛擬主機、網絡傳輸等
[DoS attack: SYN Flood] from 130.211.115.4, port 443 1 Sun Jun 01 12:44:18 2025 spousePC-IPaddress 130.211.115.4:443----> 不是代理IP地址 上網速度屬於:T1該IP地址連接的設備位於 康瑟尔布拉夫斯、艾奥瓦州、美国, Google LLC從區域互聯網註冊中心(RIR)申請了一批IP地址,然後將IP地址130.211.115.4分配給位於康瑟尔布拉夫斯、艾奥瓦州、美国的設備
[DoS attack: SYN Flood] from 23.221.245.14, port 443 1 Sat May 31 15:27:22 2025 spousePC-IPaddress 23.221.245.14:443---->不是代理IP地址 上網速度屬於:T1 互聯網服務提供商 (ISP) 是 AS16625 Akamai International, BV 從區域互聯網註冊中心(RIR)申請了一批IP地址,然後將IP地址23.221.245.14分配給位於芝加哥、伊利诺伊州、美国的設備
[DoS attack: SYN Flood] from 138.113.128.90, port 443 1 Sat May 31 06:42:25 2025 spousePC-IPaddress 138.113.128.90:443----> price.sci99.com
2 11 ms 11 ms * c3-0.elg-e6k1.nape.il.cable.rcn.net [149.75.184.1]
3 23 ms 12 ms 14 ms 216.80.78.125
4 * * * Request timed out.
5 17 ms 17 ms 26 ms hge0-0-0-4.edge1.ord-eqnx.il.bb.astound.net [207.172.19.171]
6 13 ms 13 ms 14 ms et-3-0-25.cr9-chi1.ip4.gtt.net [69.1 74.17.225]
7 34 ms 31 ms 34 ms ae5.cr3-kan1.ip4.gtt.net [213.254.214.246]
8 24 ms 24 ms 22 ms ip4.gtt.net [63.141.219.14]
9 24 ms 26 ms 28 ms figscarlet.com [69.30.202.10]
10 * * * Request timed out.
11 23 ms 30 ms 26 ms 138.113.128.90
堪薩斯城、堪薩斯州、美国 不是代理IP地址 上網速度屬於:T1 屬於 CDN(內容交付網絡) 互聯網服務提供商 (ISP) 是 AS54994 Private Customer 從區域互聯網註冊中心(RIR)申請了一批IP地址,然後將IP地址138.113.128.90分配給位於堪薩斯城、堪薩斯州、美国的設備
ps recently Holland black China but what i found the truth ?
[DoS attack: TCP- or UDP-based Port Scan] from 89.248.163.77, port 41937 1 Sun Jun 01 18:51:52 2025 149.75.231.61:3580 89.248.163.77:41937
89.248.163.77是一個外部IP地址,這個IP地址代表互聯網上的一個設備。我們檢測到該IP地址連接的設備位於 阿姆斯特丹、北荷蘭省、荷兰。互聯網服務提供商 (ISP) 是 IP Volume inc 從區域互聯網註冊中心(RIR)申請了一批IP地址,然後將IP地址89.248.163.77分配給位於阿姆斯特丹、北荷蘭省、荷兰的設備
.................
ps 6/2/2025 made a finally decision post what we suffered in https://zh-hant.ipshu.com/ip_whois_usage as:
pity client 2025-06-02 13:57:49 (local 6/2/2025 1:00am)
frequently got millions [DoS attack: TCP- or UDP-based Port Scan] from 208.59.247.46, port 53 1 Fri May 30 15:44:32 2025 149.75.231.61:58789 208.59.247.46:53 and
[DoS attack: TCP- or UDP-based Port Scan] from 208.59.247.45, port 53 1 Fri May 30 15:44:32 2025 149.75.231.61:63530 208.59.247.45:53
the thing bothered me 208.59 and 149.75 are RCN related, did contact our local RCN branch who told me must rent the company router and pay over $70/monthly fee can get "take care" service. it obviously is RCN [208.59]equip got abused and then [DoS attack: SYN Flood] from 208.59.247.46, port 53 1 Sun Jun 01 15:13:21 2025 myPC-IPaddress 208.59.247.46:53 and [DoS attack: SYN Flood] from 208.59.247.46, port 53 1 Sun Jun 01 15:13:21 2025 myPC-IPaddress 208.59.247.46:53;
why we have to pay? cant RCN cut off 208.59 or else?
ps The IP address 208.59.247.45 has been reported as an abuse IP address, specifically by AbuseIPDB.
................
ps in the meanwhile i also frequently to verify network 2.4G channel users as : channel
1 ghost-> Verizon_P9X3TD->Moka2003
3 Tmobil-2450 xBurbujitas19
5 our network ps cant but manual changed channel if other used same as our channel especially [stick-type such as Moka2003] and Direct-QU-vizioTV which not sure whether related to our TV or not. After i posted in /zh-hant.ipshu.com/ip_whois_usage the weird [DoS attack: TCP- or UDP-based Port Scan] and [DoS attack: SYN Flood] temporary stopped, but very likely next day happen again.
i did suspect at least 2 moles hide in 2.4G(Moka2003) and 5G(ghost). no matter how hard manual changed different channels, just like 如骨附蛆难以摆脱 especially 5G the ghost. Deeply suspect the mole want to occupy the whole 5G disallow others in. isnt very pity client bought expensive dual router but cant use 5G or millions SYN Flood attack.
6 xVerizon_TV9VS3, My Wi Fi ,xTmobile-2450<->ghost, ghost
7 RoyalToad
8 Betser58
9 Tmobile_C2BA
10 Direct-QU-vizioTV
11 chingon plus, ghost
===================================
涉美国、德国、荷兰、法国等,一批境外恶意网址和IP曝光 2025-06-05 16:23:54 来源:观察者网
据微信公众号“国家网络安全通报中心”5日消息,中国国家网络与信息安全信息通报中心通过支撑单位发现一批境外恶意网址和恶意IP,境外黑客组织利用这些网址和IP持续对中国和其他国家发起网络攻击。这些恶意网址和IP都与特定木马程序或木马程序控制端密切关联,网络攻击类型包括建立僵尸网络、后门利用等,对中国国内联网单位和互联网用户构成重大威胁。相关恶意网址和恶意IP归属地主要涉及:美国、德国、荷兰、法国、瑞士、哥伦比亚、新加坡、越南。主要情况如下:
一、恶意地址信息
(一)恶意地址:enermax-com.cc
关联IP地址:198.135.49.79
归属地:美国/德克萨斯州/达拉斯
威胁类型:后门
病毒家族:RemCos
描述:RemCos是一款远程管理工具,可用于创建带有恶意宏的Microsoft Word文档,最新版本的RemCos能够执行键盘记录、截取屏幕截图和窃取密码等多种恶意活动,攻击者可以利用受感染系统的后门访问权限收集敏感信息并远程控制系统。
(二)恶意地址:vpn.komaru.today
关联IP地址:178.162.217.107
归属地:德国/黑森州/美因河畔法兰克福
威胁类型:僵尸网络
病毒家族:MooBot
描述:这是一种Mirai僵尸网络的变种,常借助各种IoT设备漏洞例如CVE-2015-2051、CVE-2018-6530、CVE-2022-26258、CVE-2022-28958等进行入侵,攻击者在成功入侵设备后将下载执行MooBot的二进制文件,进而组建僵尸网络,并发起DDoS(分布式拒绝服务)攻击。
(三)恶意地址:ccn.fdstat.vip
关联IP地址:176.65.148.180
归属地:德国
威胁类型:僵尸网络
病毒家族:Mirai
描述:这是一种Linux僵尸网络病毒,通过网络下载、漏洞利用、Telnet和SSH暴力破解等方式进行扩散,入侵成功后可对目标网络系统发起分布式拒绝服务(DDoS)攻击。
(四)恶意地址:crazydns.bumbleshrimp.com
关联IP地址:196.251.115.253
归属地:荷兰/北荷兰省/阿姆斯特丹
威胁类型:后门
病毒家族:NjRAT
描述:这是一种由C#编写的远程访问木马,具备屏幕监控、键盘记录、密码窃取、文件管理(上传、下载、删除、重命名文件)、进程管理(启动或终止进程)、远程激活摄像头、交互式 Shell(远程命令执行)、访问特定 URL 及其它多种恶意控制功能,通常通过移动存储介质感染、网络钓鱼邮件或恶意链接进行传播,用于非法监控、数据窃取和远程控制受害者计算机。
(五)恶意地址:nanotism.nolanwh.cf
关联IP地址:2.4.130.229
归属地:法国/新阿基坦大区/蒙莫里永
威胁类型:后门
病毒家族:Nanocore
描述:这是一种远程访问木马,主要用于间谍活动和系统远程控制。攻击者获得感染病毒的主机访问权限,能够录制音频和视频、键盘记录、收集凭据和个人信息、操作文件和注册表、下载和执行其它恶意软件负载等。Nanocore还支持插件,通过带恶意附件的垃圾邮件分发能够扩展实现各种恶意功能,比如挖掘加密货币,勒索软件攻击等。
(六)恶意地址:gotoaa.sytes.net
关联IP地址:46.19.141.202
归属地:瑞士/苏黎世州/苏黎世
威胁类型:后门
病毒家族:AsyncRAT
描述:这是一种采用C#语言编写的后门,主要包括屏幕监控、键盘记录、密码获取、文件窃取、进程管理、开关摄像头、交互式SHELL,以及访问特定URL等功能。传播主要通过移动介质、网络钓鱼等方式,现已发现多个关联变种,部分变种主要针对民生领域的联网系统。
(七)恶意地址:rcdoncu1905.duckdns.org
关联IP地址:181.131.216.154
归属地:哥伦比亚/塞萨尔/巴耶杜帕尔
威胁类型:后门
病毒家族:RemCos
描述:RemCos是一款远程管理工具,可用于创建带有恶意宏的Microsoft Word文档,最新版本的RemCos能够执行多种恶意活动,包括键盘记录、截取屏幕截图和窃取密码。攻击者可以利用受感染系统的后门访问权限收集敏感信息并远程控制系统。
(八)恶意地址:1000gbps.duckdns.org
关联IP地址:192.250.228.95
归属地:新加坡/新加坡/新加坡
威胁类型:僵尸网络
病毒家族:Mirai
描述:这是一种Linux僵尸网络病毒,通过网络下载、漏洞利用、Telnet和SSH暴力破解等方式进行扩散,入侵成功后可对目标网络系统发起分布式拒绝服务(DDoS)攻击。
(九)恶意地址:nnbotnet.duckdns.org
关联IP地址:161.248.238.54
归属地:越南
威胁类型:僵尸网络
病毒家族:MooBot
描述:这是一种Mirai僵尸网络的变种,常借助各种IoT设备漏洞例如CVE-2015-2051、CVE-2018-6530、CVE-2022-26258、CVE-2022-28958等进行入侵,攻击者在成功入侵设备后将下载执行MooBot的二进制文件,进而组建僵尸网络,并发起DDoS(分布式拒绝服务)攻击。
(十)恶意地址:traxanhc2.duckdns.org
关联IP地址:160.187.246.174
归属地:越南/清化省
威胁类型:僵尸网络
病毒家族:Mirai
描述:这是一种Linux僵尸网络病毒,通过网络下载、漏洞利用、Telnet和SSH暴力破解等方式进行扩散,入侵成功后可对目标网络系统发起分布式拒绝服务(DDoS)攻击。
二、排查方法
(一)详细查看分析浏览器记录以及网络设备中近期流量和DNS请求记录,查看是否有以上恶意地址连接记录,如有条件可提取源IP、设备信息、连接时间等信息进行深入分析。
(二)在本单位应用系统中部署网络流量检测设备进行流量数据分析,追踪与上述网址和IP发起通信的设备网上活动痕迹。
(三)如果能够成功定位到遭受攻击的联网设备,可主动对这些设备进行勘验取证,进而组织技术分析。
三、处置建议
(一)对所有通过社交平台或电子邮件渠道接收的文件和链接保持高度警惕,重点关注其中来源未知或不可信的情况,不要轻易信任或打开相关文件。
(二)及时在威胁情报产品或网络出口防护设备中更新规则,坚决拦截以上恶意网址和恶意IP的访问。
(三)向公安机关及时报告,配合开展现场调查和技术溯源。
责任编辑: 方周
--6/7/2025 i also added the 10 恶意地址 into router admin block sites on 6/5/2025, not sure whether it can block or not. but it seems less SYN Flood attacked our 2 notebooks. i did this because dont want whenever visited china websites thru my notebook attacking china websites. Hoping to see more china reporting so can help each other. i have no expect from usa at all, and suspect those criminals became masters black hands do the nasty jobs to usa indoors enenmy-so-called who against masters wars.
searched [site blocked: ocsp.godaddy.com target 0.0.0.0:0 source myPC-IPaddress ?
no relation to goddaddy why happens?] got : The message "site blocked: ocsp.godaddy.com target 0.0.0.0:0 source myPC-IPaddress" indicates that your computers connection to ocsp.godaddy.com was blocked, and the target IP address was reported as 0.0.0.0
--it should be my router admin block godaddy site, the question is after Hard reset router which wipped off all block sites and i havent add goddady and others to block sites yets. before Hard reset i did block it. so why is that? spouse-IPaddress was fake?
searched [amazon is goddady client?] got: Yes, GoDaddy is a client of Amazon Web Services (AWS). GoDaddy has signed a multi-year agreement with AWS to migrate the majority of its computing infrastructure to the AWS cloud. This means GoDaddy relies on AWS for a significant portion of its technology needs.....GoDaddys Use of AWS: GoDaddy uses various AWS services, including machine learning, analytics, databases, and containers, to support its business.
searched [if router admin block amazon site would also auto block goddady which is amazon client Uses of AWS ?] got: No, blocking Amazon websites through a routers admin panel would not automatically block GoDaddy. While GoDaddy uses AWS (Amazon Web Services) for infrastructure and cloud services, blocking a specific website or domain doesnt affect other sites. Routers typically block access to specific websites or IP addresses based on the DNS or IP address, not on whether they are related to a larger platform or service like AWS. PS i did block amazon and other sites after Hard reset router. now block goddady see any difference
[What does 0.0 0.0 mean?] got : 0.0/0 defines an IP block containing all possible IP addresses. It is commonly used in routing to depict the default route as a destination subnet. It matches all addresses in the IPv4 address space and is present on most hosts, directed towards a local router.
searched [what is ocsp.godaddy.com IP address ?] got : 192.124.249.24
The error "site blocked: ocsp.godaddy.com target 0.0.0.0:0 source my PC-IP address" indicates that your computers IP address is being blocked from accessing
ocsp.godaddy.com
--or the hacker used spouse-IPaddress tried to accessing ocsp.godaddy.com, set up spouse ?
on port 0. This usually means theres a firewall or security setting either on your device or on GoDaddys end preventing the connection.
--if spouse-IPaddress is real that is good to block goddady, is it possible not in block site can auto block it?
Heres a breakdown of the issue and how to troubleshoot it:
Understanding the Error:
ocsp.godaddy.com
This is the server GoDaddy uses for Online Certificate Status Protocol (OCSP) checks, which is a mechanism to verify the validity of SSL/TLS certificates. This likely refers to the source of the blocked connection attempting to access any IP address on port 0, which is a reserved port and usually not in use for legitimate traffic. This means the connection attempt is originating from your computers IP address.
Possible Causes:
Firewall Blocking:
A firewall on your computer or router might be blocking the connection to
ocsp.godaddy.com
GoDaddys website security settings (like a Web Application Firewall) could be blocking your IP address due to suspected malicious activity or a temporary issue. Your IP address might have been temporarily blocked by GoDaddy due to suspicious activity like excessive login attempts or unusual traffic patterns. GoDaddy itself might be experiencing an issue with their servers or security settings.
Troubleshooting Steps:
1. Check Your Firewall:
Temporarily disable your firewall on your computer (if youre comfortable doing so) and see if the connection works. If it does, youll need to configure your firewall to allow connections to
ocsp.godaddy.com
on port 0 or the appropriate port used by GoDaddy. If the issue persists, contact GoDaddys support team to inquire about the block and see if they can help. If youre using GoDaddys security features, you might be able to allow your IP address in the firewall settings, as described in this GoDaddy help article. Some browsers might have security settings that could be blocking the connection. If youre concerned about security, you could try using a VPN to connect to
ocsp.godaddy.com
Important Notes:
Port 0 is a reserved port and not typically used for web traffic, so its unusual to see it mentioned in a blocking error.
target 0.0.0.0:0
source my PC-IP address
GoDaddy Firewall:
Temporary IP Block:
GoDaddy Internal Issues:
2. Check GoDaddys Status:
Visit GoDaddys status page to see if there are any reported issues with their services that might be affecting your connection.
3. Contact GoDaddy Support:
4. Allow IP in GoDaddy Settings:
5. Check Your Browser Settings:
6. Use a VPN:
OCSP checks are essential for ensuring the validity of SSL/TLS certificates, so blocking this connection might cause problems with accessing websites that use these certificates.
--i would rather perform : Investigate the IP Address: You can use online tools to investigate the IP address and potentially find out more about who owns it, though accuracy isnt guaranteed.
C:\Windows\System32>ping
C:\Windows\System32>tracert 192.124.249.24
Tracing route to cloudproxy10024.sucuri.net [192.124.249.24]
over a maximum of 30 hops:
1 2 ms 2 ms 2 ms router-admin-IPaddress
2 11 ms 10 ms 10 ms c3-0.elg-e6k1.nape.il.cable.rcn.net [149.75.184.1]
3 16 ms 12 ms 13 ms 216.80.78.125
4 * * * Request timed out.
5 14 ms 16 ms 15 ms hge0-0-0-4.edge1.ord-eqnx.il.bb.astound.net [207.172.19.171] ps astound sold to RCN
6 25 ms 74 ms 20 ms et-3-0-25.cr9-chi1.ip4.gtt.net [69.174.17.225]
7 14 ms 21 ms 13 ms ip4.gtt.net [208.116.158.6]
8 14 ms 13 ms 12 ms cloudproxy10024.sucuri.net [192.124.249.24]
Trace complete.
searched https://zh-hant.ipshu.com got: 216.80.78.1 是一個公開IP地址,使用者位於美国 伊利诺伊州 芝加哥,其用途是固定電話互聯網服務提供商,類型是寬帶/電纜/光纖。
216.80.78.125 (click it)
216.80.78.125是外網地址,是互聯網上的一個公網IP地址,其對應的設備可以被互聯網上的其他設備訪問。
IP地址可以分為外網地址、内網地址和保留地址。
外網IP地址:絕大多數IP地址是外網地址,需要向國際互聯網管理機構申請註冊。ps RCN 設備 in chicago?
内網 IP 地址:IPv4 地址協議中保留了三個 IP 地址段作為内網地址,供組織內部使用。
保留IP地址:還有一些保留地址,用作私人IP地址空間或用於內部局域網等特殊用途。
ps domains 0 pingable NO router Yes
216.80.78.255網絡廣播地址,不能分配使用
same as 208.116.158.6; 192.124.249.24 外部IP地址,這個IP地址代表互聯網上的一個設備該IP地址連接的設備位於 門尼菲縣、加州、美国
another [DoS attack: SYN Flood] from 142.250.207.67, port 443 1 Sun Jun 01 12:09:57 2025 spousePC-IPaddress 142.250.207.67:443---->Google LLC
142.250.207.67 該IP地址連接的設備位於 金奈、泰米尔纳德邦、印度
why got millions as [DoS attack: TCP- or UDP-based Port Scan] from 208.59.247.45, port 53 1 Sun Jun 01 12:09:47 2025 149.75.231.61:56720 208.59.247.45:53
149.75 and 208.59 are RCN related, 208.59.247.45 是 RCN 的免費公共 DNS 服務器的 IP 地址 位於 普林斯顿、新泽西州、美国
RCN從區域互聯網註冊中心(RIR)申請了一批IP地址,然後將IP地址208.59.247.45分配給位於普林斯顿、新泽西州、美国的服務器。
can RCN cut off 208.59 which got abused reporting as : The IP address 208.59.247.45 has been reported as an abuse IP address, specifically by AbuseIPDB. It was first reported on October 4th, 2023, and the most recent report is from one year ago. However, its possible the IP is no longer involved in abusive activities
--obviously RCN didnt update in 2025 suffering millions 208.59 attacked 149.75. or tried to scare me-type their client to pay extra $40+ to get [take care service]? as we also got [DoS attack: SYN Flood] from 208.59.247.45, port 53 1 Sun Jun 01 12:44:14 2025 spousePC-IP address 208.59.247.45:53---->ns2.dns.rcn.net and [DoS attack: SYN Flood] from 208.59.247.46, port 53 1 Sun Jun 01 13:04:08 2025 spousePC-IP address 208.59.247.46:53---->ns1.dns.rcn.net
[DoS attack: SYN Flood] from 35.211.246.180, port 443 1 Sun Jun 01 12:09:20 2025 spousePC-IPaddress 35.211.246.180:443 互聯網服務提供商 (ISP) 是 Google LLC 從區域互聯網註冊中心(RIR)申請了一批IP地址,然後將IP地址35.211.246.180分配給位於北查尔斯顿、南卡罗来纳州、美国的設備,
[DoS attack: SYN Flood] from 34.117.228.201, port 443 1 Sun Jun 01 16:10:08 2025 spousePC-IPaddress 34.117.228.201:443 ---->該IP地址連接的設備位於 堪薩斯城、密苏里州、美国 互聯網服務提供商 (ISP) 是 Google LLC Google LLC從區域互聯網註冊中心(RIR)申請了一批IP地址,然後將IP地址34.117.228.201分配給位於堪薩斯城、密苏里州、美国的設備 不是代理IP地址 上網速度屬於:T1 屬於 DCH 如數據中心、虛擬主機、網絡傳輸等
[DoS attack: SYN Flood] from 130.211.115.4, port 443 1 Sun Jun 01 12:44:18 2025 spousePC-IPaddress 130.211.115.4:443----> 不是代理IP地址 上網速度屬於:T1該IP地址連接的設備位於 康瑟尔布拉夫斯、艾奥瓦州、美国, Google LLC從區域互聯網註冊中心(RIR)申請了一批IP地址,然後將IP地址130.211.115.4分配給位於康瑟尔布拉夫斯、艾奥瓦州、美国的設備
[DoS attack: SYN Flood] from 23.221.245.14, port 443 1 Sat May 31 15:27:22 2025 spousePC-IPaddress 23.221.245.14:443---->不是代理IP地址 上網速度屬於:T1 互聯網服務提供商 (ISP) 是 AS16625 Akamai International, BV 從區域互聯網註冊中心(RIR)申請了一批IP地址,然後將IP地址23.221.245.14分配給位於芝加哥、伊利诺伊州、美国的設備
[DoS attack: SYN Flood] from 138.113.128.90, port 443 1 Sat May 31 06:42:25 2025 spousePC-IPaddress 138.113.128.90:443----> price.sci99.com
2 11 ms 11 ms * c3-0.elg-e6k1.nape.il.cable.rcn.net [149.75.184.1]
3 23 ms 12 ms 14 ms 216.80.78.125
4 * * * Request timed out.
5 17 ms 17 ms 26 ms hge0-0-0-4.edge1.ord-eqnx.il.bb.astound.net [207.172.19.171]
6 13 ms 13 ms 14 ms et-3-0-25.cr9-chi1.ip4.gtt.net [69.1 74.17.225]
7 34 ms 31 ms 34 ms ae5.cr3-kan1.ip4.gtt.net [213.254.214.246]
8 24 ms 24 ms 22 ms ip4.gtt.net [63.141.219.14]
9 24 ms 26 ms 28 ms figscarlet.com [69.30.202.10]
10 * * * Request timed out.
11 23 ms 30 ms 26 ms 138.113.128.90
堪薩斯城、堪薩斯州、美国 不是代理IP地址 上網速度屬於:T1 屬於 CDN(內容交付網絡) 互聯網服務提供商 (ISP) 是 AS54994 Private Customer 從區域互聯網註冊中心(RIR)申請了一批IP地址,然後將IP地址138.113.128.90分配給位於堪薩斯城、堪薩斯州、美国的設備
ps recently Holland black China but what i found the truth ?
[DoS attack: TCP- or UDP-based Port Scan] from 89.248.163.77, port 41937 1 Sun Jun 01 18:51:52 2025 149.75.231.61:3580 89.248.163.77:41937
89.248.163.77是一個外部IP地址,這個IP地址代表互聯網上的一個設備。我們檢測到該IP地址連接的設備位於 阿姆斯特丹、北荷蘭省、荷兰。互聯網服務提供商 (ISP) 是 IP Volume inc 從區域互聯網註冊中心(RIR)申請了一批IP地址,然後將IP地址89.248.163.77分配給位於阿姆斯特丹、北荷蘭省、荷兰的設備
.................
ps 6/2/2025 made a finally decision post what we suffered in https://zh-hant.ipshu.com/ip_whois_usage as:
pity client 2025-06-02 13:57:49 (local 6/2/2025 1:00am)
frequently got millions [DoS attack: TCP- or UDP-based Port Scan] from 208.59.247.46, port 53 1 Fri May 30 15:44:32 2025 149.75.231.61:58789 208.59.247.46:53 and
[DoS attack: TCP- or UDP-based Port Scan] from 208.59.247.45, port 53 1 Fri May 30 15:44:32 2025 149.75.231.61:63530 208.59.247.45:53
the thing bothered me 208.59 and 149.75 are RCN related, did contact our local RCN branch who told me must rent the company router and pay over $70/monthly fee can get "take care" service. it obviously is RCN [208.59]equip got abused and then [DoS attack: SYN Flood] from 208.59.247.46, port 53 1 Sun Jun 01 15:13:21 2025 myPC-IPaddress 208.59.247.46:53 and [DoS attack: SYN Flood] from 208.59.247.46, port 53 1 Sun Jun 01 15:13:21 2025 myPC-IPaddress 208.59.247.46:53;
why we have to pay? cant RCN cut off 208.59 or else?
ps The IP address 208.59.247.45 has been reported as an abuse IP address, specifically by AbuseIPDB.
................
ps in the meanwhile i also frequently to verify network 2.4G channel users as : channel
1 ghost-> Verizon_P9X3TD->Moka2003
3 Tmobil-2450 xBurbujitas19
5 our network ps cant but manual changed channel if other used same as our channel especially [stick-type such as Moka2003] and Direct-QU-vizioTV which not sure whether related to our TV or not. After i posted in /zh-hant.ipshu.com/ip_whois_usage the weird [DoS attack: TCP- or UDP-based Port Scan] and [DoS attack: SYN Flood] temporary stopped, but very likely next day happen again.
i did suspect at least 2 moles hide in 2.4G(Moka2003) and 5G(ghost). no matter how hard manual changed different channels, just like 如骨附蛆难以摆脱 especially 5G the ghost. Deeply suspect the mole want to occupy the whole 5G disallow others in. isnt very pity client bought expensive dual router but cant use 5G or millions SYN Flood attack.
6 xVerizon_TV9VS3, My Wi Fi ,xTmobile-2450<->ghost, ghost
7 RoyalToad
8 Betser58
9 Tmobile_C2BA
10 Direct-QU-vizioTV
11 chingon plus, ghost
===================================
涉美国、德国、荷兰、法国等,一批境外恶意网址和IP曝光 2025-06-05 16:23:54 来源:观察者网
据微信公众号“国家网络安全通报中心”5日消息,中国国家网络与信息安全信息通报中心通过支撑单位发现一批境外恶意网址和恶意IP,境外黑客组织利用这些网址和IP持续对中国和其他国家发起网络攻击。这些恶意网址和IP都与特定木马程序或木马程序控制端密切关联,网络攻击类型包括建立僵尸网络、后门利用等,对中国国内联网单位和互联网用户构成重大威胁。相关恶意网址和恶意IP归属地主要涉及:美国、德国、荷兰、法国、瑞士、哥伦比亚、新加坡、越南。主要情况如下:
一、恶意地址信息
(一)恶意地址:enermax-com.cc
关联IP地址:198.135.49.79
归属地:美国/德克萨斯州/达拉斯
威胁类型:后门
病毒家族:RemCos
描述:RemCos是一款远程管理工具,可用于创建带有恶意宏的Microsoft Word文档,最新版本的RemCos能够执行键盘记录、截取屏幕截图和窃取密码等多种恶意活动,攻击者可以利用受感染系统的后门访问权限收集敏感信息并远程控制系统。
(二)恶意地址:vpn.komaru.today
关联IP地址:178.162.217.107
归属地:德国/黑森州/美因河畔法兰克福
威胁类型:僵尸网络
病毒家族:MooBot
描述:这是一种Mirai僵尸网络的变种,常借助各种IoT设备漏洞例如CVE-2015-2051、CVE-2018-6530、CVE-2022-26258、CVE-2022-28958等进行入侵,攻击者在成功入侵设备后将下载执行MooBot的二进制文件,进而组建僵尸网络,并发起DDoS(分布式拒绝服务)攻击。
(三)恶意地址:ccn.fdstat.vip
关联IP地址:176.65.148.180
归属地:德国
威胁类型:僵尸网络
病毒家族:Mirai
描述:这是一种Linux僵尸网络病毒,通过网络下载、漏洞利用、Telnet和SSH暴力破解等方式进行扩散,入侵成功后可对目标网络系统发起分布式拒绝服务(DDoS)攻击。
(四)恶意地址:crazydns.bumbleshrimp.com
关联IP地址:196.251.115.253
归属地:荷兰/北荷兰省/阿姆斯特丹
威胁类型:后门
病毒家族:NjRAT
描述:这是一种由C#编写的远程访问木马,具备屏幕监控、键盘记录、密码窃取、文件管理(上传、下载、删除、重命名文件)、进程管理(启动或终止进程)、远程激活摄像头、交互式 Shell(远程命令执行)、访问特定 URL 及其它多种恶意控制功能,通常通过移动存储介质感染、网络钓鱼邮件或恶意链接进行传播,用于非法监控、数据窃取和远程控制受害者计算机。
(五)恶意地址:nanotism.nolanwh.cf
关联IP地址:2.4.130.229
归属地:法国/新阿基坦大区/蒙莫里永
威胁类型:后门
病毒家族:Nanocore
描述:这是一种远程访问木马,主要用于间谍活动和系统远程控制。攻击者获得感染病毒的主机访问权限,能够录制音频和视频、键盘记录、收集凭据和个人信息、操作文件和注册表、下载和执行其它恶意软件负载等。Nanocore还支持插件,通过带恶意附件的垃圾邮件分发能够扩展实现各种恶意功能,比如挖掘加密货币,勒索软件攻击等。
(六)恶意地址:gotoaa.sytes.net
关联IP地址:46.19.141.202
归属地:瑞士/苏黎世州/苏黎世
威胁类型:后门
病毒家族:AsyncRAT
描述:这是一种采用C#语言编写的后门,主要包括屏幕监控、键盘记录、密码获取、文件窃取、进程管理、开关摄像头、交互式SHELL,以及访问特定URL等功能。传播主要通过移动介质、网络钓鱼等方式,现已发现多个关联变种,部分变种主要针对民生领域的联网系统。
(七)恶意地址:rcdoncu1905.duckdns.org
关联IP地址:181.131.216.154
归属地:哥伦比亚/塞萨尔/巴耶杜帕尔
威胁类型:后门
病毒家族:RemCos
描述:RemCos是一款远程管理工具,可用于创建带有恶意宏的Microsoft Word文档,最新版本的RemCos能够执行多种恶意活动,包括键盘记录、截取屏幕截图和窃取密码。攻击者可以利用受感染系统的后门访问权限收集敏感信息并远程控制系统。
(八)恶意地址:1000gbps.duckdns.org
关联IP地址:192.250.228.95
归属地:新加坡/新加坡/新加坡
威胁类型:僵尸网络
病毒家族:Mirai
描述:这是一种Linux僵尸网络病毒,通过网络下载、漏洞利用、Telnet和SSH暴力破解等方式进行扩散,入侵成功后可对目标网络系统发起分布式拒绝服务(DDoS)攻击。
(九)恶意地址:nnbotnet.duckdns.org
关联IP地址:161.248.238.54
归属地:越南
威胁类型:僵尸网络
病毒家族:MooBot
描述:这是一种Mirai僵尸网络的变种,常借助各种IoT设备漏洞例如CVE-2015-2051、CVE-2018-6530、CVE-2022-26258、CVE-2022-28958等进行入侵,攻击者在成功入侵设备后将下载执行MooBot的二进制文件,进而组建僵尸网络,并发起DDoS(分布式拒绝服务)攻击。
(十)恶意地址:traxanhc2.duckdns.org
关联IP地址:160.187.246.174
归属地:越南/清化省
威胁类型:僵尸网络
病毒家族:Mirai
描述:这是一种Linux僵尸网络病毒,通过网络下载、漏洞利用、Telnet和SSH暴力破解等方式进行扩散,入侵成功后可对目标网络系统发起分布式拒绝服务(DDoS)攻击。
二、排查方法
(一)详细查看分析浏览器记录以及网络设备中近期流量和DNS请求记录,查看是否有以上恶意地址连接记录,如有条件可提取源IP、设备信息、连接时间等信息进行深入分析。
(二)在本单位应用系统中部署网络流量检测设备进行流量数据分析,追踪与上述网址和IP发起通信的设备网上活动痕迹。
(三)如果能够成功定位到遭受攻击的联网设备,可主动对这些设备进行勘验取证,进而组织技术分析。
三、处置建议
(一)对所有通过社交平台或电子邮件渠道接收的文件和链接保持高度警惕,重点关注其中来源未知或不可信的情况,不要轻易信任或打开相关文件。
(二)及时在威胁情报产品或网络出口防护设备中更新规则,坚决拦截以上恶意网址和恶意IP的访问。
(三)向公安机关及时报告,配合开展现场调查和技术溯源。
责任编辑: 方周
--6/7/2025 i also added the 10 恶意地址 into router admin block sites on 6/5/2025, not sure whether it can block or not. but it seems less SYN Flood attacked our 2 notebooks. i did this because dont want whenever visited china websites thru my notebook attacking china websites. Hoping to see more china reporting so can help each other. i have no expect from usa at all, and suspect those criminals became masters black hands do the nasty jobs to usa indoors enenmy-so-called who against masters wars.
自訂分類:中国
上一則: 悬赏通缉!20名台湾民进党当局“资通电军”首要嫌犯曝光--台湾败类与美情治部门合作破坏两岸和平统一 vs 20名犯罪嫌疑人@1万元人民币的金额予以奖励提供有效线索的举报人下一則: be carefull window11 users that your HD data files would expose in browser; 马斯克怎么突然说特朗普出现在“萝莉岛”名单上?--支持马建立第三方政党 更新6/6/2025
你可能會有興趣的文章:
- 快讯!外媒:以色列军队对加沙北部部分地区发出疏散警告;特朗普:腐败案审理妨碍 the butcher 干大事 -- 最凶残的大屠杀
- Iraq case 重现 ! the end of date airplane -拉姆斯菲尔德(德裔) 死因是多发性骨髓瘤; 以色列多方施压 再一次得逞!
- 悬赏通缉!20名台湾民进党当局“资通电军”首要嫌犯曝光--台湾败类与美情治部门合作破坏两岸和平统一 vs 20名犯罪嫌疑人@1万元人民币的金额予以奖励提供有效线索的举报人
- what is Lumma Stealer? can MS detect itself bugs ans Man-in-the-Middle Attack(MITM攻击)?
- 梧州双钱牌 龟苓膏 清热解毒,拔毒生肌,滋阴补肾,养颜提神 保健养颜--hoping solve my 3木3火 体内火毒太重 牙龈嗓子疼痛*更新5/17/2025
- solved cell phone(iOS over 15 version) weird random MAC address puzzle; Dual band router (2.4G/5G), MS Network WiFi xxx properties and router admin MAC address
限會員,要發表迴響,請先登入
