134.73.129.57 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): EliDC

主机名(hostname): unknown

机构(organization): Global Frag Networks

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Brute force SMTP login attempted. ...	2019-08-10 04:35:04
attackbotsspam	2019-07-28T23:16:20.461568centos sshd\[29364\]: Invalid user amber from 134.73.129.57 port 42828 2019-07-28T23:16:20.466244centos sshd\[29364\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.73.129.57 2019-07-28T23:16:22.090199centos sshd\[29364\]: Failed password for invalid user amber from 134.73.129.57 port 42828 ssh2	2019-07-29 14:17:35
attackbots	Automatic report - SSH Brute-Force Attack	2019-07-17 02:19:30

类型

评论内容

时间

attack

Brute force SMTP login attempted.
...

2019-08-10 04:35:04

attackbotsspam

2019-07-28T23:16:20.461568centos sshd\[29364\]: Invalid user amber from 134.73.129.57 port 42828
2019-07-28T23:16:20.466244centos sshd\[29364\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.73.129.57
2019-07-28T23:16:22.090199centos sshd\[29364\]: Failed password for invalid user amber from 134.73.129.57 port 42828 ssh2

2019-07-29 14:17:35

attackbots

Automatic report - SSH Brute-Force Attack

2019-07-17 02:19:30

相同子网IP讨论:

IP	类型	评论内容	时间
134.73.129.2	attackbotsspam	Aug 16 00:26:46 MK-Soft-VM7 sshd\[5700\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.73.129.2 user=root Aug 16 00:26:48 MK-Soft-VM7 sshd\[5700\]: Failed password for root from 134.73.129.2 port 45102 ssh2 Aug 16 00:31:16 MK-Soft-VM7 sshd\[5746\]: Invalid user client from 134.73.129.2 port 43024 ...	2019-08-16 09:43:59
134.73.129.2	attack	Aug 13 12:47:30 plex sshd[2174]: Invalid user mc from 134.73.129.2 port 58614	2019-08-13 19:11:20
134.73.129.111	attackbotsspam	Brute force SMTP login attempted. ...	2019-08-10 05:00:58
134.73.129.125	attackspambots	Brute force SMTP login attempted. ...	2019-08-10 05:00:23
134.73.129.127	attackbots	Brute force SMTP login attempted. ...	2019-08-10 05:00:06
134.73.129.130	attackbots	Brute force SMTP login attempted. ...	2019-08-10 04:59:48
134.73.129.134	attackbotsspam	Brute force SMTP login attempted. ...	2019-08-10 04:58:31
134.73.129.143	attack	Brute force SMTP login attempted. ...	2019-08-10 04:56:39
134.73.129.154	attack	Brute force SMTP login attempted. ...	2019-08-10 04:56:15
134.73.129.156	attackbots	Brute force SMTP login attempted. ...	2019-08-10 04:55:12
134.73.129.161	attackspam	Brute force SMTP login attempted. ...	2019-08-10 04:54:40
134.73.129.162	attack	Brute force SMTP login attempted. ...	2019-08-10 04:54:03
134.73.129.170	attackbotsspam	Brute force SMTP login attempted. ...	2019-08-10 04:53:15
134.73.129.173	attackbotsspam	Brute force SMTP login attempted. ...	2019-08-10 04:52:24
134.73.129.190	attack	Brute force SMTP login attempted. ...	2019-08-10 04:51:23

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 134.73.129.57
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25410
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;134.73.129.57.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019071601 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Jul 17 02:19:25 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

Host 57.129.73.134.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 57.129.73.134.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
130.162.64.72	attackbotsspam	k+ssh-bruteforce	2020-09-10 02:22:13
72.135.63.72	attack	Sep 7 18:37:03 srv05 sshd[25808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cpe-72-135-63-72.wi.res.rr.com user=r.r Sep 7 18:37:06 srv05 sshd[25808]: Failed password for r.r from 72.135.63.72 port 34478 ssh2 Sep 7 18:37:06 srv05 sshd[25808]: Received disconnect from 72.135.63.72: 11: Bye Bye [preauth] Sep 7 18:44:32 srv05 sshd[26256]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cpe-72-135-63-72.wi.res.rr.com user=r.r Sep 7 18:44:34 srv05 sshd[26256]: Failed password for r.r from 72.135.63.72 port 42870 ssh2 Sep 7 18:44:35 srv05 sshd[26256]: Received disconnect from 72.135.63.72: 11: Bye Bye [preauth] Sep 7 18:47:17 srv05 sshd[26369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cpe-72-135-63-72.wi.res.rr.com user=r.r Sep 7 18:47:18 srv05 sshd[26369]: Failed password for r.r from 72.135.63.72 port 57400 ssh2 Sep 7 18:47:18 srv05........ -------------------------------	2020-09-10 02:03:51
222.186.31.83	attackspambots	Time: Wed Sep 9 18:17:10 2020 +0000 IP: 222.186.31.83 (-) Failures: 5 (sshd) Interval: 3600 seconds Blocked: Permanent Block [LF_SSHD] Log entries: Sep 9 18:17:00 ca-18-ede1 sshd[17077]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.31.83 user=root Sep 9 18:17:03 ca-18-ede1 sshd[17077]: Failed password for root from 222.186.31.83 port 11735 ssh2 Sep 9 18:17:05 ca-18-ede1 sshd[17077]: Failed password for root from 222.186.31.83 port 11735 ssh2 Sep 9 18:17:07 ca-18-ede1 sshd[17077]: Failed password for root from 222.186.31.83 port 11735 ssh2 Sep 9 18:17:09 ca-18-ede1 sshd[17092]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.31.83 user=root	2020-09-10 02:26:30
139.59.83.179	attackbotsspam	Fail2Ban Ban Triggered	2020-09-10 02:13:20
185.220.102.253	attackbots	Fail2Ban Ban Triggered (2)	2020-09-10 02:03:04
188.152.100.60	attack	188.152.100.60 (IT/Italy/-), 6 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Sep 9 12:32:28 server2 sshd[6986]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.227.196 user=root Sep 9 12:32:30 server2 sshd[6986]: Failed password for root from 68.183.227.196 port 39044 ssh2 Sep 9 12:34:31 server2 sshd[7985]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.27.90 user=root Sep 9 12:32:23 server2 sshd[6933]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.254.135.76 user=root Sep 9 12:32:24 server2 sshd[6933]: Failed password for root from 195.254.135.76 port 37273 ssh2 Sep 9 12:33:50 server2 sshd[7581]: Failed password for root from 188.152.100.60 port 45106 ssh2 IP Addresses Blocked: 68.183.227.196 (SG/Singapore/-) 49.234.27.90 (CN/China/-) 195.254.135.76 (RO/Romania/-)	2020-09-10 01:49:16
175.24.61.126	attackbots	...	2020-09-10 02:27:02
103.19.58.23	attackspambots	SSH invalid-user multiple login try	2020-09-10 02:05:27
2.57.122.170	attackbotsspam	HTTP/80/443/8080 Probe, BF, WP, Hack -	2020-09-10 01:57:05
222.186.169.192	attackspam	Sep 9 20:20:18 vps647732 sshd[24489]: Failed password for root from 222.186.169.192 port 3526 ssh2 Sep 9 20:20:22 vps647732 sshd[24489]: Failed password for root from 222.186.169.192 port 3526 ssh2 ...	2020-09-10 02:23:59
58.211.245.181	attackbots	Sep 9 04:49:06 master sshd[30841]: Failed password for root from 58.211.245.181 port 33605 ssh2	2020-09-10 02:10:09
122.155.17.174	attackspam	Sep 9 20:11:28 santamaria sshd\[19375\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.155.17.174 user=root Sep 9 20:11:30 santamaria sshd\[19375\]: Failed password for root from 122.155.17.174 port 25637 ssh2 Sep 9 20:18:22 santamaria sshd\[19526\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.155.17.174 user=root ...	2020-09-10 02:19:39
186.146.1.186	attackspambots	k+ssh-bruteforce	2020-09-10 02:00:13
194.180.224.117	attack	TCP (SYN) 194.180.224.117:30283 -> port 23, len 44	2020-09-10 02:09:17
5.182.39.64	attackspam	Cowrie Honeypot: Unauthorised SSH/Telnet login attempt with user "root" at 2020-09-09T17:52:23Z	2020-09-10 02:06:50

最近上报的IP列表

86.85.140.186	36.90.181.44	49.88.112.61	168.57.86.228
42.236.246.147	185.125.250.208	123.94.173.119	49.83.170.81
167.161.131.88	168.65.52.93	202.44.209.5	2001:16b8:18f1:7d00:c54c:6f93:699c:abd8
180.75.8.214	45.171.110.177	36.167.41.8	122.6.73.39
185.254.122.102	17.21.227.5	185.254.122.101	174.164.159.254