142.93.52.3 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States of America

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbots	142.93.52.3 (US/United States/-), 6 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_DISTATTACK; Logs: Sep 16 07:43:32 server2 sshd[30326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.28.132.211 user=root Sep 16 07:43:34 server2 sshd[30326]: Failed password for root from 119.28.132.211 port 57056 ssh2 Sep 16 07:43:52 server2 sshd[30379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.175.217.161 user=root Sep 16 07:43:24 server2 sshd[30269]: Failed password for root from 142.93.52.3 port 60144 ssh2 Sep 16 07:43:19 server2 sshd[30128]: Failed password for root from 119.250.158.217 port 62043 ssh2 Sep 16 07:43:22 server2 sshd[30269]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=root IP Addresses Blocked: 119.28.132.211 (HK/Hong Kong/-) 134.175.217.161 (CN/China/-)	2020-09-16 23:30:14
attack	Banned for a week because repeated abuses, for example SSH, but not only	2020-09-16 15:47:17
attack	detected by Fail2Ban	2020-09-16 07:47:29
attack	Sep 8 13:52:28 markkoudstaal sshd[19974]: Failed password for root from 142.93.52.3 port 39644 ssh2 Sep 8 13:56:14 markkoudstaal sshd[21048]: Failed password for root from 142.93.52.3 port 45878 ssh2 Sep 8 13:59:58 markkoudstaal sshd[22064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 ...	2020-09-08 20:22:38
attack	2020-09-08T05:00:26.289010billing sshd[19563]: Failed password for root from 142.93.52.3 port 35248 ssh2 2020-09-08T05:03:36.432267billing sshd[25813]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=root 2020-09-08T05:03:38.974327billing sshd[25813]: Failed password for root from 142.93.52.3 port 39546 ssh2 ...	2020-09-08 12:17:30
attack	Triggered by Fail2Ban at Ares web server	2020-09-08 04:54:31
attackbots	Aug 30 02:12:22 web9 sshd\[21063\]: Invalid user tamaki from 142.93.52.3 Aug 30 02:12:22 web9 sshd\[21063\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 Aug 30 02:12:24 web9 sshd\[21063\]: Failed password for invalid user tamaki from 142.93.52.3 port 41090 ssh2 Aug 30 02:16:22 web9 sshd\[21548\]: Invalid user admin from 142.93.52.3 Aug 30 02:16:22 web9 sshd\[21548\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3	2020-08-30 20:27:55
attackbotsspam	Aug 17 14:05:26 [host] sshd[5813]: Invalid user to Aug 17 14:05:26 [host] sshd[5813]: pam_unix(sshd:a Aug 17 14:05:28 [host] sshd[5813]: Failed password	2020-08-17 21:49:53
attack	k+ssh-bruteforce	2020-08-07 08:35:44
attackbotsspam	Aug 6 02:09:31 firewall sshd[10490]: Failed password for root from 142.93.52.3 port 51364 ssh2 Aug 6 02:13:18 firewall sshd[10609]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=root Aug 6 02:13:20 firewall sshd[10609]: Failed password for root from 142.93.52.3 port 34064 ssh2 ...	2020-08-06 13:22:04
attack	Aug 4 13:57:57 piServer sshd[7616]: Failed password for root from 142.93.52.3 port 39134 ssh2 Aug 4 14:00:41 piServer sshd[7924]: Failed password for root from 142.93.52.3 port 57462 ssh2 ...	2020-08-04 21:30:59
attack	Jul 31 16:50:10 hidden sshd[7811]: Failed password for hidden from 142.93.52.3 port 33184 ssh2 Jul 31 16:54:07 hidden sshd[17514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=root Jul 31 16:54:09 hidden sshd[17514]: Failed password for hidden from 142.93.52.3 port 45844 ssh2 Jul 31 16:58:05 hidden sshd[27196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=root Jul 31 16:58:07 hidden sshd[27196]: Failed password for hidden from 142.93.52.3 port 58508 ssh2	2020-08-01 03:33:18
attack	Jul 25 10:17:08 vps sshd[25858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 Jul 25 10:17:10 vps sshd[25858]: Failed password for invalid user cristiano from 142.93.52.3 port 56604 ssh2 Jul 25 10:21:28 vps sshd[26138]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 ...	2020-07-25 18:25:15
attackbotsspam	Jun 30 17:56:45 h1745522 sshd[22297]: Invalid user bhq from 142.93.52.3 port 51416 Jun 30 17:56:45 h1745522 sshd[22297]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 Jun 30 17:56:45 h1745522 sshd[22297]: Invalid user bhq from 142.93.52.3 port 51416 Jun 30 17:56:47 h1745522 sshd[22297]: Failed password for invalid user bhq from 142.93.52.3 port 51416 ssh2 Jun 30 18:00:00 h1745522 sshd[22582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=root Jun 30 18:00:02 h1745522 sshd[22582]: Failed password for root from 142.93.52.3 port 50798 ssh2 Jun 30 18:03:15 h1745522 sshd[24059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=root Jun 30 18:03:17 h1745522 sshd[24059]: Failed password for root from 142.93.52.3 port 50176 ssh2 Jun 30 18:06:31 h1745522 sshd[24229]: Invalid user vpnuser from 142.93.52.3 port 49556 ...	2020-07-01 04:29:01
attack	Jun 28 17:24:04 ns382633 sshd\[11870\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=root Jun 28 17:24:07 ns382633 sshd\[11870\]: Failed password for root from 142.93.52.3 port 44448 ssh2 Jun 28 17:38:41 ns382633 sshd\[14687\]: Invalid user deploy from 142.93.52.3 port 44512 Jun 28 17:38:41 ns382633 sshd\[14687\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 Jun 28 17:38:43 ns382633 sshd\[14687\]: Failed password for invalid user deploy from 142.93.52.3 port 44512 ssh2	2020-06-29 02:03:53
attackbotsspam	2020-06-20T20:04:34.105871 sshd[29862]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 2020-06-20T20:04:34.092494 sshd[29862]: Invalid user dita from 142.93.52.3 port 56306 2020-06-20T20:04:35.740889 sshd[29862]: Failed password for invalid user dita from 142.93.52.3 port 56306 ssh2 2020-06-21T06:27:54.256836 sshd[10458]: Invalid user jtorres from 142.93.52.3 port 33280 ...	2020-06-21 13:47:11
attackbotsspam	Jun 20 16:35:56 home sshd[6196]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 Jun 20 16:35:58 home sshd[6196]: Failed password for invalid user huang from 142.93.52.3 port 56412 ssh2 Jun 20 16:36:55 home sshd[6280]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 ...	2020-06-20 23:04:33
attackbots	Auto Fail2Ban report, multiple SSH login attempts.	2020-06-12 18:48:29
attackbotsspam	2020-06-10T10:29:48.313269rocketchat.forhosting.nl sshd[22744]: Failed password for root from 142.93.52.3 port 51554 ssh2 2020-06-10T10:33:03.691457rocketchat.forhosting.nl sshd[22790]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=ftp 2020-06-10T10:33:04.949573rocketchat.forhosting.nl sshd[22790]: Failed password for ftp from 142.93.52.3 port 53192 ssh2 ...	2020-06-10 16:56:01
attackbots	SSH Login Bruteforce	2020-06-09 18:39:26
attackspambots	May 28 19:46:10 web1 sshd\[3741\]: Failed password for invalid user sociedad from 142.93.52.3 port 42684 ssh2 May 28 19:49:28 web1 sshd\[4047\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 user=root May 28 19:49:30 web1 sshd\[4047\]: Failed password for root from 142.93.52.3 port 42286 ssh2 May 28 19:52:48 web1 sshd\[4329\]: Invalid user test from 142.93.52.3 May 28 19:52:48 web1 sshd\[4329\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3	2020-05-29 14:59:25
attackbots	" "	2020-05-28 21:40:08
attackbots	SSH/22 MH Probe, BF, Hack -	2020-05-26 22:20:06
attackspambots	no	2020-05-26 03:58:46
attackbots	$f2bV_matches	2020-05-23 00:35:30
attack	May 22 06:28:34 srv-ubuntu-dev3 sshd[111418]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 May 22 06:28:34 srv-ubuntu-dev3 sshd[111418]: Invalid user xfc from 142.93.52.3 May 22 06:28:36 srv-ubuntu-dev3 sshd[111418]: Failed password for invalid user xfc from 142.93.52.3 port 58408 ssh2 May 22 06:31:48 srv-ubuntu-dev3 sshd[112642]: Invalid user ozc from 142.93.52.3 May 22 06:31:48 srv-ubuntu-dev3 sshd[112642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 May 22 06:31:48 srv-ubuntu-dev3 sshd[112642]: Invalid user ozc from 142.93.52.3 May 22 06:31:51 srv-ubuntu-dev3 sshd[112642]: Failed password for invalid user ozc from 142.93.52.3 port 36788 ssh2 May 22 06:35:06 srv-ubuntu-dev3 sshd[114063]: Invalid user zpb from 142.93.52.3 May 22 06:35:06 srv-ubuntu-dev3 sshd[114063]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 May 22 06: ...	2020-05-22 12:41:38
attackspambots	Invalid user admin from 142.93.52.3 port 59888	2020-05-15 14:07:50
attack	May 7 20:21:56 ns381471 sshd[4283]: Failed password for root from 142.93.52.3 port 48216 ssh2 May 7 20:23:39 ns381471 sshd[4323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3	2020-05-08 03:45:21
attackspam	$f2bV_matches	2020-04-26 04:44:57
attack	Apr 22 17:04:44 gw1 sshd[29988]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.52.3 Apr 22 17:04:46 gw1 sshd[29988]: Failed password for invalid user admin from 142.93.52.3 port 58626 ssh2 ...	2020-04-22 20:39:37

相同子网IP讨论:

IP	类型	评论内容	时间
142.93.52.174	attackspam	142.93.52.174 - - [21/Sep/2020:20:43:25 +0200] "POST /xmlrpc.php HTTP/1.1" 403 613 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.52.174 - - [21/Sep/2020:20:55:53 +0200] "POST /xmlrpc.php HTTP/1.1" 403 613 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-22 03:16:06
142.93.52.174	attack	142.93.52.174 - - [21/Sep/2020:12:12:36 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.52.174 - - [21/Sep/2020:12:12:37 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.52.174 - - [21/Sep/2020:12:12:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-21 19:01:02
142.93.52.174	attackspam	Attempt to hack Wordpress Login, XMLRPC or other login	2020-08-17 06:43:23
142.93.52.174	attackspambots	142.93.52.174 - - [11/Jul/2020:06:15:19 +0200] "GET /wp-login.php HTTP/1.1" 200 1901 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.52.174 - - [11/Jul/2020:06:15:26 +0200] "POST /wp-login.php HTTP/1.1" 200 2031 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.52.174 - - [11/Jul/2020:06:15:26 +0200] "GET /wp-login.php HTTP/1.1" 200 1901 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.52.174 - - [11/Jul/2020:06:15:27 +0200] "POST /wp-login.php HTTP/1.1" 200 2030 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.52.174 - - [11/Jul/2020:06:15:27 +0200] "GET /wp-login.php HTTP/1.1" 200 1901 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.52.174 - - [11/Jul/2020:06:15:27 +0200] "POST /wp-login.php HTTP/1.1" 200 2030 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Fir ...	2020-07-11 13:36:24
142.93.52.174	attack	142.93.52.174 - - \[28/May/2020:15:40:10 +0200\] "POST /wp-login.php HTTP/1.0" 200 6728 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 142.93.52.174 - - \[28/May/2020:15:40:12 +0200\] "POST /wp-login.php HTTP/1.0" 200 6558 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 142.93.52.174 - - \[28/May/2020:15:40:23 +0200\] "POST /wp-login.php HTTP/1.0" 200 6552 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-05-29 00:20:51

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 142.93.52.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51274
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;142.93.52.3.			IN	A

;; AUTHORITY SECTION:
.			501	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020041201 1800 900 604800 86400

;; Query time: 119 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Apr 13 08:35:04 CST 2020
;; MSG SIZE  rcvd: 115

HOST信息:

Host 3.52.93.142.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 3.52.93.142.in-addr.arpa: NXDOMAIN

IP	类型	评论内容	时间
106.54.18.121	attackbots	Fail2Ban Ban Triggered	2019-11-25 06:05:39
94.199.198.137	attackspambots	Invalid user maddex from 94.199.198.137 port 60812 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.199.198.137 Failed password for invalid user maddex from 94.199.198.137 port 60812 ssh2 Invalid user sieger from 94.199.198.137 port 40908 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.199.198.137	2019-11-25 06:23:29
112.64.137.178	attackbotsspam	Automatic report - Banned IP Access	2019-11-25 06:08:48
218.92.0.211	attackspambots	Nov 24 23:07:44 eventyay sshd[4376]: Failed password for root from 218.92.0.211 port 54153 ssh2 Nov 24 23:08:31 eventyay sshd[4390]: Failed password for root from 218.92.0.211 port 60922 ssh2 ...	2019-11-25 06:18:45
123.207.88.97	attack	" "	2019-11-25 06:06:31
81.22.45.25	attackspambots	11/24/2019-17:13:01.216232 81.22.45.25 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-11-25 06:18:26
217.165.183.151	attackbots	Port 1433 Scan	2019-11-25 06:28:23
106.13.48.201	attackbotsspam	2019-11-24T09:43:44.811340homeassistant sshd[13296]: Failed password for invalid user super from 106.13.48.201 port 32880 ssh2 2019-11-24T14:44:08.884618homeassistant sshd[5697]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.48.201 user=mail ...	2019-11-25 06:35:14
119.28.191.184	attack	Invalid user guillan from 119.28.191.184 port 34126	2019-11-25 06:34:19
40.73.65.160	attack	Nov 24 09:44:51 plusreed sshd[4249]: Invalid user webmaster from 40.73.65.160 ...	2019-11-25 06:11:10
168.232.130.188	attackspambots	2019-11-24T14:44:45.535Z CLOSE host=168.232.130.188 port=56139 fd=4 time=20.017 bytes=13 ...	2019-11-25 06:13:03
89.248.168.112	attackspambots	Fail2Ban Ban Triggered	2019-11-25 06:37:28
202.146.235.79	attack	Nov 24 19:12:27 server sshd\[17058\]: Invalid user admin from 202.146.235.79 Nov 24 19:12:27 server sshd\[17058\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.146.235.79 Nov 24 19:12:29 server sshd\[17058\]: Failed password for invalid user admin from 202.146.235.79 port 52588 ssh2 Nov 24 19:34:50 server sshd\[22803\]: Invalid user yuklung from 202.146.235.79 Nov 24 19:34:50 server sshd\[22803\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.146.235.79 ...	2019-11-25 06:09:55
46.101.48.191	attackspambots	Nov 24 18:50:27 [host] sshd[19748]: Invalid user ljm7206 from 46.101.48.191 Nov 24 18:50:27 [host] sshd[19748]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.101.48.191 Nov 24 18:50:29 [host] sshd[19748]: Failed password for invalid user ljm7206 from 46.101.48.191 port 44608 ssh2	2019-11-25 06:24:30
77.146.101.146	attack	(sshd) Failed SSH login from 77.146.101.146 (FR/France/Finistère/Plouzane/146.101.146.77.rev.sfr.net/[AS15557 SFR SA]): 1 in the last 3600 secs	2019-11-25 06:35:29

最近上报的IP列表

36.90.134.36	139.162.122.218	180.177.57.153	45.141.69.49
178.60.163.89	46.101.199.196	98.126.155.146	175.140.213.50
23.111.147.162	113.185.42.157	78.109.129.108	200.188.153.18
101.89.192.64	36.73.33.109	90.84.184.165	185.55.242.61
183.89.237.253	118.69.35.18	176.88.93.0	123.25.30.247