134.209.216.249

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbotsspam	Automatic report - XMLRPC Attack	2019-12-18 15:48:37
attackbots	miraniessen.de 134.209.216.249 \[12/Nov/2019:08:02:34 +0100\] "POST /wp-login.php HTTP/1.1" 200 5974 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" miraniessen.de 134.209.216.249 \[12/Nov/2019:08:02:37 +0100\] "POST /wp-login.php HTTP/1.1" 200 5975 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-11-12 22:28:04
attackbotsspam	Automatic report - XMLRPC Attack	2019-10-14 01:13:33
attackspambots	134.209.216.249 - - [07/Sep/2019:12:42:49 +0200] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.209.216.249 - - [07/Sep/2019:12:42:53 +0200] "POST /wp-login.php HTTP/1.1" 200 1704 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.209.216.249 - - [07/Sep/2019:12:43:25 +0200] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.209.216.249 - - [07/Sep/2019:12:43:33 +0200] "POST /wp-login.php HTTP/1.1" 200 1688 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.209.216.249 - - [07/Sep/2019:12:43:36 +0200] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.209.216.249 - - [07/Sep/2019:12:43:40 +0200] "POST /wp-login.php HTTP/1.1" 200 1684 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" .	2019-09-08 02:28:43
attack	134.209.216.249 - - [04/Sep/2019:15:08:41 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.209.216.249 - - [04/Sep/2019:15:08:47 +0200] "POST /wp-login.php HTTP/1.1" 200 1503 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.209.216.249 - - [04/Sep/2019:15:08:53 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.209.216.249 - - [04/Sep/2019:15:08:56 +0200] "POST /wp-login.php HTTP/1.1" 200 1489 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.209.216.249 - - [04/Sep/2019:15:09:09 +0200] "POST /wp-login.php HTTP/1.1" 200 1239 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 134.209.216.249 - - [04/Sep/2019:15:09:15 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" .	2019-09-05 01:18:32
attack	[31/Aug/2019:13:41:43 +0200] Web-Request: "GET /wp-login.php", User-Agent: "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-08-31 20:42:01

相同子网IP讨论:

IP	类型	评论内容	时间
134.209.216.67	attackbotsspam	php admin	2019-08-06 10:14:01

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 134.209.216.249
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33789
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;134.209.216.249.		IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019083100 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Aug 31 20:41:53 CST 2019
;; MSG SIZE  rcvd: 119

HOST信息:

Host 249.216.209.134.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 249.216.209.134.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
181.49.254.230	attackspam	Unauthorized connection attempt detected from IP address 181.49.254.230 to port 2220 [J]	2020-02-01 13:32:45
13.56.150.241	attackbots	Unauthorized connection attempt detected, IP banned.	2020-02-01 13:32:29
106.13.185.2	attackspambots	Jan 31 19:59:00 web1 sshd\[4644\]: Invalid user hadoop from 106.13.185.2 Jan 31 19:59:00 web1 sshd\[4644\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.185.2 Jan 31 19:59:02 web1 sshd\[4644\]: Failed password for invalid user hadoop from 106.13.185.2 port 33272 ssh2 Jan 31 20:03:07 web1 sshd\[4748\]: Invalid user user from 106.13.185.2 Jan 31 20:03:07 web1 sshd\[4748\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.185.2	2020-02-01 14:05:48
208.48.167.211	attack	Jan 31 18:55:38 auw2 sshd\[23371\]: Invalid user user from 208.48.167.211 Jan 31 18:55:38 auw2 sshd\[23371\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.48.167.211 Jan 31 18:55:39 auw2 sshd\[23371\]: Failed password for invalid user user from 208.48.167.211 port 52188 ssh2 Jan 31 18:58:22 auw2 sshd\[23631\]: Invalid user musicbot from 208.48.167.211 Jan 31 18:58:22 auw2 sshd\[23631\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=208.48.167.211	2020-02-01 13:21:13
222.186.180.130	attack	Feb 1 05:47:40 localhost sshd\[120845\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.180.130 user=root Feb 1 05:47:42 localhost sshd\[120845\]: Failed password for root from 222.186.180.130 port 63620 ssh2 Feb 1 05:47:45 localhost sshd\[120845\]: Failed password for root from 222.186.180.130 port 63620 ssh2 Feb 1 05:47:46 localhost sshd\[120845\]: Failed password for root from 222.186.180.130 port 63620 ssh2 Feb 1 05:51:03 localhost sshd\[120864\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.180.130 user=root ...	2020-02-01 13:56:18
114.234.157.245	attack	GPON Home Routers Remote Code Execution Vulnerability CVE 2018-10562, PTR: 245.157.234.114.broad.xz.js.dynamic.163data.com.cn.	2020-02-01 13:25:37
185.151.242.89	attackbots	firewall-block, port(s): 3396/tcp, 63389/tcp	2020-02-01 13:40:03
190.152.154.5	attackbotsspam	Unauthorized connection attempt detected from IP address 190.152.154.5 to port 2220 [J]	2020-02-01 13:22:47
222.186.3.249	attack	Feb 1 04:53:32 hcbbdb sshd\[32247\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.3.249 user=root Feb 1 04:53:34 hcbbdb sshd\[32247\]: Failed password for root from 222.186.3.249 port 54614 ssh2 Feb 1 04:54:26 hcbbdb sshd\[32339\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.3.249 user=root Feb 1 04:54:28 hcbbdb sshd\[32339\]: Failed password for root from 222.186.3.249 port 13853 ssh2 Feb 1 04:58:22 hcbbdb sshd\[381\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.3.249 user=root	2020-02-01 13:20:37
13.48.123.50	attackbotsspam	Unauthorized connection attempt detected, IP banned.	2020-02-01 13:42:31
159.89.169.137	attackbots	Jan 31 19:11:11 hpm sshd\[8766\]: Invalid user nagios from 159.89.169.137 Jan 31 19:11:11 hpm sshd\[8766\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.169.137 Jan 31 19:11:13 hpm sshd\[8766\]: Failed password for invalid user nagios from 159.89.169.137 port 47988 ssh2 Jan 31 19:14:29 hpm sshd\[9676\]: Invalid user tom from 159.89.169.137 Jan 31 19:14:29 hpm sshd\[9676\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.169.137	2020-02-01 13:31:04
139.224.148.206	attack	Feb 1 05:58:27 debian-2gb-nbg1-2 kernel: \[2792365.580701\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=139.224.148.206 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=42848 PROTO=TCP SPT=47761 DPT=22212 WINDOW=1024 RES=0x00 SYN URGP=0	2020-02-01 13:19:33
112.30.117.22	attack	Feb 1 06:24:30 legacy sshd[2729]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.30.117.22 Feb 1 06:24:33 legacy sshd[2729]: Failed password for invalid user 123qwe from 112.30.117.22 port 33081 ssh2 Feb 1 06:28:10 legacy sshd[3035]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.30.117.22 ...	2020-02-01 13:58:36
190.85.171.126	attack	Port 22 Scan, PTR: None	2020-02-01 13:41:34
218.92.0.168	attackbots	SSH Brute Force, server-1 sshd[1071]: Failed password for root from 218.92.0.168 port 63335 ssh2	2020-02-01 13:53:16

最近上报的IP列表

185.209.0.84	24.194.240.16	34.192.102.35	177.37.81.207
72.17.186.19	68.134.193.23	160.174.37.46	255.254.208.121
142.241.139.179	223.25.99.34	92.222.136.169	171.229.235.204
138.68.220.166	218.57.230.82	110.93.207.211	103.243.135.249
94.216.32.10	186.153.138.2	201.48.147.177	188.50.58.125