107.189.2.139 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): Frantech Solutions

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	WordPress wp-login brute force :: 107.189.2.139 0.116 BYPASS [07/Oct/2019:22:40:19 1100] [censored_1] "POST /wp-login.php HTTP/1.1" 200 3972 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-10-08 01:28:10

类型

评论内容

时间

attack

WordPress wp-login brute force :: 107.189.2.139 0.116 BYPASS [07/Oct/2019:22:40:19  1100] [censored_1] "POST /wp-login.php HTTP/1.1" 200 3972 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

2019-10-08 01:28:10

相同子网IP讨论:

IP	类型	评论内容	时间
107.189.2.136	attackspam	107.189.2.136 - - [17/Sep/2020:06:32:20 +0200] "POST /wp-login.php HTTP/1.0" 200 4793 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-17 13:47:21
107.189.2.136	attack	SSH 2020-09-17 00:28:12 107.189.2.136 139.99.64.133 > POST tokorohani.com /wp-login.php HTTP/1.1 - - 2020-09-17 02:43:27 107.189.2.136 139.99.64.133 > GET meganisfa.com /wp-login.php HTTP/1.1 - - 2020-09-17 02:43:28 107.189.2.136 139.99.64.133 > POST meganisfa.com /wp-login.php HTTP/1.1 - -	2020-09-17 04:53:31
107.189.2.3	attackbotsspam	WordPress brute force	2020-06-07 05:56:02
107.189.2.3	attackspambots	107.189.2.3 - - [05/Jun/2020:05:54:44 +0200] "GET /wp-login.php HTTP/1.1" 200 6702 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 107.189.2.3 - - [05/Jun/2020:05:54:46 +0200] "POST /wp-login.php HTTP/1.1" 200 6953 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 107.189.2.3 - - [05/Jun/2020:05:54:47 +0200] "GET /wp-login.php HTTP/1.1" 200 6702 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-06-05 15:27:58
107.189.2.5	attackbotsspam	REQUESTED PAGE: /wp-login.php	2020-01-13 16:16:01
107.189.2.5	attack	Automatic report - XMLRPC Attack	2019-11-10 00:42:24
107.189.2.90	attackbots	Automatic report - Banned IP Access	2019-10-26 23:24:02
107.189.2.90	attack	www.handydirektreparatur.de 107.189.2.90 \[10/Oct/2019:13:58:40 +0200\] "POST /wp-login.php HTTP/1.1" 200 5665 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" www.handydirektreparatur.de 107.189.2.90 \[10/Oct/2019:13:58:40 +0200\] "POST /xmlrpc.php HTTP/1.1" 200 4114 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-10-10 21:17:21
107.189.2.3	attackbots	Automatic report generated by Wazuh	2019-10-05 23:15:48
107.189.2.90	attackspam	masters-of-media.de 107.189.2.90 \[30/Sep/2019:22:56:33 +0200\] "POST /wp-login.php HTTP/1.1" 200 5856 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" masters-of-media.de 107.189.2.90 \[30/Sep/2019:22:56:33 +0200\] "POST /wp-login.php HTTP/1.1" 200 5811 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-10-01 07:32:36
107.189.2.90	attackspam	B: zzZZzz blocked content access	2019-09-29 14:29:43
107.189.2.3	attackbots	php WP PHPmyadamin ABUSE blocked for 12h	2019-09-28 18:54:57
107.189.2.90	attack	marleenrecords.breidenba.ch 107.189.2.90 \[07/Sep/2019:02:41:02 +0200\] "POST /wp-login.php HTTP/1.1" 200 5808 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" marleenrecords.breidenba.ch 107.189.2.90 \[07/Sep/2019:02:41:02 +0200\] "POST /wp-login.php HTTP/1.1" 200 5807 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-09-07 12:32:04
107.189.2.5	attackbotsspam	Automatic report - Banned IP Access	2019-08-14 20:38:04
107.189.2.5	attack	WordPress wp-login brute force :: 107.189.2.5 0.100 BYPASS [14/Jul/2019:01:17:09 1000] [censored_1] "POST /wp-login.php HTTP/1.1" 200 3972 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-07-13 23:21:17

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 107.189.2.139
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22871
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;107.189.2.139.			IN	A

;; AUTHORITY SECTION:
.			221	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019100702 1800 900 604800 86400

;; Query time: 116 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Oct 08 01:28:07 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

139.2.189.107.in-addr.arpa domain name pointer za.weborigin.xyz.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
139.2.189.107.in-addr.arpa	name = za.weborigin.xyz.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
61.175.121.76	attackspam	Invalid user sysgames from 61.175.121.76 port 36058	2020-05-30 13:16:37
128.14.3.84	attackspam	May 30 07:36:57 journals sshd\[77269\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.14.3.84 user=root May 30 07:36:59 journals sshd\[77269\]: Failed password for root from 128.14.3.84 port 48178 ssh2 May 30 07:44:15 journals sshd\[78097\]: Invalid user ming from 128.14.3.84 May 30 07:44:15 journals sshd\[78097\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.14.3.84 May 30 07:44:17 journals sshd\[78097\]: Failed password for invalid user ming from 128.14.3.84 port 50426 ssh2 ...	2020-05-30 13:05:37
116.52.164.10	attack	Invalid user ts3 from 116.52.164.10 port 27672	2020-05-30 13:47:27
61.12.94.46	attackspam	20/5/29@23:53:21: FAIL: Alarm-Network address from=61.12.94.46 20/5/29@23:53:21: FAIL: Alarm-Network address from=61.12.94.46 ...	2020-05-30 13:18:45
42.189.124.131	attack	Automatic report - XMLRPC Attack	2020-05-30 13:16:17
37.49.230.131	attackbots	May 30 07:01:29 mail postfix/smtpd\[11752\]: warning: unknown\[37.49.230.131\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ May 30 07:01:35 mail postfix/smtpd\[11752\]: warning: unknown\[37.49.230.131\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ May 30 07:01:45 mail postfix/smtpd\[11333\]: warning: unknown\[37.49.230.131\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ May 30 07:01:55 mail postfix/smtpd\[11752\]: warning: unknown\[37.49.230.131\]: SASL LOGIN authentication failed: Connection lost to authentication server\	2020-05-30 13:07:39
77.247.108.119	attack	Unauthorized connection attempt detected from IP address 77.247.108.119 to port 443	2020-05-30 13:45:36
103.45.183.143	attack	2020-05-30T05:52:42.039116vps751288.ovh.net sshd\[15649\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.45.183.143 user=root 2020-05-30T05:52:43.701827vps751288.ovh.net sshd\[15649\]: Failed password for root from 103.45.183.143 port 57488 ssh2 2020-05-30T05:52:46.742219vps751288.ovh.net sshd\[15651\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.45.183.143 user=root 2020-05-30T05:52:48.620682vps751288.ovh.net sshd\[15651\]: Failed password for root from 103.45.183.143 port 59816 ssh2 2020-05-30T05:52:50.234157vps751288.ovh.net sshd\[15653\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.45.183.143 user=root	2020-05-30 13:45:00
2001:b011:4003:445c:304c:7558:37bf:c86b	attack	2020-05-30T12:52:51.815670hermes postfix/smtpd[650822]: NOQUEUE: reject: RCPT from 2001-b011-4003-445c-304c-7558-37bf-c86b.dynamic-ip6.hinet.net[2001:b011:4003:445c:304c:7558:37bf:c86b]: 554 5.7.1 Service unavailable; Client host [2001:b011:4003:445c:304c:7558:37bf:c86b] blocked using zen.spamhaus.org; https://www.spamhaus.org/sbl/query/SBLCSS; from= to= proto=ESMTP helo= ...	2020-05-30 13:44:00
87.251.74.222	attackbots	05/30/2020-01:45:53.380853 87.251.74.222 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-05-30 13:46:47
222.186.30.218	attackspam	May 30 07:20:13 ucs sshd\[18942\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.30.218 user=root May 30 07:20:15 ucs sshd\[18936\]: error: PAM: User not known to the underlying authentication module for root from 222.186.30.218 May 30 07:20:16 ucs sshd\[18945\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.30.218 user=root ...	2020-05-30 13:21:20
148.70.223.218	attack	ssh brute force	2020-05-30 13:47:52
119.115.128.2	attackbotsspam	Invalid user vmuser from 119.115.128.2 port 54770	2020-05-30 13:09:28
185.177.57.12	attack	port scan and connect, tcp 23 (telnet)	2020-05-30 13:26:56
51.79.53.106	attack	May 30 05:49:06 jane sshd[30556]: Failed password for root from 51.79.53.106 port 34696 ssh2 ...	2020-05-30 13:24:52

最近上报的IP列表

198.144.78.211	108.187.16.182	243.54.184.85	122.224.220.140
142.206.219.185	228.53.90.99	182.89.52.192	48.10.132.127
133.0.90.15	91.39.1.112	144.217.166.92	96.77.137.229
220.120.249.76	94.156.166.6	193.31.210.42	45.194.79.232
114.67.225.36	158.121.71.153	109.105.141.4	187.173.228.231