159.203.100.20

基本信息:

城市(city): Clifton

省份(region): New Jersey

国家(country): United States

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): DigitalOcean, LLC

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	May 11 07:54:47 server sshd\[85786\]: Invalid user dw from 159.203.100.20 May 11 07:54:47 server sshd\[85786\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.100.20 May 11 07:54:49 server sshd\[85786\]: Failed password for invalid user dw from 159.203.100.20 port 37496 ssh2 ...	2019-10-09 18:10:29
attackspambots	Jul 22 04:53:36 h2034429 sshd[11524]: Invalid user alok from 159.203.100.20 Jul 22 04:53:36 h2034429 sshd[11524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.100.20 Jul 22 04:53:37 h2034429 sshd[11524]: Failed password for invalid user alok from 159.203.100.20 port 49732 ssh2 Jul 22 04:53:37 h2034429 sshd[11524]: Received disconnect from 159.203.100.20 port 49732:11: Bye Bye [preauth] Jul 22 04:53:37 h2034429 sshd[11524]: Disconnected from 159.203.100.20 port 49732 [preauth] Jul 22 05:00:08 h2034429 sshd[11586]: Invalid user emerson from 159.203.100.20 Jul 22 05:00:08 h2034429 sshd[11586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.100.20 Jul 22 05:00:11 h2034429 sshd[11586]: Failed password for invalid user emerson from 159.203.100.20 port 46946 ssh2 Jul 22 05:00:11 h2034429 sshd[11586]: Received disconnect from 159.203.100.20 port 46946:11: Bye Bye [preauth] Jul 22........ -------------------------------	2019-07-22 11:54:48
attackbots	Invalid user wolf from 159.203.100.20 port 56346	2019-07-21 07:09:33
attack	May 11 07:54:47 server sshd\[85786\]: Invalid user dw from 159.203.100.20 May 11 07:54:47 server sshd\[85786\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.100.20 May 11 07:54:49 server sshd\[85786\]: Failed password for invalid user dw from 159.203.100.20 port 37496 ssh2 ...	2019-07-12 00:48:14
attack	07.07.2019 00:48:27 SSH access blocked by firewall	2019-07-07 09:13:37

相同子网IP讨论:

IP	类型	评论内容	时间
159.203.100.71	attackspambots	port	2020-03-31 09:39:01
159.203.100.30	attackbots	lfd: (smtpauth) Failed SMTP AUTH login from 159.203.100.30 (US/United States/-): 5 in the last 3600 secs - Sun Sep 16 00:57:19 2018	2020-03-09 06:17:25
159.203.100.175	attack	firewall-block, port(s): 6379/tcp	2019-11-30 20:04:23
159.203.100.183	attack	[SunJun2311:49:57.5628992019][:error][pid10285:tid47523410122496][client159.203.100.183:57988][client159.203.100.183]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"Datanyze"atREQUEST_HEADERS:user-agent.[file"/usr/local/apache.ea3/conf/modsec_rules/20_asl_useragents.conf"][line"68"][id"337749"][rev"2"][msg"Atomicorp.comWAFRules:Datanyzebotblocked"][severity"ERROR"][hostname"pharabouth.com"][uri"/"][unique_id"XQ9LRU5z9z70WZ-ioj8-yQAAAM0"]\,referer:http://pharabouth.com[SunJun2311:49:58.7172552019][:error][pid3160:tid47523391211264][client159.203.100.183:43330][client159.203.100.183]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch"Datanyze"atREQUEST_HEADERS:user-agent.[file"/usr/local/apache.ea3/conf/modsec_rules/20_asl_useragents.conf"][line"68"][id"337749"][rev"2"][msg"Atomicorp.comWAFRules:Datanyzebotblocked"][severity"ERROR"][hostname"pharabouth.com"][uri"/403.shtml"][unique_id"XQ9LRr7rq23X7ZmJ1O51OwAAAAQ"]\,referer:http://pharabouth.com/	2019-06-24 01:22:06

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 159.203.100.20
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42537
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;159.203.100.20.			IN	A

;; AUTHORITY SECTION:
.			3544	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019041400 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Sun Apr 14 22:01:38 +08 2019
;; MSG SIZE  rcvd: 118

HOST信息:

Host 20.100.203.159.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 20.100.203.159.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
123.31.26.113	attack	Oct 29 04:52:14 andromeda postfix/smtpd\[36536\]: warning: unknown\[123.31.26.113\]: SASL LOGIN authentication failed: authentication failure Oct 29 04:52:18 andromeda postfix/smtpd\[37407\]: warning: unknown\[123.31.26.113\]: SASL LOGIN authentication failed: authentication failure Oct 29 04:52:24 andromeda postfix/smtpd\[37518\]: warning: unknown\[123.31.26.113\]: SASL LOGIN authentication failed: authentication failure Oct 29 04:52:30 andromeda postfix/smtpd\[50351\]: warning: unknown\[123.31.26.113\]: SASL LOGIN authentication failed: authentication failure Oct 29 04:52:37 andromeda postfix/smtpd\[37525\]: warning: unknown\[123.31.26.113\]: SASL LOGIN authentication failed: authentication failure	2019-10-29 15:41:04
106.13.136.3	attack	Oct 29 07:04:21 root sshd[3174]: Failed password for root from 106.13.136.3 port 51802 ssh2 Oct 29 07:09:50 root sshd[3267]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.136.3 Oct 29 07:09:52 root sshd[3267]: Failed password for invalid user lf from 106.13.136.3 port 60710 ssh2 ...	2019-10-29 16:07:37
171.221.230.220	attackspambots	Oct 29 06:21:13 ms-srv sshd[45360]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.221.230.220 user=root Oct 29 06:21:15 ms-srv sshd[45360]: Failed password for invalid user root from 171.221.230.220 port 6842 ssh2	2019-10-29 16:11:52
101.124.6.112	attackspam	Oct 28 20:03:03 php1 sshd\[8148\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.124.6.112 user=root Oct 28 20:03:05 php1 sshd\[8148\]: Failed password for root from 101.124.6.112 port 34390 ssh2 Oct 28 20:07:42 php1 sshd\[8685\]: Invalid user sysadmin from 101.124.6.112 Oct 28 20:07:42 php1 sshd\[8685\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.124.6.112 Oct 28 20:07:44 php1 sshd\[8685\]: Failed password for invalid user sysadmin from 101.124.6.112 port 41884 ssh2	2019-10-29 16:12:51
58.87.77.250	attackspambots	[Aegis] @ 2019-10-29 04:50:57 0000 -> Attempted User Privilege Gain: SERVER-WEBAPP Joomla JDatabaseDriverMysqli unserialize code execution attempt	2019-10-29 16:10:06
190.121.195.219	attackbotsspam	namecheap spam	2019-10-29 16:05:03
145.239.0.81	attackbotsspam	\[2019-10-29 04:16:59\] SECURITY\[2634\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-10-29T04:16:59.656-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="99047187410018647127882",SessionID="0x7fdf2cc7a718",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/145.239.0.81/49584",ACLName="no_extension_match" \[2019-10-29 04:17:05\] SECURITY\[2634\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-10-29T04:17:05.790-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="99047185410018647127882",SessionID="0x7fdf2cccf908",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/145.239.0.81/54083",ACLName="no_extension_match" \[2019-10-29 04:17:11\] SECURITY\[2634\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-10-29T04:17:11.997-0400",Severity="Error",Service="SIP",EventVersion="1",AccountID="99047184410018647127882",SessionID="0x7fdf2cc27d48",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/145.239.0.81/6	2019-10-29 16:19:38
178.65.92.113	attackspambots	Chat Spam	2019-10-29 15:54:29
202.86.222.34	attackspambots	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/202.86.222.34/ BD - 1H : (13) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : BD NAME ASN : ASN63969 IP : 202.86.222.34 CIDR : 202.86.222.0/24 PREFIX COUNT : 53 UNIQUE IP COUNT : 13568 ATTACKS DETECTED ASN63969 : 1H - 1 3H - 1 6H - 1 12H - 1 24H - 1 DateTime : 2019-10-29 04:52:14 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-10-29 15:51:09
94.177.199.246	attackspam	Muieblackcat Scanner Request	2019-10-29 15:45:58
5.249.144.206	attack	2019-10-29T04:03:10.783787shield sshd\[30714\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.249.144.206 user=root 2019-10-29T04:03:12.940867shield sshd\[30714\]: Failed password for root from 5.249.144.206 port 56822 ssh2 2019-10-29T04:07:12.442921shield sshd\[31682\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.249.144.206 user=root 2019-10-29T04:07:14.821011shield sshd\[31682\]: Failed password for root from 5.249.144.206 port 39074 ssh2 2019-10-29T04:11:22.222958shield sshd\[32584\]: Invalid user dusseldorf from 5.249.144.206 port 49574	2019-10-29 16:10:34
198.245.63.94	attack	Oct 29 08:08:57 venus sshd\[27360\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.245.63.94 user=root Oct 29 08:08:59 venus sshd\[27360\]: Failed password for root from 198.245.63.94 port 50796 ssh2 Oct 29 08:13:26 venus sshd\[27428\]: Invalid user com from 198.245.63.94 port 43026 ...	2019-10-29 16:14:40
182.219.172.224	attackspambots	Oct 29 07:57:42 MK-Soft-Root2 sshd[22905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.219.172.224 Oct 29 07:57:44 MK-Soft-Root2 sshd[22905]: Failed password for invalid user admin from 182.219.172.224 port 37644 ssh2 ...	2019-10-29 15:47:37
46.176.164.87	attack	Telnet Server BruteForce Attack	2019-10-29 16:07:53
185.234.216.189	attack	this ip is attempting to access my server control panel	2019-10-29 15:41:51

最近上报的IP列表

177.74.239.69	190.152.214.178	115.216.172.215	123.206.196.62
164.132.12.30	119.135.124.143	5.188.86.198	103.81.87.75
158.140.189.62	200.68.137.183	203.165.67.63	203.19.34.222
201.242.44.20	188.251.177.138	116.53.10.247	205.209.176.236
59.47.71.110	192.162.100.33	42.231.122.177	218.146.119.67