162.243.145.4 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States of America

运营商(isp): DigitalOcean LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	Honeypot hit: [2020-04-30 19:59:11 +0300] Connected from 162.243.145.4 to (HoneypotIP):21	2020-05-01 01:29:53

相同子网IP讨论:

IP	类型	评论内容	时间
162.243.145.195	attack	162.243.145.195 - - [01/Oct/2020:17:05:46 +0100] "POST /wp-login.php HTTP/1.1" 200 2596 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 162.243.145.195 - - [01/Oct/2020:17:05:48 +0100] "POST /wp-login.php HTTP/1.1" 200 2580 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 162.243.145.195 - - [01/Oct/2020:17:05:49 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-02 00:44:39
162.243.145.195	attackbots	162.243.145.195 - - [01/Oct/2020:09:22:59 +0100] "POST /wp-login.php HTTP/1.1" 200 2862 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 162.243.145.195 - - [01/Oct/2020:09:23:00 +0100] "POST /wp-login.php HTTP/1.1" 200 2831 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 162.243.145.195 - - [01/Oct/2020:09:23:02 +0100] "POST /wp-login.php HTTP/1.1" 200 2866 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-01 16:50:20
162.243.145.195	attack	162.243.145.195 - - [21/Sep/2020:16:10:29 +0200] "GET /wp-login.php HTTP/1.1" 200 8558 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 162.243.145.195 - - [21/Sep/2020:16:10:31 +0200] "POST /wp-login.php HTTP/1.1" 200 8809 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 162.243.145.195 - - [21/Sep/2020:16:10:32 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-22 00:20:13
162.243.145.195	attack	Automatic report generated by Wazuh	2020-09-21 16:01:43
162.243.145.195	attackspam	CMS (WordPress or Joomla) login attempt.	2020-09-21 07:55:55
162.243.145.195	attackspam	Sep 20 16:08:16 10.23.102.230 wordpress(www.ruhnke.cloud)[41055]: Blocked authentication attempt for admin from 162.243.145.195 ...	2020-09-20 22:49:49
162.243.145.195	attackbotsspam	162.243.145.195 - - \[20/Sep/2020:08:30:11 +0200\] "POST /wp-login.php HTTP/1.0" 200 9641 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 162.243.145.195 - - \[20/Sep/2020:08:30:13 +0200\] "POST /wp-login.php HTTP/1.0" 200 9639 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 162.243.145.195 - - \[20/Sep/2020:08:30:15 +0200\] "POST /wp-login.php HTTP/1.0" 200 9487 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-09-20 14:40:56
162.243.145.195	attack	162.243.145.195 - - \[19/Sep/2020:22:59:17 +0200\] "POST /wp-login.php HTTP/1.0" 200 8786 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 162.243.145.195 - - \[19/Sep/2020:22:59:20 +0200\] "POST /wp-login.php HTTP/1.0" 200 8612 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 162.243.145.195 - - \[19/Sep/2020:22:59:22 +0200\] "POST /wp-login.php HTTP/1.0" 200 8607 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-09-20 06:39:46
162.243.145.36	attack	[Fri Jun 12 05:30:57 2020] - DDoS Attack From IP: 162.243.145.36 Port: 35586	2020-07-16 21:19:34
162.243.145.80	attackbotsspam	[Mon Jun 15 02:54:26 2020] - DDoS Attack From IP: 162.243.145.80 Port: 35122	2020-07-16 20:47:35
162.243.145.9	attack	[Fri Jun 19 22:32:56 2020] - DDoS Attack From IP: 162.243.145.9 Port: 55083	2020-07-16 20:02:50
162.243.145.78	attackbots	[Sun Jun 21 02:59:49 2020] - DDoS Attack From IP: 162.243.145.78 Port: 38625	2020-07-16 19:59:34
162.243.145.36	attackbots	[Fri Jun 12 05:30:59 2020] - DDoS Attack From IP: 162.243.145.36 Port: 35586	2020-07-13 03:28:40
162.243.145.80	attack	[Mon Jun 15 02:54:28 2020] - DDoS Attack From IP: 162.243.145.80 Port: 35122	2020-07-13 03:13:20
162.243.145.9	attackbots	[Fri Jun 19 22:32:58 2020] - DDoS Attack From IP: 162.243.145.9 Port: 55083	2020-07-13 02:44:34

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 162.243.145.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59709
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;162.243.145.4.			IN	A

;; AUTHORITY SECTION:
.			535	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020043001 1800 900 604800 86400

;; Query time: 95 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri May 01 01:29:48 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

4.145.243.162.in-addr.arpa domain name pointer zg-0428c-706.stretchoid.com.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
4.145.243.162.in-addr.arpa	name = zg-0428c-706.stretchoid.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
37.5.227.212	attackspambots	Jul 19 10:11:10 h2421860 sshd[31770]: Invalid user pi from 37.5.227.212 Jul 19 10:11:10 h2421860 sshd[31769]: Invalid user pi from 37.5.227.212 Jul 19 10:11:10 h2421860 sshd[31769]: Connection closed by 37.5.227.212 [preauth] Jul 19 10:11:10 h2421860 sshd[31770]: Connection closed by 37.5.227.212 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=37.5.227.212	2020-07-19 19:14:31
61.164.246.45	attackspam	Jul 19 16:16:41 gw1 sshd[4515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.164.246.45 Jul 19 16:16:44 gw1 sshd[4515]: Failed password for invalid user upload from 61.164.246.45 port 55788 ssh2 ...	2020-07-19 19:22:44
221.2.144.39	attack	Jul 19 13:41:28 debian-2gb-nbg1-2 kernel: \[17417433.312148\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=221.2.144.39 DST=195.201.40.59 LEN=52 TOS=0x00 PREC=0x00 TTL=104 ID=1592 DF PROTO=TCP SPT=55215 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0	2020-07-19 19:46:20
52.172.194.247	attackspambots	2020-07-19T05:13:31.082891linuxbox-skyline sshd[75712]: Invalid user wf from 52.172.194.247 port 48282 ...	2020-07-19 19:30:36
123.6.5.104	attackspambots	Jul 19 12:35:05 [host] sshd[20380]: Invalid user i Jul 19 12:35:05 [host] sshd[20380]: pam_unix(sshd: Jul 19 12:35:07 [host] sshd[20380]: Failed passwor	2020-07-19 19:29:52
91.121.177.45	attackspam	Jul 19 10:53:26 scw-6657dc sshd[20757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.121.177.45 Jul 19 10:53:26 scw-6657dc sshd[20757]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.121.177.45 Jul 19 10:53:28 scw-6657dc sshd[20757]: Failed password for invalid user password from 91.121.177.45 port 57090 ssh2 ...	2020-07-19 19:21:28
85.209.0.12	attack	Last failed login from. SSH 22. This ip. I'm sure it's vk related	2020-07-19 19:48:37
112.85.42.172	attackspambots	Jul 19 12:53:32 vps sshd[700160]: Failed password for root from 112.85.42.172 port 7171 ssh2 Jul 19 12:53:36 vps sshd[700160]: Failed password for root from 112.85.42.172 port 7171 ssh2 Jul 19 12:53:39 vps sshd[700160]: Failed password for root from 112.85.42.172 port 7171 ssh2 Jul 19 12:53:42 vps sshd[700160]: Failed password for root from 112.85.42.172 port 7171 ssh2 Jul 19 12:53:45 vps sshd[700160]: Failed password for root from 112.85.42.172 port 7171 ssh2 ...	2020-07-19 19:25:29
222.186.173.238	attackbotsspam	2020-07-19T07:08:13.053844uwu-server sshd[2532240]: Failed password for root from 222.186.173.238 port 52834 ssh2 2020-07-19T07:08:17.539807uwu-server sshd[2532240]: Failed password for root from 222.186.173.238 port 52834 ssh2 2020-07-19T07:08:22.908929uwu-server sshd[2532240]: Failed password for root from 222.186.173.238 port 52834 ssh2 2020-07-19T07:08:27.731902uwu-server sshd[2532240]: Failed password for root from 222.186.173.238 port 52834 ssh2 2020-07-19T07:08:32.556293uwu-server sshd[2532240]: Failed password for root from 222.186.173.238 port 52834 ssh2 ...	2020-07-19 19:13:26
51.254.100.56	attack	Invalid user sjj from 51.254.100.56 port 38934	2020-07-19 19:20:52
1.34.144.128	attackspam	2020-07-19T10:17:35.325829abusebot-5.cloudsearch.cf sshd[11512]: Invalid user pia from 1.34.144.128 port 53542 2020-07-19T10:17:35.331615abusebot-5.cloudsearch.cf sshd[11512]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1-34-144-128.hinet-ip.hinet.net 2020-07-19T10:17:35.325829abusebot-5.cloudsearch.cf sshd[11512]: Invalid user pia from 1.34.144.128 port 53542 2020-07-19T10:17:37.353569abusebot-5.cloudsearch.cf sshd[11512]: Failed password for invalid user pia from 1.34.144.128 port 53542 ssh2 2020-07-19T10:19:56.929588abusebot-5.cloudsearch.cf sshd[11564]: Invalid user zz from 1.34.144.128 port 59552 2020-07-19T10:19:56.936864abusebot-5.cloudsearch.cf sshd[11564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=1-34-144-128.hinet-ip.hinet.net 2020-07-19T10:19:56.929588abusebot-5.cloudsearch.cf sshd[11564]: Invalid user zz from 1.34.144.128 port 59552 2020-07-19T10:19:59.320299abusebot-5.cloudsearch.cf ...	2020-07-19 19:11:29
218.92.0.203	attackbotsspam	Jul 19 13:07:01 Ubuntu-1404-trusty-64-minimal sshd\[9502\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203 user=root Jul 19 13:07:03 Ubuntu-1404-trusty-64-minimal sshd\[9502\]: Failed password for root from 218.92.0.203 port 61806 ssh2 Jul 19 13:12:32 Ubuntu-1404-trusty-64-minimal sshd\[13334\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203 user=root Jul 19 13:12:33 Ubuntu-1404-trusty-64-minimal sshd\[13334\]: Failed password for root from 218.92.0.203 port 30480 ssh2 Jul 19 13:12:38 Ubuntu-1404-trusty-64-minimal sshd\[13344\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.203 user=root	2020-07-19 19:28:07
159.203.112.185	attackbotsspam	Jul 19 13:22:02 srv-ubuntu-dev3 sshd[50750]: Invalid user RONLY from 159.203.112.185 Jul 19 13:22:02 srv-ubuntu-dev3 sshd[50750]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.112.185 Jul 19 13:22:02 srv-ubuntu-dev3 sshd[50750]: Invalid user RONLY from 159.203.112.185 Jul 19 13:22:04 srv-ubuntu-dev3 sshd[50750]: Failed password for invalid user RONLY from 159.203.112.185 port 38066 ssh2 Jul 19 13:26:11 srv-ubuntu-dev3 sshd[51198]: Invalid user tariq from 159.203.112.185 Jul 19 13:26:11 srv-ubuntu-dev3 sshd[51198]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.112.185 Jul 19 13:26:11 srv-ubuntu-dev3 sshd[51198]: Invalid user tariq from 159.203.112.185 Jul 19 13:26:13 srv-ubuntu-dev3 sshd[51198]: Failed password for invalid user tariq from 159.203.112.185 port 55554 ssh2 Jul 19 13:30:27 srv-ubuntu-dev3 sshd[51728]: Invalid user sql from 159.203.112.185 ...	2020-07-19 19:31:16
15.188.80.226	attack	tried to log in in my microsoft account	2020-07-19 19:47:02
124.89.120.204	attackspambots	2020-07-19T13:06:27.713657sd-86998 sshd[33230]: Invalid user minsky from 124.89.120.204 port 39595 2020-07-19T13:06:27.718570sd-86998 sshd[33230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.89.120.204 2020-07-19T13:06:27.713657sd-86998 sshd[33230]: Invalid user minsky from 124.89.120.204 port 39595 2020-07-19T13:06:29.585089sd-86998 sshd[33230]: Failed password for invalid user minsky from 124.89.120.204 port 39595 ssh2 2020-07-19T13:10:25.309282sd-86998 sshd[33706]: Invalid user minsky from 124.89.120.204 port 8206 ...	2020-07-19 19:23:05

最近上报的IP列表

235.126.4.51	111.172.3.180	10.14.19.159	192.196.30.67
35.89.133.208	31.218.103.99	57.21.27.210	57.206.211.189
130.30.87.162	220.180.246.55	103.133.109.41	98.165.159.190
166.98.239.104	85.185.24.6	78.84.115.162	71.76.157.66
25.140.204.75	59.46.0.25	45.125.66.204	40.79.114.133