149.56.24.8 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Canada

运营商(isp): OVH Hosting Inc.

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbotsspam	CloudCIX Reconnaissance Scan Detected, PTR: srv.1libertygroup.com.	2019-11-18 04:03:53
attackspambots	SSH login attempts with invalid user	2019-11-13 06:21:05
attackspam	Nov 7 07:30:45 SilenceServices sshd[31366]: Failed password for root from 149.56.24.8 port 47556 ssh2 Nov 7 07:30:48 SilenceServices sshd[31380]: Failed password for root from 149.56.24.8 port 47593 ssh2	2019-11-07 14:53:14
attackbots	CloudCIX Reconnaissance Scan Detected, PTR: srv.1libertygroup.com.	2019-11-04 20:34:55

相同子网IP讨论:

IP	类型	评论内容	时间
149.56.241.211	attackbots	149.56.241.211 - - \[25/Jan/2020:06:06:07 +0100\] "POST //wp-login.php HTTP/1.0" 200 7427 "https://wpmeetup-muenchen.org//wp-login.php" "Mozilla/5.0 \(Windows NT 10.0\; Win64\; x64\; rv:66.0\) Gecko/20100101 Firefox/66.0" 149.56.241.211 - - \[25/Jan/2020:06:06:08 +0100\] "POST //wp-login.php HTTP/1.0" 200 7427 "https://wpmeetup-muenchen.org//wp-login.php" "Mozilla/5.0 \(Windows NT 10.0\; Win64\; x64\; rv:66.0\) Gecko/20100101 Firefox/66.0" 149.56.241.211 - - \[25/Jan/2020:06:06:09 +0100\] "POST //wp-login.php HTTP/1.0" 200 7427 "https://wpmeetup-muenchen.org//wp-login.php" "Mozilla/5.0 \(Windows NT 10.0\; Win64\; x64\; rv:66.0\) Gecko/20100101 Firefox/66.0"	2020-01-25 16:52:00
149.56.242.224	attack	Apr 11 01:04:46 server sshd\[95646\]: Invalid user ubuntu from 149.56.242.224 Apr 11 01:04:46 server sshd\[95646\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.242.224 Apr 11 01:04:49 server sshd\[95646\]: Failed password for invalid user ubuntu from 149.56.242.224 port 33040 ssh2 ...	2019-07-12 03:15:42

类型

评论内容

时间

149.56.241.211

attackbots

149.56.241.211 - - \[25/Jan/2020:06:06:07 +0100\] "POST //wp-login.php HTTP/1.0" 200 7427 "https://wpmeetup-muenchen.org//wp-login.php" "Mozilla/5.0 \(Windows NT 10.0\; Win64\; x64\; rv:66.0\) Gecko/20100101 Firefox/66.0"
149.56.241.211 - - \[25/Jan/2020:06:06:08 +0100\] "POST //wp-login.php HTTP/1.0" 200 7427 "https://wpmeetup-muenchen.org//wp-login.php" "Mozilla/5.0 \(Windows NT 10.0\; Win64\; x64\; rv:66.0\) Gecko/20100101 Firefox/66.0"
149.56.241.211 - - \[25/Jan/2020:06:06:09 +0100\] "POST //wp-login.php HTTP/1.0" 200 7427 "https://wpmeetup-muenchen.org//wp-login.php" "Mozilla/5.0 \(Windows NT 10.0\; Win64\; x64\; rv:66.0\) Gecko/20100101 Firefox/66.0"

2020-01-25 16:52:00

149.56.242.224

attack

Apr 11 01:04:46 server sshd\[95646\]: Invalid user ubuntu from 149.56.242.224
Apr 11 01:04:46 server sshd\[95646\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=149.56.242.224
Apr 11 01:04:49 server sshd\[95646\]: Failed password for invalid user ubuntu from 149.56.242.224 port 33040 ssh2
...

2019-07-12 03:15:42

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 149.56.24.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 2615
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;149.56.24.8.			IN	A

;; AUTHORITY SECTION:
.			456	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019110400 1800 900 604800 86400

;; Query time: 111 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Nov 04 20:34:52 CST 2019
;; MSG SIZE  rcvd: 115

HOST信息:

8.24.56.149.in-addr.arpa domain name pointer srv.1libertygroup.com.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
8.24.56.149.in-addr.arpa	name = srv.1libertygroup.com.

Authoritative answers can be found from:

IP	类型	评论内容	时间
109.117.53.134	attack	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/109.117.53.134/ IT - 1H : (47) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : IT NAME ASN : ASN30722 IP : 109.117.53.134 CIDR : 109.117.0.0/18 PREFIX COUNT : 323 UNIQUE IP COUNT : 5230848 WYKRYTE ATAKI Z ASN30722 : 1H - 1 3H - 2 6H - 3 12H - 3 24H - 5 INFO : SYN Flood DDoS Attack Denial-of-Service Attack (DoS) Detected and Blocked by ADMIN - data recovery	2019-09-20 20:52:30
77.53.102.51	attack	Port Scan: TCP/5555	2019-09-20 20:22:24
45.42.79.253	attackbotsspam	Port Scan: TCP/5555	2019-09-20 20:28:44
115.171.20.3	attack	Port Scan: TCP/22	2019-09-20 20:50:17
196.52.43.59	attackspam	Port scan attempt detected by AWS-CCS, CTS, India	2019-09-20 20:39:49
64.6.123.66	attackbotsspam	Port Scan: UDP/137	2019-09-20 21:02:21
193.252.2.112	attackbotsspam	Port Scan: TCP/445	2019-09-20 20:40:32
59.21.226.218	attackbotsspam	Port Scan: TCP/8080	2019-09-20 21:04:34
50.63.14.7	attack	Port Scan: TCP/445	2019-09-20 20:27:04
158.69.59.90	attackbots	Port Scan: TCP/587	2019-09-20 20:46:14
201.229.93.157	attackspambots	Port Scan: TCP/23	2019-09-20 20:38:29
69.10.46.99	attackspambots	failed logon to email server	2019-09-20 20:59:14
63.142.57.106	attackbotsspam	Port Scan: UDP/137	2019-09-20 21:02:59
103.140.194.15	attackbotsspam	Port Scan: TCP/445	2019-09-20 20:18:19
12.235.255.106	attackspambots	Port Scan: UDP/53	2019-09-20 20:33:18

最近上报的IP列表

203.210.197.140	171.234.131.227	51.15.84.19	189.128.151.78
103.129.104.226	14.187.196.205	49.232.109.93	13.76.231.235
136.169.21.26	177.139.177.94	36.92.7.35	125.211.217.121
60.251.190.175	60.251.190.176	168.181.49.200	142.4.31.86
180.230.181.14	177.45.48.252	59.92.216.207	2.27.74.35