142.93.211.52 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): India

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbotsspam	18355/tcp 17655/tcp 23164/tcp... [2020-06-29/08-30]30pkt,11pt.(tcp)	2020-08-31 04:47:16
attackbotsspam	TCP (SYN) 142.93.211.52:55428 -> port 17655, len 44	2020-07-09 19:46:23
attackbots	TCP (SYN) 142.93.211.52:40846 -> port 10, len 44	2020-07-07 23:42:41
attackspambots	Jun 16 05:54:36 debian-2gb-nbg1-2 kernel: \[14538380.792052\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=142.93.211.52 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=56604 PROTO=TCP SPT=52723 DPT=4151 WINDOW=1024 RES=0x00 SYN URGP=0	2020-06-16 12:51:47
attackbotsspam	trying to access non-authorized port	2020-06-12 04:00:52
attack	scans 2 times in preceeding hours on the ports (in chronological order) 21305 21305	2020-06-10 21:42:06
attackspam	Jun 1 16:18:42 home sshd[20537]: Failed password for root from 142.93.211.52 port 59430 ssh2 Jun 1 16:23:05 home sshd[20983]: Failed password for root from 142.93.211.52 port 36398 ssh2 ...	2020-06-01 23:12:03
attack	TCP (SYN) 142.93.211.52:58017 -> port 8175, len 44	2020-05-28 14:43:26
attackbotsspam	Invalid user kte from 142.93.211.52 port 38458	2020-05-24 07:10:11
attack	TCP (SYN) 142.93.211.52:57215 -> port 27278, len 44	2020-05-16 01:36:57
attackbotsspam	(sshd) Failed SSH login from 142.93.211.52 (IN/India/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: May 8 19:27:53 amsweb01 sshd[15559]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.52 user=root May 8 19:27:56 amsweb01 sshd[15559]: Failed password for root from 142.93.211.52 port 58452 ssh2 May 8 19:34:04 amsweb01 sshd[16191]: Invalid user test from 142.93.211.52 port 54878 May 8 19:34:06 amsweb01 sshd[16191]: Failed password for invalid user test from 142.93.211.52 port 54878 ssh2 May 8 19:38:45 amsweb01 sshd[16590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.52 user=root	2020-05-09 03:26:00
attackspambots	Port scan(s) denied	2020-05-06 15:20:05
attackspam	Apr 13 14:36:43 debian-2gb-nbg1-2 kernel: \[9040397.859994\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=142.93.211.52 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=9007 PROTO=TCP SPT=50147 DPT=13294 WINDOW=1024 RES=0x00 SYN URGP=0	2020-04-13 22:02:17
attackbotsspam	Apr 6 20:27:39 dev0-dcde-rnet sshd[21615]: Failed password for root from 142.93.211.52 port 58686 ssh2 Apr 6 20:28:43 dev0-dcde-rnet sshd[21617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.52 Apr 6 20:28:46 dev0-dcde-rnet sshd[21617]: Failed password for invalid user wp from 142.93.211.52 port 44374 ssh2	2020-04-07 02:46:23
attack	$f2bV_matches	2020-03-21 15:21:26
attackspam	Mar 18 09:42:53 plusreed sshd[21598]: Invalid user testftp from 142.93.211.52 ...	2020-03-18 22:09:49
attack	Invalid user angel from 142.93.211.52 port 60046	2020-03-14 02:29:31
attackbots	Mar 12 09:44:24 work-partkepr sshd\[9549\]: Invalid user factorio from 142.93.211.52 port 50022 Mar 12 09:44:24 work-partkepr sshd\[9549\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.52 ...	2020-03-12 20:21:03
attackspambots	Mar 10 20:32:37 cp sshd[2891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.52	2020-03-11 07:13:49
attack	Mar 1 19:36:49 MK-Soft-VM7 sshd[9797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.52 Mar 1 19:36:51 MK-Soft-VM7 sshd[9797]: Failed password for invalid user teamspeakbot from 142.93.211.52 port 40888 ssh2 ...	2020-03-02 04:17:17
attackbotsspam	Feb 28 11:51:56 web1 sshd\[14010\]: Invalid user newuser from 142.93.211.52 Feb 28 11:51:56 web1 sshd\[14010\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.52 Feb 28 11:51:58 web1 sshd\[14010\]: Failed password for invalid user newuser from 142.93.211.52 port 48318 ssh2 Feb 28 11:59:42 web1 sshd\[14743\]: Invalid user nagios from 142.93.211.52 Feb 28 11:59:42 web1 sshd\[14743\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.52	2020-02-29 06:12:42
attackbots	Feb 7 23:15:39 silence02 sshd[12820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.52 Feb 7 23:15:40 silence02 sshd[12820]: Failed password for invalid user gcx from 142.93.211.52 port 42340 ssh2 Feb 7 23:19:07 silence02 sshd[13140]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.52	2020-02-08 06:39:31
attackspam	Feb 2 00:35:42 MK-Soft-Root2 sshd[15856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.52 Feb 2 00:35:43 MK-Soft-Root2 sshd[15856]: Failed password for invalid user test from 142.93.211.52 port 45620 ssh2 ...	2020-02-02 07:41:12
attackspambots	Feb 1 20:04:07 lnxmysql61 sshd[24204]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.52	2020-02-02 03:50:46
attack	Jan 26 07:52:14 MK-Soft-Root2 sshd[30865]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.52 Jan 26 07:52:17 MK-Soft-Root2 sshd[30865]: Failed password for invalid user system from 142.93.211.52 port 52342 ssh2 ...	2020-01-26 14:59:46
attackbotsspam	Unauthorized connection attempt detected from IP address 142.93.211.52 to port 2220 [J]	2020-01-23 11:39:50
attackspam	Unauthorized connection attempt detected from IP address 142.93.211.52 to port 2220 [J]	2020-01-22 23:24:29
attackbotsspam	Jan 20 15:09:51 vpn01 sshd[24668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.52 Jan 20 15:09:52 vpn01 sshd[24668]: Failed password for invalid user admin from 142.93.211.52 port 52022 ssh2 ...	2020-01-20 22:33:04
attackbots	Invalid user karina from 142.93.211.52 port 55084	2020-01-18 23:34:10
attackspambots	Unauthorized connection attempt detected from IP address 142.93.211.52 to port 2220 [J]	2020-01-18 02:59:40

相同子网IP讨论:

IP	类型	评论内容	时间
142.93.211.36	attackspambots	Oct 12 00:25:27 hidden sshd[869]: Failed password for hidden from 142.93.211.36 port 56534 ssh2 Oct 12 00:28:28 hidden sshd[1320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.36 user=root Oct 12 00:28:30 hidden sshd[1320]: Failed password for hidden from 142.93.211.36 port 40212 ssh2	2020-10-12 07:11:11
142.93.211.36	attackspam	Unauthorised connection attempt detected at AUO MAIN. System is sshd. Protected by AUO Stack Web Application Firewall (WAF)	2020-10-11 23:23:00
142.93.211.36	attack	Fail2Ban	2020-10-11 15:21:45
142.93.211.36	attackspambots	Port probing on unauthorized port 22	2020-10-11 08:40:42
142.93.211.192	attack	Aug 31 22:18:26 srv-ubuntu-dev3 sshd[127298]: Invalid user wow from 142.93.211.192 Aug 31 22:18:26 srv-ubuntu-dev3 sshd[127298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.192 Aug 31 22:18:26 srv-ubuntu-dev3 sshd[127298]: Invalid user wow from 142.93.211.192 Aug 31 22:18:29 srv-ubuntu-dev3 sshd[127298]: Failed password for invalid user wow from 142.93.211.192 port 39680 ssh2 Aug 31 22:22:18 srv-ubuntu-dev3 sshd[127737]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.192 user=root Aug 31 22:22:20 srv-ubuntu-dev3 sshd[127737]: Failed password for root from 142.93.211.192 port 45048 ssh2 Aug 31 22:26:06 srv-ubuntu-dev3 sshd[128146]: Invalid user tomcat2 from 142.93.211.192 Aug 31 22:26:06 srv-ubuntu-dev3 sshd[128146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.192 Aug 31 22:26:06 srv-ubuntu-dev3 sshd[128146]: Invalid user tomc ...	2020-09-01 04:59:43
142.93.211.36	attackspam	2020-08-26T20:53:13.113962abusebot-5.cloudsearch.cf sshd[5221]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=destek.in user=root 2020-08-26T20:53:15.000419abusebot-5.cloudsearch.cf sshd[5221]: Failed password for root from 142.93.211.36 port 33020 ssh2 2020-08-26T20:53:21.008214abusebot-5.cloudsearch.cf sshd[5223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=destek.in user=root 2020-08-26T20:53:22.522677abusebot-5.cloudsearch.cf sshd[5223]: Failed password for root from 142.93.211.36 port 33524 ssh2 2020-08-26T20:53:28.853992abusebot-5.cloudsearch.cf sshd[5225]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=destek.in user=root 2020-08-26T20:53:30.800157abusebot-5.cloudsearch.cf sshd[5225]: Failed password for root from 142.93.211.36 port 34016 ssh2 2020-08-26T20:53:36.106838abusebot-5.cloudsearch.cf sshd[5227]: pam_unix(sshd:auth): authentication failure; ...	2020-08-27 06:04:02
142.93.211.44	attackbotsspam	Connection to SSH Honeypot - Detected by HoneypotDB	2020-07-15 22:30:29
142.93.211.44	attackbotsspam	Jun 27 23:53:17 plex sshd[11781]: Invalid user user from 142.93.211.44 port 53454	2020-06-28 06:02:49
142.93.211.44	attackbotsspam	2020-06-15T03:51:59.198676mail.csmailer.org sshd[15765]: Failed password for root from 142.93.211.44 port 48402 ssh2 2020-06-15T03:55:36.484497mail.csmailer.org sshd[16119]: Invalid user sammy from 142.93.211.44 port 45372 2020-06-15T03:55:36.487297mail.csmailer.org sshd[16119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.44 2020-06-15T03:55:36.484497mail.csmailer.org sshd[16119]: Invalid user sammy from 142.93.211.44 port 45372 2020-06-15T03:55:38.813385mail.csmailer.org sshd[16119]: Failed password for invalid user sammy from 142.93.211.44 port 45372 ssh2 ...	2020-06-15 13:06:14
142.93.211.44	attackspambots	Jun 12 19:42:20 hpm sshd\[6948\]: Invalid user 123456 from 142.93.211.44 Jun 12 19:42:20 hpm sshd\[6948\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.44 Jun 12 19:42:22 hpm sshd\[6948\]: Failed password for invalid user 123456 from 142.93.211.44 port 41572 ssh2 Jun 12 19:43:23 hpm sshd\[7050\]: Invalid user zjcl123 from 142.93.211.44 Jun 12 19:43:23 hpm sshd\[7050\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.44	2020-06-13 14:05:30
142.93.211.44	attackbots	May 25 22:50:37 eventyay sshd[9631]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.211.44 May 25 22:50:39 eventyay sshd[9631]: Failed password for invalid user college from 142.93.211.44 port 44360 ssh2 May 25 22:55:07 eventyay sshd[9723]: Failed password for root from 142.93.211.44 port 48732 ssh2 ...	2020-05-26 04:56:51
142.93.211.176	attack	$f2bV_matches	2020-05-26 03:58:31
142.93.211.111	attackspambots	05/19/2020-19:43:03.985365 142.93.211.111 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-05-20 08:43:51
142.93.211.44	attackbotsspam	SSH brute-force: detected 14 distinct usernames within a 24-hour window.	2020-05-11 06:39:54
142.93.211.44	attackbotsspam	May 6 02:21:33 XXX sshd[52445]: Invalid user mysql from 142.93.211.44 port 43788	2020-05-07 08:46:16

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 142.93.211.52
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21249
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;142.93.211.52.			IN	A

;; AUTHORITY SECTION:
.			88	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020011700 1800 900 604800 86400

;; Query time: 107 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Jan 18 02:59:37 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

Host 52.211.93.142.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 52.211.93.142.in-addr.arpa: NXDOMAIN

IP	类型	评论内容	时间
93.37.246.230	attack	Port probing on unauthorized port 445	2020-09-06 18:09:20
45.142.120.137	attackbots	2020-09-06T04:20:01.156177linuxbox-skyline auth[111501]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=adminmail rhost=45.142.120.137 ...	2020-09-06 18:24:58
51.210.107.84	attackbotsspam	reported through recidive - multiple failed attempts(SSH)	2020-09-06 18:12:56
87.101.149.194	attack	Honeypot attack, port: 445, PTR: PTR record not found	2020-09-06 17:58:56
106.38.203.230	attackbots	$f2bV_matches	2020-09-06 18:17:39
36.85.25.232	attackbots	Automatic report - Port Scan Attack	2020-09-06 18:03:28
186.216.71.246	attackbots	Brute force attempt	2020-09-06 18:02:42
112.103.181.214	attackbots	Honeypot attack, port: 5555, PTR: PTR record not found	2020-09-06 18:17:26
82.78.202.169	attackspam	Honeypot attack, port: 81, PTR: static-82-78-202-169.rdsnet.ro.	2020-09-06 18:16:18
138.204.27.200	attackspambots	Lines containing failures of 138.204.27.200 Sep 4 08:37:47 penfold sshd[21276]: Invalid user returnbikegate from 138.204.27.200 port 43170 Sep 4 08:37:47 penfold sshd[21276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.27.200 Sep 4 08:37:49 penfold sshd[21276]: Failed password for invalid user returnbikegate from 138.204.27.200 port 43170 ssh2 Sep 4 08:37:52 penfold sshd[21276]: Received disconnect from 138.204.27.200 port 43170:11: Bye Bye [preauth] Sep 4 08:37:52 penfold sshd[21276]: Disconnected from invalid user returnbikegate 138.204.27.200 port 43170 [preauth] Sep 4 09:02:52 penfold sshd[23630]: Invalid user app from 138.204.27.200 port 48805 Sep 4 09:02:52 penfold sshd[23630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.204.27.200 Sep 4 09:02:54 penfold sshd[23630]: Failed password for invalid user app from 138.204.27.200 port 48805 ssh2 Sep 4 09:02:55 pe........ ------------------------------	2020-09-06 18:26:06
186.251.169.14	attack	Unauthorized connection attempt from IP address 186.251.169.14 on Port 445(SMB)	2020-09-06 18:05:46
5.188.84.95	attackspambots	Sent deactivated form without recaptcha response	2020-09-06 18:39:11
185.220.101.148	attackbotsspam	chaangnoifulda.de:80 185.220.101.148 - - [05/Sep/2020:23:14:49 +0200] "POST /xmlrpc.php HTTP/1.0" 301 501 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36" chaangnoifulda.de 185.220.101.148 [05/Sep/2020:23:14:50 +0200] "POST /xmlrpc.php HTTP/1.0" 200 3627 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36"	2020-09-06 18:10:24
75.3.198.176	attack	Portscan detected	2020-09-06 18:30:53
46.118.114.118	attackspambots	WordPress XMLRPC scan :: 46.118.114.118 0.836 - [06/Sep/2020:04:22:41 0000] www.[censored_1] "POST //xmlrpc.php HTTP/1.1" 503 18229 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36" "HTTP/1.1"	2020-09-06 18:04:42

最近上报的IP列表

188.149.155.92	33.122.75.35	185.249.198.46	93.250.158.149
146.199.171.103	138.201.95.98	107.173.219.101	103.228.183.10
94.9.63.175	77.20.22.120	45.32.28.219	27.76.82.0
5.253.27.243	13.57.133.225	5.145.252.171	5.37.192.201
46.72.53.4	173.12.35.75	160.75.251.196	175.193.177.175