159.89.195.16 - IPInfo

基本信息:

城市(city): Singapore

省份(region): unknown

国家(country): Singapore

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): DigitalOcean, LLC

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	159.89.195.16 - - \[03/Aug/2019:20:10:39 +0200\] "POST /wp-login.php HTTP/1.1" 200 2110 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 159.89.195.16 - - \[03/Aug/2019:20:10:42 +0200\] "POST /wp-login.php HTTP/1.1" 200 2113 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" ...	2019-08-04 08:54:27
attack	159.89.195.16 - - [07/Jul/2019:01:11:15 +0200] "GET /wp-login.php HTTP/1.1" 200 4405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.195.16 - - [07/Jul/2019:01:11:16 +0200] "POST /wp-login.php HTTP/1.1" 200 4405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.195.16 - - [07/Jul/2019:01:11:17 +0200] "GET /wp-login.php HTTP/1.1" 200 4405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.195.16 - - [07/Jul/2019:01:11:18 +0200] "POST /wp-login.php HTTP/1.1" 200 4405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.195.16 - - [07/Jul/2019:01:11:19 +0200] "GET /wp-login.php HTTP/1.1" 200 4405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 159.89.195.16 - - [07/Jul/2019:01:11:19 +0200] "POST /wp-login.php HTTP/1.1" 200 4405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-07-07 09:47:46
attackspambots	Scanning and Vuln Attempts	2019-06-26 13:50:10
attack	WordPress login Brute force / Web App Attack on client site.	2019-06-24 15:18:31

相同子网IP讨论:

IP	类型	评论内容	时间
159.89.195.18	attack	20+hits port 80: ET EXPLOIT Possible VXWORKS Urgent11 RCE Attempt - Urgent Flag Other attacks against Wordpress /wp-content/...	2020-10-05 06:09:54
159.89.195.18	attackspam	20+hits port 80: ET EXPLOIT Possible VXWORKS Urgent11 RCE Attempt - Urgent Flag Other attacks against Wordpress /wp-content/...	2020-10-04 22:09:02
159.89.195.18	attackspam	20+hits port 80: ET EXPLOIT Possible VXWORKS Urgent11 RCE Attempt - Urgent Flag Other attacks against Wordpress /wp-content/...	2020-10-04 13:55:44
159.89.195.29	attackspambots	Lines containing failures of 159.89.195.29 Aug 20 23:24:20 new sshd[20023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.195.29 user=r.r Aug 20 23:24:23 new sshd[20023]: Failed password for r.r from 159.89.195.29 port 38422 ssh2 Aug 20 23:24:23 new sshd[20023]: Received disconnect from 159.89.195.29 port 38422:11: Bye Bye [preauth] Aug 20 23:24:23 new sshd[20023]: Disconnected from authenticating user r.r 159.89.195.29 port 38422 [preauth] Aug 20 23:38:40 new sshd[24577]: Invalid user dice from 159.89.195.29 port 48088 Aug 20 23:38:40 new sshd[24577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.89.195.29 Aug 20 23:38:42 new sshd[24577]: Failed password for invalid user dice from 159.89.195.29 port 48088 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=159.89.195.29	2020-08-23 20:39:13
159.89.195.209	attack	Invalid user ubnt from 159.89.195.209 port 61927	2020-01-15 04:36:04
159.89.195.209	attack	Invalid user admin from 159.89.195.209 port 55301	2020-01-10 23:04:54
159.89.195.134	attack	Jul 1 15:42:39 wildwolf ssh-honeypotd[26164]: Failed password for r.r from 159.89.195.134 port 58950 ssh2 (target: 158.69.100.139:22, password: r.r) Jul 1 15:42:42 wildwolf ssh-honeypotd[26164]: Failed password for admin from 159.89.195.134 port 32840 ssh2 (target: 158.69.100.139:22, password: admin) Jul 1 15:42:44 wildwolf ssh-honeypotd[26164]: Failed password for admin from 159.89.195.134 port 35042 ssh2 (target: 158.69.100.139:22, password: 1234) Jul 1 15:42:46 wildwolf ssh-honeypotd[26164]: Failed password for user from 159.89.195.134 port 37204 ssh2 (target: 158.69.100.139:22, password: user) Jul 1 15:42:48 wildwolf ssh-honeypotd[26164]: Failed password for ubnt from 159.89.195.134 port 39380 ssh2 (target: 158.69.100.139:22, password: ubnt) Jul 1 15:42:51 wildwolf ssh-honeypotd[26164]: Failed password for admin from 159.89.195.134 port 41422 ssh2 (target: 158.69.100.139:22, password: password) Jul 1 15:42:53 wildwolf ssh-honeypotd[26164]: Failed password for ........ ------------------------------	2019-07-03 11:21:49

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 159.89.195.16
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41778
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;159.89.195.16.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019061702 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Tue Jun 18 16:00:40 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

16.195.89.159.in-addr.arpa domain name pointer sg1.xdehalbro.com.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
16.195.89.159.in-addr.arpa	name = sg1.xdehalbro.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
27.124.11.2	attackspambots	CloudCIX Reconnaissance Scan Detected, PTR: PTR record not found	2019-09-30 18:52:52
200.131.242.2	attackspam	Sep 30 12:31:20 meumeu sshd[6316]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.131.242.2 Sep 30 12:31:22 meumeu sshd[6316]: Failed password for invalid user kevin from 200.131.242.2 port 48992 ssh2 Sep 30 12:35:54 meumeu sshd[7004]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.131.242.2 ...	2019-09-30 18:39:06
188.166.42.87	attack	CloudCIX Reconnaissance Scan Detected, PTR: PTR record not found	2019-09-30 19:18:58
185.234.217.115	attackspam	MYH,DEF GET /wp-login.php GET //wp-login.php	2019-09-30 18:44:41
181.49.117.166	attackspambots	Sep 30 01:42:37 TORMINT sshd\[5121\]: Invalid user produccion from 181.49.117.166 Sep 30 01:42:37 TORMINT sshd\[5121\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.49.117.166 Sep 30 01:42:39 TORMINT sshd\[5121\]: Failed password for invalid user produccion from 181.49.117.166 port 57424 ssh2 ...	2019-09-30 19:02:35
203.192.231.218	attackspam	Sep 29 18:36:29 wbs sshd\[18559\]: Invalid user do from 203.192.231.218 Sep 29 18:36:29 wbs sshd\[18559\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.192.231.218 Sep 29 18:36:31 wbs sshd\[18559\]: Failed password for invalid user do from 203.192.231.218 port 34356 ssh2 Sep 29 18:40:43 wbs sshd\[19055\]: Invalid user iony from 203.192.231.218 Sep 29 18:40:43 wbs sshd\[19055\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.192.231.218	2019-09-30 19:12:56
49.88.112.85	attackspam	2019-09-30T17:59:51.859989enmeeting.mahidol.ac.th sshd\[5656\]: User root from 49.88.112.85 not allowed because not listed in AllowUsers 2019-09-30T17:59:52.278996enmeeting.mahidol.ac.th sshd\[5656\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.85 user=root 2019-09-30T17:59:54.203509enmeeting.mahidol.ac.th sshd\[5656\]: Failed password for invalid user root from 49.88.112.85 port 28737 ssh2 ...	2019-09-30 19:01:00
211.64.67.48	attack	Sep 29 23:46:37 xtremcommunity sshd\[16480\]: Invalid user ovh from 211.64.67.48 port 56046 Sep 29 23:46:37 xtremcommunity sshd\[16480\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.64.67.48 Sep 29 23:46:39 xtremcommunity sshd\[16480\]: Failed password for invalid user ovh from 211.64.67.48 port 56046 ssh2 Sep 29 23:51:15 xtremcommunity sshd\[16549\]: Invalid user awsjava from 211.64.67.48 port 37038 Sep 29 23:51:15 xtremcommunity sshd\[16549\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.64.67.48 ...	2019-09-30 18:49:06
106.12.190.104	attack	Sep 30 06:54:40 jane sshd[7466]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.190.104 Sep 30 06:54:42 jane sshd[7466]: Failed password for invalid user r00t from 106.12.190.104 port 56990 ssh2 ...	2019-09-30 18:46:21
172.96.118.42	attackbots	Sep 30 09:24:14 rotator sshd\[31735\]: Failed password for root from 172.96.118.42 port 47136 ssh2Sep 30 09:24:16 rotator sshd\[31735\]: Failed password for root from 172.96.118.42 port 47136 ssh2Sep 30 09:24:19 rotator sshd\[31735\]: Failed password for root from 172.96.118.42 port 47136 ssh2Sep 30 09:24:22 rotator sshd\[31735\]: Failed password for root from 172.96.118.42 port 47136 ssh2Sep 30 09:24:25 rotator sshd\[31735\]: Failed password for root from 172.96.118.42 port 47136 ssh2Sep 30 09:24:27 rotator sshd\[31735\]: Failed password for root from 172.96.118.42 port 47136 ssh2 ...	2019-09-30 19:14:03
134.209.173.185	attackspambots	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/134.209.173.185/ NL - 1H : (129) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : NL NAME ASN : ASN14061 IP : 134.209.173.185 CIDR : 134.209.160.0/20 PREFIX COUNT : 490 UNIQUE IP COUNT : 1963008 WYKRYTE ATAKI Z ASN14061 : 1H - 3 3H - 10 6H - 19 12H - 32 24H - 37 INFO : SERVER - ABB - Looking for resource vulnerabilities Detected and Blocked by ADMIN - data recovery	2019-09-30 18:40:00
192.157.236.124	attackbots	SSH/22 MH Probe, BF, Hack -	2019-09-30 18:48:06
34.74.99.116	attackbotsspam	CloudCIX Reconnaissance Scan Detected, PTR: 116.99.74.34.bc.googleusercontent.com.	2019-09-30 18:56:49
89.248.167.131	attackbotsspam	Automatic report - Banned IP Access	2019-09-30 18:59:11
218.90.62.184	attackbots	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/218.90.62.184/ CN - 1H : (640) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : CN NAME ASN : ASN4134 IP : 218.90.62.184 CIDR : 218.90.0.0/18 PREFIX COUNT : 5430 UNIQUE IP COUNT : 106919680 WYKRYTE ATAKI Z ASN4134 : 1H - 5 3H - 19 6H - 31 12H - 61 24H - 131 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-09-30 18:45:25

最近上报的IP列表

41.185.232.142	118.24.236.156	14.124.115.179	111.0.230.173
60.61.184.70	112.237.48.123	217.255.229.210	114.221.93.60
92.221.63.15	184.22.120.117	193.58.38.136	110.200.246.103
35.54.1.226	109.194.200.184	104.133.19.154	86.108.21.210
187.19.18.217	35.60.85.77	103.9.195.181	110.18.127.163