155.94.139.52 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): QuadraNet Enterprises LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	RU - 1H : (192) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : RU NAME ASN : ASN8100 IP : 155.94.139.52 CIDR : 155.94.136.0/21 PREFIX COUNT : 593 UNIQUE IP COUNT : 472064 WYKRYTE ATAKI Z ASN8100 : 1H - 1 3H - 2 6H - 3 12H - 10 24H - 21 INFO : Looking for resource vulnerabilities 403 Detected and Blocked by ADMIN - data recovery https://help-dysk.pl	2019-09-12 22:44:45

类型

评论内容

时间

attack

RU - 1H : (192)  Protection Against DDoS WordPress plugin :  
 "odzyskiwanie danych help-dysk" 
 IP Address Ranges by Country : RU 
 NAME ASN : ASN8100 
 
 IP : 155.94.139.52 
 
 CIDR : 155.94.136.0/21 
 
 PREFIX COUNT : 593 
 
 UNIQUE IP COUNT : 472064 
 
 
 WYKRYTE ATAKI Z ASN8100 :  
  1H - 1 
  3H - 2 
  6H - 3 
 12H - 10 
 24H - 21 
 
 INFO : Looking for resource vulnerabilities 403 Detected and Blocked by ADMIN  - data recovery 
  https://help-dysk.pl

2019-09-12 22:44:45

相同子网IP讨论:

IP	类型	评论内容	时间
155.94.139.193	attackspam	RU - 1H : (193) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : RU NAME ASN : ASN8100 IP : 155.94.139.193 CIDR : 155.94.136.0/21 PREFIX COUNT : 593 UNIQUE IP COUNT : 472064 WYKRYTE ATAKI Z ASN8100 : 1H - 2 3H - 3 6H - 4 12H - 11 24H - 22 INFO : Looking for resource vulnerabilities 403 Detected and Blocked by ADMIN - data recovery https://help-dysk.pl	2019-09-12 22:44:13
155.94.139.116	attackbots	WordPress XMLRPC scan :: 155.94.139.116 0.184 BYPASS [15/Aug/2019:09:33:15 1000] www.[censored_1] "POST /xmlrpc.php HTTP/1.1" 200 415 "https://www.[censored_1]/" "PHP/6.2.34"	2019-08-15 10:05:55

类型

评论内容

时间

155.94.139.193

attackspam

RU - 1H : (193)  Protection Against DDoS WordPress plugin :  
 "odzyskiwanie danych help-dysk" 
 IP Address Ranges by Country : RU 
 NAME ASN : ASN8100 
 
 IP : 155.94.139.193 
 
 CIDR : 155.94.136.0/21 
 
 PREFIX COUNT : 593 
 
 UNIQUE IP COUNT : 472064 
 
 
 WYKRYTE ATAKI Z ASN8100 :  
  1H - 2 
  3H - 3 
  6H - 4 
 12H - 11 
 24H - 22 
 
 INFO : Looking for resource vulnerabilities 403 Detected and Blocked by ADMIN  - data recovery 
  https://help-dysk.pl

2019-09-12 22:44:13

155.94.139.116

attackbots

WordPress XMLRPC scan :: 155.94.139.116 0.184 BYPASS [15/Aug/2019:09:33:15  1000] www.[censored_1] "POST /xmlrpc.php HTTP/1.1" 200 415 "https://www.[censored_1]/" "PHP/6.2.34"

2019-08-15 10:05:55

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 155.94.139.52
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41094
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;155.94.139.52.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019091200 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu Sep 12 22:44:35 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

52.139.94.155.in-addr.arpa domain name pointer 155.94.139.52.static.quadranet.com.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
52.139.94.155.in-addr.arpa	name = 155.94.139.52.static.quadranet.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
218.92.0.145	attackbots	Mar 13 08:41:31 combo sshd[25611]: Failed password for root from 218.92.0.145 port 23127 ssh2 Mar 13 08:41:34 combo sshd[25611]: Failed password for root from 218.92.0.145 port 23127 ssh2 Mar 13 08:41:38 combo sshd[25611]: Failed password for root from 218.92.0.145 port 23127 ssh2 ...	2020-03-13 16:46:49
167.99.74.187	attackspambots	2020-03-13T08:54:31.661488randservbullet-proofcloud-66.localdomain sshd[18157]: Invalid user sql from 167.99.74.187 port 33456 2020-03-13T08:54:31.665637randservbullet-proofcloud-66.localdomain sshd[18157]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.74.187 2020-03-13T08:54:31.661488randservbullet-proofcloud-66.localdomain sshd[18157]: Invalid user sql from 167.99.74.187 port 33456 2020-03-13T08:54:33.258834randservbullet-proofcloud-66.localdomain sshd[18157]: Failed password for invalid user sql from 167.99.74.187 port 33456 ssh2 ...	2020-03-13 17:03:46
193.91.74.109	attackspambots	Automatic report - Port Scan Attack	2020-03-13 17:01:20
120.28.109.188	attackbots	Mar 13 07:45:51 h2779839 sshd[2884]: Invalid user angel from 120.28.109.188 port 59488 Mar 13 07:45:51 h2779839 sshd[2884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.28.109.188 Mar 13 07:45:51 h2779839 sshd[2884]: Invalid user angel from 120.28.109.188 port 59488 Mar 13 07:45:53 h2779839 sshd[2884]: Failed password for invalid user angel from 120.28.109.188 port 59488 ssh2 Mar 13 07:50:04 h2779839 sshd[2917]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.28.109.188 user=root Mar 13 07:50:06 h2779839 sshd[2917]: Failed password for root from 120.28.109.188 port 34272 ssh2 Mar 13 07:54:06 h2779839 sshd[2981]: Invalid user service from 120.28.109.188 port 37286 Mar 13 07:54:06 h2779839 sshd[2981]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.28.109.188 Mar 13 07:54:06 h2779839 sshd[2981]: Invalid user service from 120.28.109.188 port 37286 Mar 13 ...	2020-03-13 16:17:50
167.114.14.145	attackbotsspam	10 attempts against mh-misc-ban on soil	2020-03-13 16:52:20
94.180.58.238	attackbotsspam	Invalid user pramod from 94.180.58.238 port 35590	2020-03-13 16:38:07
119.250.100.135	attackspam	Robots ignored. Multiple log-reports "Access denied". Probable participation in a distributed denial of service action_	2020-03-13 16:15:47
63.82.48.99	attackbotsspam	Mar 13 04:33:31 mail.srvfarm.net postfix/smtpd[2258471]: NOQUEUE: reject: RCPT from unknown[63.82.48.99]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo= Mar 13 04:36:19 mail.srvfarm.net postfix/smtpd[2269485]: NOQUEUE: reject: RCPT from unknown[63.82.48.99]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo= Mar 13 04:36:42 mail.srvfarm.net postfix/smtpd[2272686]: NOQUEUE: reject: RCPT from unknown[63.82.48.99]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo= Mar 13 04:36:57 mail.srvfarm.net postfix/smtpd[2270461]: NOQUEUE: reject: RCPT from unknown[63.82.48.99]: 450 4.1.8 : Sende	2020-03-13 16:36:17
106.13.199.79	attack	2020-03-13T07:58:21.476438vps773228.ovh.net sshd[22432]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.199.79 user=root 2020-03-13T07:58:23.210166vps773228.ovh.net sshd[22432]: Failed password for root from 106.13.199.79 port 53830 ssh2 2020-03-13T08:09:04.474901vps773228.ovh.net sshd[26358]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.199.79 user=root 2020-03-13T08:09:06.480542vps773228.ovh.net sshd[26358]: Failed password for root from 106.13.199.79 port 34688 ssh2 2020-03-13T08:10:59.431767vps773228.ovh.net sshd[27072]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.199.79 user=root 2020-03-13T08:11:01.226616vps773228.ovh.net sshd[27072]: Failed password for root from 106.13.199.79 port 57324 ssh2 2020-03-13T08:12:50.811393vps773228.ovh.net sshd[27750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= ...	2020-03-13 16:27:26
45.133.99.2	attack	Mar 13 09:24:19 mailserver postfix/smtps/smtpd[98089]: lost connection after AUTH from unknown[45.133.99.2] Mar 13 09:24:19 mailserver postfix/smtps/smtpd[98089]: disconnect from unknown[45.133.99.2] Mar 13 09:24:19 mailserver postfix/smtps/smtpd[98089]: connect from unknown[45.133.99.2] Mar 13 09:24:25 mailserver postfix/smtps/smtpd[98089]: lost connection after AUTH from unknown[45.133.99.2] Mar 13 09:24:25 mailserver postfix/smtps/smtpd[98089]: disconnect from unknown[45.133.99.2] Mar 13 09:24:25 mailserver postfix/smtps/smtpd[98089]: connect from unknown[45.133.99.2] Mar 13 09:24:32 mailserver postfix/smtps/smtpd[98092]: connect from unknown[45.133.99.2] Mar 13 09:24:32 mailserver postfix/smtps/smtpd[98089]: lost connection after AUTH from unknown[45.133.99.2] Mar 13 09:24:32 mailserver postfix/smtps/smtpd[98089]: disconnect from unknown[45.133.99.2] Mar 13 09:24:35 mailserver dovecot: auth-worker(98091): sql([hidden],45.133.99.2): unknown user	2020-03-13 16:36:39
194.187.249.60	attackbots	B: Magento admin pass test (wrong country)	2020-03-13 16:15:28
103.74.239.110	attackspam	Brute-force attempt banned	2020-03-13 16:43:19
194.67.90.41	attack	Mar 13 06:49:46 sip sshd[12249]: Failed password for root from 194.67.90.41 port 52342 ssh2 Mar 13 07:01:35 sip sshd[15195]: Failed password for root from 194.67.90.41 port 54778 ssh2	2020-03-13 16:18:27
134.73.51.145	attack	Mar 13 05:56:28 mail.srvfarm.net postfix/smtpd[2296126]: NOQUEUE: reject: RCPT from unknown[134.73.51.145]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo= Mar 13 05:56:28 mail.srvfarm.net postfix/smtpd[2288887]: NOQUEUE: reject: RCPT from unknown[134.73.51.145]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo= Mar 13 05:56:28 mail.srvfarm.net postfix/smtpd[2296127]: NOQUEUE: reject: RCPT from unknown[134.73.51.145]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo= Mar 13 05:56:28 mail.srvfarm.net postfix/smtpd[2296131]: NOQUEUE: reject: RCPT from unknown[134.73.51.145]:	2020-03-13 16:35:14
49.88.112.112	attackspambots	Mar 13 15:30:59 webhost01 sshd[29094]: Failed password for root from 49.88.112.112 port 58278 ssh2 ...	2020-03-13 16:53:50

最近上报的IP列表

1.175.174.81	99.197.247.43	212.139.51.106	61.161.108.152
119.51.237.189	210.1.225.73	151.106.8.40	223.195.159.201
65.153.161.204	197.99.6.156	116.73.65.160	177.154.238.94
102.39.62.157	126.108.127.226	205.59.57.109	85.220.71.238
104.205.19.201	185.167.33.247	116.111.193.115	125.163.38.254