142.93.90.49 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbotsspam	142.93.90.49 - - \[25/Jul/2019:22:09:13 +0300\] "POST /wp-login.php HTTP/1.1" 200 1606 142.93.90.49 - - \[25/Jul/2019:22:09:15 +0300\] "POST /wp-login.php HTTP/1.1" 200 1606 142.93.90.49 - - \[25/Jul/2019:22:09:17 +0300\] "POST /wp-login.php HTTP/1.1" 200 1600 142.93.90.49 - - \[25/Jul/2019:22:09:20 +0300\] "POST /wp-login.php HTTP/1.1" 200 1603 142.93.90.49 - - \[25/Jul/2019:22:09:22 +0300\] "POST /wp-login.php HTTP/1.1" 200 1603	2019-07-26 04:43:34
attackspam	Automatic report - Web App Attack	2019-07-09 11:47:28

类型

评论内容

时间

attackbotsspam

142.93.90.49 - - \[25/Jul/2019:22:09:13 +0300\] "POST /wp-login.php HTTP/1.1" 200 1606
142.93.90.49 - - \[25/Jul/2019:22:09:15 +0300\] "POST /wp-login.php HTTP/1.1" 200 1606
142.93.90.49 - - \[25/Jul/2019:22:09:17 +0300\] "POST /wp-login.php HTTP/1.1" 200 1600
142.93.90.49 - - \[25/Jul/2019:22:09:20 +0300\] "POST /wp-login.php HTTP/1.1" 200 1603
142.93.90.49 - - \[25/Jul/2019:22:09:22 +0300\] "POST /wp-login.php HTTP/1.1" 200 1603

2019-07-26 04:43:34

attackspam

Automatic report - Web App Attack

2019-07-09 11:47:28

相同子网IP讨论:

IP	类型	评论内容	时间
142.93.90.202	attackbotsspam	Aug 14 20:06:02 XXX sshd[24100]: Invalid user glassfish from 142.93.90.202 port 52311	2019-08-15 05:56:48
142.93.90.202	attackbotsspam	Aug 7 07:17:45 vibhu-HP-Z238-Microtower-Workstation sshd\[25986\]: Invalid user admin from 142.93.90.202 Aug 7 07:17:45 vibhu-HP-Z238-Microtower-Workstation sshd\[25986\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.90.202 Aug 7 07:17:47 vibhu-HP-Z238-Microtower-Workstation sshd\[25986\]: Failed password for invalid user admin from 142.93.90.202 port 59984 ssh2 Aug 7 07:27:30 vibhu-HP-Z238-Microtower-Workstation sshd\[26243\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.90.202 user=postgres Aug 7 07:27:31 vibhu-HP-Z238-Microtower-Workstation sshd\[26243\]: Failed password for postgres from 142.93.90.202 port 52142 ssh2 ...	2019-08-07 10:11:01
142.93.90.202	attack	Aug 3 00:06:32 tuotantolaitos sshd[1452]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.90.202 Aug 3 00:06:34 tuotantolaitos sshd[1452]: Failed password for invalid user ye from 142.93.90.202 port 23762 ssh2 ...	2019-08-03 05:18:39
142.93.90.202	attackbotsspam	2019-07-31T09:42:56.836381abusebot-4.cloudsearch.cf sshd\[27094\]: Invalid user aubrey from 142.93.90.202 port 64710	2019-07-31 19:18:36
142.93.90.202	attackspambots	Invalid user rabbitmq from 142.93.90.202 port 61660 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.90.202 Failed password for invalid user rabbitmq from 142.93.90.202 port 61660 ssh2 Invalid user zclftp from 142.93.90.202 port 19251 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.90.202	2019-07-30 16:54:18
142.93.90.202	attackbotsspam	$f2bV_matches	2019-07-27 09:54:28
142.93.90.202	attackspam	Jul 24 20:53:00 aat-srv002 sshd[5285]: Failed password for root from 142.93.90.202 port 34047 ssh2 Jul 24 20:57:52 aat-srv002 sshd[5502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.90.202 Jul 24 20:57:54 aat-srv002 sshd[5502]: Failed password for invalid user richard from 142.93.90.202 port 10903 ssh2 Jul 24 20:59:59 aat-srv002 sshd[5547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.90.202 ...	2019-07-25 18:19:02

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 142.93.90.49
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55725
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;142.93.90.49.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019060401 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Jun 05 12:09:37 CST 2019
;; MSG SIZE  rcvd: 116

HOST信息:

Host 49.90.93.142.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 49.90.93.142.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
180.76.249.74	attack	$f2bV_matches	2020-07-10 00:37:01
206.189.207.74	attackspambots	Jul 9 11:00:36 vm3 sshd[10673]: Did not receive identification string from 206.189.207.74 port 41678 Jul 9 11:00:55 vm3 sshd[10674]: Received disconnect from 206.189.207.74 port 36658:11: Normal Shutdown, Thank you for playing [preauth] Jul 9 11:00:55 vm3 sshd[10674]: Disconnected from 206.189.207.74 port 36658 [preauth] Jul 9 11:01:07 vm3 sshd[10678]: Received disconnect from 206.189.207.74 port 33494:11: Normal Shutdown, Thank you for playing [preauth] Jul 9 11:01:07 vm3 sshd[10678]: Disconnected from 206.189.207.74 port 33494 [preauth] Jul 9 11:01:19 vm3 sshd[10680]: Received disconnect from 206.189.207.74 port 58700:11: Normal Shutdown, Thank you for playing [preauth] Jul 9 11:01:19 vm3 sshd[10680]: Disconnected from 206.189.207.74 port 58700 [preauth] Jul 9 11:01:31 vm3 sshd[10682]: Received disconnect from 206.189.207.74 port 55628:11: Normal Shutdown, Thank you for playing [preauth] Jul 9 11:01:31 vm3 sshd[10682]: Disconnected from 206.189.207.74 port 55........ -------------------------------	2020-07-10 00:16:21
46.8.252.176	attackbotsspam	Jul 9 14:06:10 smtp postfix/smtpd[65739]: NOQUEUE: reject: RCPT from unknown[46.8.252.176]: 554 5.7.1 Service unavailable; Client host [46.8.252.176] blocked using cbl.abuseat.org; Blocked - see http://www.abuseat.org/lookup.cgi?ip=46.8.252.176; from= to= proto=ESMTP helo=<[46.8.252.176]> ...	2020-07-10 00:33:43
27.71.206.104	attackbots	postfix (unknown user, SPF fail or relay access denied)	2020-07-10 00:16:01
213.222.187.138	attackbots	Jul 9 15:07:33 OPSO sshd\[17957\]: Invalid user fangwx from 213.222.187.138 port 58090 Jul 9 15:07:33 OPSO sshd\[17957\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.222.187.138 Jul 9 15:07:35 OPSO sshd\[17957\]: Failed password for invalid user fangwx from 213.222.187.138 port 58090 ssh2 Jul 9 15:10:52 OPSO sshd\[18631\]: Invalid user lishaofei from 213.222.187.138 port 53784 Jul 9 15:10:52 OPSO sshd\[18631\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.222.187.138	2020-07-10 00:02:42
141.98.81.208	attackbotsspam	Jul 9 13:14:13 firewall sshd[24265]: Failed password for invalid user Administrator from 141.98.81.208 port 31831 ssh2 Jul 9 13:14:36 firewall sshd[24306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.98.81.208 user=root Jul 9 13:14:39 firewall sshd[24306]: Failed password for root from 141.98.81.208 port 9123 ssh2 ...	2020-07-10 00:24:49
91.241.19.173	attack	attempted to connect via remote desktop connection via brute force	2020-07-10 00:04:58
175.215.229.138	attackspambots	postfix	2020-07-10 00:38:29
106.13.147.89	attack	Jul 9 14:04:59 h2779839 sshd[31211]: Invalid user test from 106.13.147.89 port 38462 Jul 9 14:04:59 h2779839 sshd[31211]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.147.89 Jul 9 14:04:59 h2779839 sshd[31211]: Invalid user test from 106.13.147.89 port 38462 Jul 9 14:05:01 h2779839 sshd[31211]: Failed password for invalid user test from 106.13.147.89 port 38462 ssh2 Jul 9 14:05:51 h2779839 sshd[31223]: Invalid user sascha from 106.13.147.89 port 47766 Jul 9 14:05:51 h2779839 sshd[31223]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.147.89 Jul 9 14:05:51 h2779839 sshd[31223]: Invalid user sascha from 106.13.147.89 port 47766 Jul 9 14:05:54 h2779839 sshd[31223]: Failed password for invalid user sascha from 106.13.147.89 port 47766 ssh2 Jul 9 14:06:42 h2779839 sshd[31229]: Invalid user uclm from 106.13.147.89 port 57072 ...	2020-07-09 23:59:56
194.26.29.33	attack	Jul 9 17:17:02 [host] kernel: [10935624.900298] [ Jul 9 17:19:39 [host] kernel: [10935781.390941] [ Jul 9 17:23:31 [host] kernel: [10936013.661303] [ Jul 9 17:53:34 [host] kernel: [10937816.382865] [ Jul 9 18:01:58 [host] kernel: [10938320.186134] [ Jul 9 18:02:52 [host] kernel: [10938374.716283] [	2020-07-10 00:08:49
218.92.0.158	attackbots	[MK-VM4] SSH login failed	2020-07-10 00:29:04
51.195.151.244	attackspambots	Cowrie Honeypot: 10 unauthorised SSH/Telnet login attempts between 2020-07-09T15:45:33Z and 2020-07-09T15:56:22Z	2020-07-10 00:00:21
151.52.121.207	attack	postfix (unknown user, SPF fail or relay access denied)	2020-07-10 00:34:16
31.135.33.97	attackbotsspam	20/7/9@08:06:45: FAIL: Alarm-Intrusion address from=31.135.33.97 ...	2020-07-09 23:55:49
182.61.5.136	attack	Failed password for invalid user gdnexus from 182.61.5.136 port 37458 ssh2	2020-07-10 00:35:28

最近上报的IP列表

219.23.55.209	226.249.168.87	64.222.248.108	119.28.114.58
32.72.125.202	80.99.117.68	185.79.156.157	211.121.245.178
216.170.44.168	211.105.223.33	210.177.232.225	112.133.237.26
87.244.186.226	109.201.36.166	119.148.39.107	205.217.188.198
238.63.31.31	119.15.167.84	26.106.227.71	158.89.226.105