155.94.139.52 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): QuadraNet Enterprises LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	RU - 1H : (192) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : RU NAME ASN : ASN8100 IP : 155.94.139.52 CIDR : 155.94.136.0/21 PREFIX COUNT : 593 UNIQUE IP COUNT : 472064 WYKRYTE ATAKI Z ASN8100 : 1H - 1 3H - 2 6H - 3 12H - 10 24H - 21 INFO : Looking for resource vulnerabilities 403 Detected and Blocked by ADMIN - data recovery https://help-dysk.pl	2019-09-12 22:44:45

类型

评论内容

时间

attack

RU - 1H : (192)  Protection Against DDoS WordPress plugin :  
 "odzyskiwanie danych help-dysk" 
 IP Address Ranges by Country : RU 
 NAME ASN : ASN8100 
 
 IP : 155.94.139.52 
 
 CIDR : 155.94.136.0/21 
 
 PREFIX COUNT : 593 
 
 UNIQUE IP COUNT : 472064 
 
 
 WYKRYTE ATAKI Z ASN8100 :  
  1H - 1 
  3H - 2 
  6H - 3 
 12H - 10 
 24H - 21 
 
 INFO : Looking for resource vulnerabilities 403 Detected and Blocked by ADMIN  - data recovery 
  https://help-dysk.pl

2019-09-12 22:44:45

相同子网IP讨论:

IP	类型	评论内容	时间
155.94.139.193	attackspam	RU - 1H : (193) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : RU NAME ASN : ASN8100 IP : 155.94.139.193 CIDR : 155.94.136.0/21 PREFIX COUNT : 593 UNIQUE IP COUNT : 472064 WYKRYTE ATAKI Z ASN8100 : 1H - 2 3H - 3 6H - 4 12H - 11 24H - 22 INFO : Looking for resource vulnerabilities 403 Detected and Blocked by ADMIN - data recovery https://help-dysk.pl	2019-09-12 22:44:13
155.94.139.116	attackbots	WordPress XMLRPC scan :: 155.94.139.116 0.184 BYPASS [15/Aug/2019:09:33:15 1000] www.[censored_1] "POST /xmlrpc.php HTTP/1.1" 200 415 "https://www.[censored_1]/" "PHP/6.2.34"	2019-08-15 10:05:55

类型

评论内容

时间

155.94.139.193

attackspam

RU - 1H : (193)  Protection Against DDoS WordPress plugin :  
 "odzyskiwanie danych help-dysk" 
 IP Address Ranges by Country : RU 
 NAME ASN : ASN8100 
 
 IP : 155.94.139.193 
 
 CIDR : 155.94.136.0/21 
 
 PREFIX COUNT : 593 
 
 UNIQUE IP COUNT : 472064 
 
 
 WYKRYTE ATAKI Z ASN8100 :  
  1H - 2 
  3H - 3 
  6H - 4 
 12H - 11 
 24H - 22 
 
 INFO : Looking for resource vulnerabilities 403 Detected and Blocked by ADMIN  - data recovery 
  https://help-dysk.pl

2019-09-12 22:44:13

155.94.139.116

attackbots

WordPress XMLRPC scan :: 155.94.139.116 0.184 BYPASS [15/Aug/2019:09:33:15  1000] www.[censored_1] "POST /xmlrpc.php HTTP/1.1" 200 415 "https://www.[censored_1]/" "PHP/6.2.34"

2019-08-15 10:05:55

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 155.94.139.52
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41094
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;155.94.139.52.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019091200 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu Sep 12 22:44:35 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

52.139.94.155.in-addr.arpa domain name pointer 155.94.139.52.static.quadranet.com.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
52.139.94.155.in-addr.arpa	name = 155.94.139.52.static.quadranet.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
112.85.42.88	attack	2019-07-06T10:59:51.018307abusebot-2.cloudsearch.cf sshd\[8524\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.88 user=root	2019-07-06 19:31:58
120.192.201.22	attack	'IP reached maximum auth failures for a one day block'	2019-07-06 18:59:45
116.72.48.49	attackbotsspam	Telnet Server BruteForce Attack	2019-07-06 19:03:07
213.32.75.17	attackspam	\[Sat Jul 06 05:37:55.484664 2019\] \[authz_core:error\] \[pid 7253:tid 139998629906176\] \[client 213.32.75.17:60680\] AH01630: client denied by server configuration: /var/www/cyberhill/.user.ini, referer: https://www.cyberhill.fr/.user.ini ...	2019-07-06 19:18:09
148.70.71.137	attackspam	Jul 6 07:41:20 MK-Soft-Root2 sshd\[24138\]: Invalid user electrical from 148.70.71.137 port 43908 Jul 6 07:41:20 MK-Soft-Root2 sshd\[24138\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.70.71.137 Jul 6 07:41:23 MK-Soft-Root2 sshd\[24138\]: Failed password for invalid user electrical from 148.70.71.137 port 43908 ssh2 ...	2019-07-06 19:22:04
198.211.118.157	attack	Jul 6 07:26:24 localhost sshd\[3331\]: Invalid user doku from 198.211.118.157 port 40292 Jul 6 07:26:24 localhost sshd\[3331\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.211.118.157 Jul 6 07:26:26 localhost sshd\[3331\]: Failed password for invalid user doku from 198.211.118.157 port 40292 ssh2	2019-07-06 19:35:42
54.36.118.64	attackspambots	\[2019-07-06 12:56:41\] SECURITY\[3671\] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2019-07-06T12:56:41.445+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="\",SessionID="946733719-1382275394-1693585012",LocalAddress="IPV4/UDP/188.40.118.248/5060",RemoteAddress="IPV4/UDP/54.36.118.64/54661",Challenge="1562410601/ec20cb912c83b8fb222a96718bc12dd1",Response="56791a7e2062067b5d0ebfd0101e9e31",ExpectedResponse="" \[2019-07-06 12:56:41\] SECURITY\[3671\] res_security_log.c: SecurityEvent="ChallengeResponseFailed",EventTV="2019-07-06T12:56:41.518+0200",Severity="Error",Service="PJSIP",EventVersion="1",AccountID="\",SessionID="946733719-1382275394-1693585012",LocalAddress="IPV4/UDP/188.40.118.248/5060",RemoteAddress="IPV4/UDP/54.36.118.64/54661",Challenge="1562410601/ec20cb912c83b8fb222a96718bc12dd1",Response="5ae3eeb8491d127915acfa3d4af1cffa",ExpectedResponse="" \[2019-07-06 12:56:41\] SECURITY\[3671\] res_security_log.c: SecurityEvent="ChallengeRespon	2019-07-06 19:32:58
83.216.109.154	attack	Jul 6 05:37:13 host sshd\[62456\]: Invalid user pi from 83.216.109.154 port 59528 Jul 6 05:37:14 host sshd\[62458\]: Invalid user pi from 83.216.109.154 port 59530 ...	2019-07-06 19:25:03
143.208.187.221	attack	Jul 5 22:38:02 mailman postfix/smtpd[23194]: warning: unknown[143.208.187.221]: SASL PLAIN authentication failed: authentication failure	2019-07-06 19:15:14
168.243.232.149	attack	Jul 6 13:33:41 srv-4 sshd\[32684\]: Invalid user tesa from 168.243.232.149 Jul 6 13:33:41 srv-4 sshd\[32684\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.243.232.149 Jul 6 13:33:43 srv-4 sshd\[32684\]: Failed password for invalid user tesa from 168.243.232.149 port 54985 ssh2 ...	2019-07-06 19:12:43
51.39.129.232	attackbots	2019-07-03 16:48:22 H=([51.39.129.232]) [51.39.129.232]:54262 I=[10.100.18.21]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=51.39.129.232) 2019-07-03 16:48:22 unexpected disconnection while reading SMTP command from ([51.39.129.232]) [51.39.129.232]:54262 I=[10.100.18.21]:25 (error: Connection reset by peer) 2019-07-03 18:15:24 H=([51.39.129.232]) [51.39.129.232]:37934 I=[10.100.18.21]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=51.39.129.232) ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=51.39.129.232	2019-07-06 19:10:46
118.26.25.185	attackbotsspam	Jul 6 05:26:45 Ubuntu-1404-trusty-64-minimal sshd\[28084\]: Invalid user ts3 from 118.26.25.185 Jul 6 05:26:45 Ubuntu-1404-trusty-64-minimal sshd\[28084\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.25.185 Jul 6 05:26:47 Ubuntu-1404-trusty-64-minimal sshd\[28084\]: Failed password for invalid user ts3 from 118.26.25.185 port 54262 ssh2 Jul 6 05:37:55 Ubuntu-1404-trusty-64-minimal sshd\[3828\]: Invalid user zimbra from 118.26.25.185 Jul 6 05:37:55 Ubuntu-1404-trusty-64-minimal sshd\[3828\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.26.25.185	2019-07-06 19:18:38
115.150.224.139	attackbots	ssh failed login	2019-07-06 19:39:37
112.80.33.146	attack	2019-07-06T13:37:55.401639luisaranguren sshd[15750]: Connection from 112.80.33.146 port 13178 on 10.10.10.6 port 22 2019-07-06T13:37:59.772607luisaranguren sshd[15750]: error: PAM: Authentication failure for root from 112.80.33.146 2019-07-06T13:37:59.773008luisaranguren sshd[15750]: Failed keyboard-interactive/pam for root from 112.80.33.146 port 13178 ssh2 2019-07-06T13:37:55.401639luisaranguren sshd[15750]: Connection from 112.80.33.146 port 13178 on 10.10.10.6 port 22 2019-07-06T13:37:59.772607luisaranguren sshd[15750]: error: PAM: Authentication failure for root from 112.80.33.146 2019-07-06T13:37:59.773008luisaranguren sshd[15750]: Failed keyboard-interactive/pam for root from 112.80.33.146 port 13178 ssh2 ...	2019-07-06 19:16:38
195.103.207.149	attackbots	NAME : NEOMEDIA CIDR : 195.103.207.0/24 DDoS attack Italy - block certain countries :) IP: 195.103.207.149 Denial-of-Service Attack (DoS) Detected and Blocked by ADMIN - data recovery https://help-dysk.pl	2019-07-06 19:16:05

最近上报的IP列表

1.175.174.81	99.197.247.43	212.139.51.106	61.161.108.152
119.51.237.189	210.1.225.73	151.106.8.40	223.195.159.201
65.153.161.204	197.99.6.156	116.73.65.160	177.154.238.94
102.39.62.157	126.108.127.226	205.59.57.109	85.220.71.238
104.205.19.201	185.167.33.247	116.111.193.115	125.163.38.254