149.28.150.103

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): unknown

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

暂无关于此IP的讨论, 沙发请点上方按钮

相同子网IP讨论:

IP	类型	评论内容	时间
149.28.150.156	attack	149.28.150.156 - - [06/Jun/2020:14:38:41 +0200] "GET /wp-login.php HTTP/1.1" 200 6183 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 149.28.150.156 - - [06/Jun/2020:14:38:43 +0200] "POST /wp-login.php HTTP/1.1" 200 6434 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 149.28.150.156 - - [06/Jun/2020:14:38:45 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-06-06 21:48:05
149.28.150.192	attackbots	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/149.28.150.192/ US - 1H : (192) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : US NAME ASN : ASN20473 IP : 149.28.150.192 CIDR : 149.28.128.0/19 PREFIX COUNT : 584 UNIQUE IP COUNT : 939776 ATTACKS DETECTED ASN20473 : 1H - 3 3H - 3 6H - 5 12H - 33 24H - 34 DateTime : 2019-11-09 07:28:48 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-11-09 15:28:08
149.28.150.143	attackbotsspam	RDP Brute-Force (Grieskirchen RZ1)	2019-09-07 15:57:42

类型

评论内容

时间

149.28.150.156

attack

149.28.150.156 - - [06/Jun/2020:14:38:41 +0200] "GET /wp-login.php HTTP/1.1" 200 6183 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
149.28.150.156 - - [06/Jun/2020:14:38:43 +0200] "POST /wp-login.php HTTP/1.1" 200 6434 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
149.28.150.156 - - [06/Jun/2020:14:38:45 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

2020-06-06 21:48:05

149.28.150.192

attackbots

IP Ban Report :  
 https://help-dysk.pl/wordpress-firewall-plugins/ip/149.28.150.192/ 
 
 US - 1H : (192)  
 Protection Against DDoS WordPress plugin :  
 "odzyskiwanie danych help-dysk" 
 IP Address Ranges by Country : US 
 NAME ASN : ASN20473 
 
 IP : 149.28.150.192 
 
 CIDR : 149.28.128.0/19 
 
 PREFIX COUNT : 584 
 
 UNIQUE IP COUNT : 939776 
 
 
 ATTACKS DETECTED ASN20473 :  
  1H - 3 
  3H - 3 
  6H - 5 
 12H - 33 
 24H - 34 
 
 DateTime : 2019-11-09 07:28:48 
 
 INFO : Port Scan TELNET Detected and Blocked by ADMIN  - data recovery

2019-11-09 15:28:08

149.28.150.143

attackbotsspam

RDP Brute-Force (Grieskirchen RZ1)

2019-09-07 15:57:42

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 149.28.150.103
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42921
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;149.28.150.103.			IN	A

;; AUTHORITY SECTION:
.			420	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022021801 1800 900 604800 86400

;; Query time: 15 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Feb 19 03:39:53 CST 2022
;; MSG SIZE  rcvd: 107

HOST信息:

103.150.28.149.in-addr.arpa domain name pointer 149.28.150.103.vultr.com.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
103.150.28.149.in-addr.arpa	name = 149.28.150.103.vultr.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
223.205.190.63	attackspam	Port 1433 Scan	2020-02-28 03:44:08
77.224.213.120	attackbotsspam	Feb 27 12:02:30 h1637304 sshd[22294]: Failed password for invalid user mailman from 77.224.213.120 port 52512 ssh2 Feb 27 12:02:30 h1637304 sshd[22294]: Received disconnect from 77.224.213.120: 11: Bye Bye [preauth] Feb 27 12:17:04 h1637304 sshd[3929]: Failed password for invalid user ashok from 77.224.213.120 port 34158 ssh2 Feb 27 12:17:04 h1637304 sshd[3929]: Received disconnect from 77.224.213.120: 11: Bye Bye [preauth] Feb 27 12:27:20 h1637304 sshd[13337]: Failed password for invalid user csgoserver from 77.224.213.120 port 59160 ssh2 Feb 27 12:27:20 h1637304 sshd[13337]: Received disconnect from 77.224.213.120: 11: Bye Bye [preauth] Feb 27 12:37:17 h1637304 sshd[22697]: Failed password for invalid user caidanwei from 77.224.213.120 port 55094 ssh2 Feb 27 12:37:17 h1637304 sshd[22697]: Received disconnect from 77.224.213.120: 11: Bye Bye [preauth] Feb 27 12:46:38 h1637304 sshd[32052]: Failed password for invalid user quest from 77.224.213.120 port 49778 ssh2 Feb 27........ -------------------------------	2020-02-28 03:33:07
121.229.48.89	attackbots	Feb 27 15:31:07 ns382633 sshd\[12369\]: Invalid user xuming from 121.229.48.89 port 34110 Feb 27 15:31:07 ns382633 sshd\[12369\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.229.48.89 Feb 27 15:31:09 ns382633 sshd\[12369\]: Failed password for invalid user xuming from 121.229.48.89 port 34110 ssh2 Feb 27 16:10:33 ns382633 sshd\[19294\]: Invalid user work from 121.229.48.89 port 40666 Feb 27 16:10:33 ns382633 sshd\[19294\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.229.48.89	2020-02-28 03:56:10
145.239.94.191	attack	Feb 27 19:42:57 MK-Soft-Root1 sshd[12522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.94.191 Feb 27 19:42:59 MK-Soft-Root1 sshd[12522]: Failed password for invalid user demo from 145.239.94.191 port 38290 ssh2 ...	2020-02-28 03:31:24
8.209.69.78	attack	Chat Spam	2020-02-28 04:11:03
178.154.171.22	attack	[Thu Feb 27 21:22:03.437383 2020] [:error] [pid 3621:tid 139837710403328] [client 178.154.171.22:62589] [client 178.154.171.22] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "XlfQi3gSyCP9O11ZuEgQSwAAAUs"] ...	2020-02-28 03:37:38
102.176.160.30	attackbotsspam	$f2bV_matches	2020-02-28 03:48:43
217.235.42.250	attackspambots	Lines containing failures of 217.235.42.250 Feb 27 15:04:37 MAKserver05 sshd[10703]: Invalid user storm from 217.235.42.250 port 56340 Feb 27 15:04:37 MAKserver05 sshd[10703]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.235.42.250 Feb 27 15:04:38 MAKserver05 sshd[10703]: Failed password for invalid user storm from 217.235.42.250 port 56340 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=217.235.42.250	2020-02-28 03:52:41
42.189.41.133	attackbots	Automatic report - Port Scan Attack	2020-02-28 03:57:21
118.24.55.171	attackbotsspam	2020-02-27T19:52:19.516537abusebot-6.cloudsearch.cf sshd[12719]: Invalid user test from 118.24.55.171 port 4101 2020-02-27T19:52:19.525206abusebot-6.cloudsearch.cf sshd[12719]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.55.171 2020-02-27T19:52:19.516537abusebot-6.cloudsearch.cf sshd[12719]: Invalid user test from 118.24.55.171 port 4101 2020-02-27T19:52:21.493282abusebot-6.cloudsearch.cf sshd[12719]: Failed password for invalid user test from 118.24.55.171 port 4101 ssh2 2020-02-27T19:52:35.572785abusebot-6.cloudsearch.cf sshd[12735]: Invalid user wry from 118.24.55.171 port 5183 2020-02-27T19:52:35.579123abusebot-6.cloudsearch.cf sshd[12735]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.55.171 2020-02-27T19:52:35.572785abusebot-6.cloudsearch.cf sshd[12735]: Invalid user wry from 118.24.55.171 port 5183 2020-02-27T19:52:38.078732abusebot-6.cloudsearch.cf sshd[12735]: Failed password fo ...	2020-02-28 04:09:08
84.38.181.187	attackspam	Feb 27 20:09:28 vps691689 sshd[979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.38.181.187 Feb 27 20:09:31 vps691689 sshd[979]: Failed password for invalid user jenkins from 84.38.181.187 port 48824 ssh2 ...	2020-02-28 03:37:12
221.156.126.1	attackspam	2020-02-27T15:26:28.641797randservbullet-proofcloud-66.localdomain sshd[11265]: Invalid user debian-spamd from 221.156.126.1 port 51836 2020-02-27T15:26:28.648188randservbullet-proofcloud-66.localdomain sshd[11265]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.156.126.1 2020-02-27T15:26:28.641797randservbullet-proofcloud-66.localdomain sshd[11265]: Invalid user debian-spamd from 221.156.126.1 port 51836 2020-02-27T15:26:30.487732randservbullet-proofcloud-66.localdomain sshd[11265]: Failed password for invalid user debian-spamd from 221.156.126.1 port 51836 ssh2 ...	2020-02-28 03:52:07
134.209.194.217	attack	2020-02-27T19:41:13.761923shield sshd\[24525\]: Invalid user nx from 134.209.194.217 port 56048 2020-02-27T19:41:13.769830shield sshd\[24525\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.194.217 2020-02-27T19:41:15.981894shield sshd\[24525\]: Failed password for invalid user nx from 134.209.194.217 port 56048 ssh2 2020-02-27T19:50:34.071932shield sshd\[26254\]: Invalid user shiyic from 134.209.194.217 port 44944 2020-02-27T19:50:34.078178shield sshd\[26254\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.194.217	2020-02-28 03:58:41
37.209.101.251	attackbotsspam	Feb 27 16:30:27 MK-Soft-VM5 sshd[27272]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.209.101.251 Feb 27 16:30:28 MK-Soft-VM5 sshd[27272]: Failed password for invalid user fangbingkun from 37.209.101.251 port 38018 ssh2 ...	2020-02-28 03:31:45
150.242.252.128	attack	2020-02-27 08:21:23 H=(mx76.mb1p.com) [150.242.252.128]:48270 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3, 127.0.0.4) (https://www.spamhaus.org/sbl/query/SBLCSS) 2020-02-27 08:21:23 H=(mx76.mb1p.com) [150.242.252.128]:48270 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3, 127.0.0.4) (https://www.spamhaus.org/sbl/query/SBLCSS) 2020-02-27 08:21:23 H=(mx76.mb1p.com) [150.242.252.128]:48270 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.3, 127.0.0.4) (https://www.spamhaus.org/sbl/query/SBLCSS) ...	2020-02-28 04:07:50

最近上报的IP列表

149.255.62.57	149.28.150.15	149.28.152.224	149.28.156.52
149.28.222.186	149.28.239.218	149.3.144.104	149.56.249.93
149.56.252.236	15.223.68.208	15.207.128.104	15.20.20.20
15.236.147.212	157.55.243.41	15.235.11.117	150.107.152.135
15.222.69.193	15.236.52.135	15.236.132.63	15.222.154.166