18.136.197.142

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Singapore

运营商(isp): Amazon Data Services Singapore

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbotsspam	WordPress wp-login brute force :: 18.136.197.142 0.080 BYPASS [03/Mar/2020:08:30:54 0000] [censored_2] "POST /wp-login.php HTTP/1.1" 200 2287 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-03-03 20:29:33
attackspambots	WordPress (CMS) attack attempts. Date: 2020 Feb 27. 20:44:46 Source IP: 18.136.197.142 Portion of the log(s): 18.136.197.142 - [27/Feb/2020:20:44:45 +0100] "POST /wp-login.php HTTP/1.1" 200 2419 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 18.136.197.142 - [27/Feb/2020:20:44:43 +0100] "POST /wp-login.php HTTP/1.1" 200 2419 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 18.136.197.142 - [27/Feb/2020:20:44:42 +0100] "POST /wp-login.php HTTP/1.1" 200 2415 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 18.136.197.142 - [27/Feb/2020:20:44:40 +0100] "POST /wp-login.php HTTP/1.1" 200 2418 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 18.136.197.142 - [27/Feb/2020:20:44:39 +0100] "POST /wp-login.php HTTP/1.1" 200 2414 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ....	2020-02-28 13:53:09

类型

评论内容

时间

attackbotsspam

WordPress wp-login brute force :: 18.136.197.142 0.080 BYPASS [03/Mar/2020:08:30:54  0000] [censored_2] "POST /wp-login.php HTTP/1.1" 200 2287 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

2020-03-03 20:29:33

attackspambots

WordPress (CMS) attack attempts.
Date: 2020 Feb 27. 20:44:46
Source IP: 18.136.197.142

Portion of the log(s):
18.136.197.142 - [27/Feb/2020:20:44:45 +0100] "POST /wp-login.php HTTP/1.1" 200 2419 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
18.136.197.142 - [27/Feb/2020:20:44:43 +0100] "POST /wp-login.php HTTP/1.1" 200 2419 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
18.136.197.142 - [27/Feb/2020:20:44:42 +0100] "POST /wp-login.php HTTP/1.1" 200 2415 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
18.136.197.142 - [27/Feb/2020:20:44:40 +0100] "POST /wp-login.php HTTP/1.1" 200 2418 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
18.136.197.142 - [27/Feb/2020:20:44:39 +0100] "POST /wp-login.php HTTP/1.1" 200 2414 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ....

2020-02-28 13:53:09

相同子网IP讨论:

暂无关于此IP所属子网相关IP的讨论.

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 18.136.197.142
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18394
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;18.136.197.142.			IN	A

;; AUTHORITY SECTION:
.			379	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020022800 1800 900 604800 86400

;; Query time: 81 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Feb 28 13:53:05 CST 2020
;; MSG SIZE  rcvd: 118

HOST信息:

142.197.136.18.in-addr.arpa domain name pointer ec2-18-136-197-142.ap-southeast-1.compute.amazonaws.com.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
142.197.136.18.in-addr.arpa	name = ec2-18-136-197-142.ap-southeast-1.compute.amazonaws.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
153.36.242.143	attackbotsspam	Aug 19 13:30:42 php2 sshd\[11223\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.36.242.143 user=root Aug 19 13:30:45 php2 sshd\[11223\]: Failed password for root from 153.36.242.143 port 44960 ssh2 Aug 19 13:30:54 php2 sshd\[11254\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.36.242.143 user=root Aug 19 13:30:56 php2 sshd\[11254\]: Failed password for root from 153.36.242.143 port 18991 ssh2 Aug 19 13:31:06 php2 sshd\[11267\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.36.242.143 user=root	2019-08-20 07:34:30
187.12.181.106	attackbots	$f2bV_matches	2019-08-20 07:40:06
183.13.120.131	attack	Automatic report - Banned IP Access	2019-08-20 07:56:14
200.160.106.241	attackspam	Aug 19 13:49:01 web9 sshd\[3175\]: Invalid user agustin from 200.160.106.241 Aug 19 13:49:01 web9 sshd\[3175\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.160.106.241 Aug 19 13:49:03 web9 sshd\[3175\]: Failed password for invalid user agustin from 200.160.106.241 port 57267 ssh2 Aug 19 13:54:38 web9 sshd\[4361\]: Invalid user redmine from 200.160.106.241 Aug 19 13:54:38 web9 sshd\[4361\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.160.106.241	2019-08-20 08:03:26
109.200.151.206	attackspambots	[portscan] Port scan	2019-08-20 08:04:14
51.68.192.106	attackbotsspam	Aug 19 20:49:12 tux-35-217 sshd\[3785\]: Invalid user ggg from 51.68.192.106 port 60380 Aug 19 20:49:12 tux-35-217 sshd\[3785\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.192.106 Aug 19 20:49:14 tux-35-217 sshd\[3785\]: Failed password for invalid user ggg from 51.68.192.106 port 60380 ssh2 Aug 19 20:53:21 tux-35-217 sshd\[3812\]: Invalid user ts from 51.68.192.106 port 38964 Aug 19 20:53:21 tux-35-217 sshd\[3812\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.192.106 ...	2019-08-20 07:44:06
58.64.209.254	attackbots	Aug 18 03:42:56 localhost kernel: [17358370.144497] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=58.64.209.254 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=173 PROTO=TCP SPT=55509 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 18 03:42:56 localhost kernel: [17358370.144528] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=58.64.209.254 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=173 PROTO=TCP SPT=55509 DPT=445 SEQ=121332078 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 19 14:52:55 localhost kernel: [17484968.820589] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=58.64.209.254 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=59340 PROTO=TCP SPT=52049 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 Aug 19 14:52:55 localhost kernel: [17484968.820613] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=58.64.209.254 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x0	2019-08-20 07:59:07
171.225.250.254	attackspambots	Aug 19 14:52:52 123flo sshd[37395]: Invalid user support from 171.225.250.254 Aug 19 14:52:53 123flo sshd[37395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.225.250.254 Aug 19 14:52:52 123flo sshd[37395]: Invalid user support from 171.225.250.254 Aug 19 14:52:55 123flo sshd[37395]: Failed password for invalid user support from 171.225.250.254 port 42595 ssh2 Aug 19 14:52:53 123flo sshd[37395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.225.250.254 Aug 19 14:52:52 123flo sshd[37395]: Invalid user support from 171.225.250.254 Aug 19 14:52:55 123flo sshd[37395]: Failed password for invalid user support from 171.225.250.254 port 42595 ssh2 Aug 19 14:52:55 123flo sshd[37395]: error: Received disconnect from 171.225.250.254: 3: com.jcraft.jsch.JSchException: Auth fail [preauth]	2019-08-20 07:57:57
51.68.198.119	attackbotsspam	Aug 20 01:25:04 SilenceServices sshd[26803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.198.119 Aug 20 01:25:06 SilenceServices sshd[26803]: Failed password for invalid user web-angebot from 51.68.198.119 port 55306 ssh2 Aug 20 01:26:33 SilenceServices sshd[27921]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.198.119	2019-08-20 07:32:33
104.140.188.42	attackspambots	Automatic report - Port Scan Attack	2019-08-20 08:07:58
148.204.211.136	attackspam	Aug 20 01:14:13 ns3110291 sshd\[26591\]: Invalid user server1 from 148.204.211.136 Aug 20 01:14:13 ns3110291 sshd\[26591\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.204.211.136 Aug 20 01:14:15 ns3110291 sshd\[26591\]: Failed password for invalid user server1 from 148.204.211.136 port 34850 ssh2 Aug 20 01:18:44 ns3110291 sshd\[26905\]: Invalid user splash from 148.204.211.136 Aug 20 01:18:44 ns3110291 sshd\[26905\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.204.211.136 ...	2019-08-20 07:33:39
177.18.123.216	attackspam	Automatic report - Port Scan Attack	2019-08-20 07:28:56
92.46.239.2	attackbotsspam	Aug 19 08:47:50 hcbb sshd\[26743\]: Invalid user dara from 92.46.239.2 Aug 19 08:47:50 hcbb sshd\[26743\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.46.239.2 Aug 19 08:47:51 hcbb sshd\[26743\]: Failed password for invalid user dara from 92.46.239.2 port 59670 ssh2 Aug 19 08:52:39 hcbb sshd\[27162\]: Invalid user tom from 92.46.239.2 Aug 19 08:52:39 hcbb sshd\[27162\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.46.239.2	2019-08-20 08:11:16
162.248.54.39	attack	Aug 19 13:54:12 web1 sshd\[13511\]: Invalid user lorenzo from 162.248.54.39 Aug 19 13:54:12 web1 sshd\[13511\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.248.54.39 Aug 19 13:54:15 web1 sshd\[13511\]: Failed password for invalid user lorenzo from 162.248.54.39 port 59662 ssh2 Aug 19 13:58:26 web1 sshd\[13891\]: Invalid user sports from 162.248.54.39 Aug 19 13:58:26 web1 sshd\[13891\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.248.54.39	2019-08-20 08:13:45
77.88.5.30	attackspambots	port scan and connect, tcp 443 (https)	2019-08-20 07:50:40

最近上报的IP列表

202.138.248.85	149.49.111.251	213.166.168.53	103.82.80.166
87.218.60.50	45.224.196.146	75.137.10.205	103.84.69.200
49.206.203.42	2.85.49.198	116.232.8.170	192.241.230.197
69.89.31.222	117.198.97.235	171.234.102.32	27.72.80.53
211.211.38.210	202.136.246.132	187.162.117.81	120.29.78.96