192.99.14.130 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Canada

运营商(isp): OVH Hosting Inc.

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	The IP has triggered Cloudflare WAF. CF-Ray: 5433b9904f302529 \| WAF_Rule_ID: f6705d4933894b0583ba1042603083f6 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CA \| CF_IPClass: unknown \| Protocol: HTTP/1.1 \| Method: GET \| Host: blog.skk.moe \| User-Agent: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/) \| CF_DC: ORD. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-12 06:41:16

类型

评论内容

时间

attack

The IP has triggered Cloudflare WAF. CF-Ray: 5433b9904f302529 | WAF_Rule_ID: f6705d4933894b0583ba1042603083f6 | WAF_Kind: firewall | CF_Action: drop | Country: CA | CF_IPClass: unknown | Protocol: HTTP/1.1 | Method: GET | Host: blog.skk.moe | User-Agent: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/) | CF_DC: ORD. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-12 06:41:16

相同子网IP讨论:

IP	类型	评论内容	时间
192.99.149.195	attackbots	192.99.149.195 - - [01/Oct/2020:01:29:09 +0100] "POST /wp-login.php HTTP/1.1" 200 2306 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [01/Oct/2020:01:29:10 +0100] "POST /wp-login.php HTTP/1.1" 200 2253 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [01/Oct/2020:01:29:11 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-01 08:36:56
192.99.149.195	attack	192.99.149.195 - - [30/Sep/2020:17:26:46 +0100] "POST /wp-login.php HTTP/1.1" 200 2463 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [30/Sep/2020:17:26:48 +0100] "POST /wp-login.php HTTP/1.1" 200 2407 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [30/Sep/2020:17:26:49 +0100] "POST /wp-login.php HTTP/1.1" 200 2405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-01 01:11:07
192.99.149.195	attackspam	192.99.149.195 - - [28/Sep/2020:21:20:14 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [28/Sep/2020:21:20:15 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [28/Sep/2020:21:20:16 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-29 06:54:08
192.99.149.195	attack	192.99.149.195 - - [28/Sep/2020:15:28:19 +0100] "POST /wp-login.php HTTP/1.1" 200 4424 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [28/Sep/2020:15:28:20 +0100] "POST /wp-login.php HTTP/1.1" 200 4424 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [28/Sep/2020:15:28:21 +0100] "POST /wp-login.php HTTP/1.1" 200 4424 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-28 23:22:33
192.99.149.195	attackspam	192.99.149.195 - - [28/Sep/2020:08:01:38 +0100] "POST /wp-login.php HTTP/1.1" 200 1839 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [28/Sep/2020:08:01:39 +0100] "POST /wp-login.php HTTP/1.1" 200 1845 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [28/Sep/2020:08:01:39 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-28 15:26:03
192.99.149.195	attack	192.99.149.195 - - [26/Sep/2020:13:02:34 +0200] "GET /wp-login.php HTTP/1.1" 200 2566 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [26/Sep/2020:13:02:34 +0200] "POST /wp-login.php HTTP/1.1" 200 2698 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [26/Sep/2020:13:02:35 +0200] "GET /wp-login.php HTTP/1.1" 200 2566 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [26/Sep/2020:13:02:35 +0200] "POST /wp-login.php HTTP/1.1" 200 2672 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [26/Sep/2020:13:02:35 +0200] "GET /wp-login.php HTTP/1.1" 200 2566 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [26/Sep/2020:13:02:36 +0200] "POST /wp-login.php HTTP/1.1" 200 2673 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/201001 ...	2020-09-27 01:21:50
192.99.149.195	attack	192.99.149.195 - - \[26/Sep/2020:10:33:45 +0200\] "POST /wp-login.php HTTP/1.1" 200 12843 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - \[26/Sep/2020:10:33:46 +0200\] "POST /wp-login.php HTTP/1.1" 200 12712 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" ...	2020-09-26 17:14:46
192.99.14.187	attackbots	192.99.14.187 - - [08/Sep/2020:00:02:02 +0200] "GET /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1" 404 16818 "-" "curl/7.68.0" 192.99.14.187 - - [08/Sep/2020:00:02:17 +0200] "GET /wp-content/plugins/wp-file-manager/lib/files/xxx.php HTTP/1.1" 404 16666 "-" "curl/7.68.0" 192.99.14.187 - - [08/Sep/2020:00:02:28 +0200] "GET /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1" 404 16915 "-" "curl/7.68.0" 192.99.14.187 - - [08/Sep/2020:00:02:47 +0200] "GET /wp-content/plugins/wp-file-manager/lib/files/x.php?cmd=whoami HTTP/1.1" 404 16608 "-" "curl/7.68.0" 192.99.14.187 - - [08/Sep/2020:00:02:59 +0200] "POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1" 403 363 "-" "curl/7.68.0" ...	2020-09-10 02:14:18
192.99.149.195	attack	GET /wp-login.php HTTP/1.1 404 457 - Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0	2020-09-01 08:11:24
192.99.14.187	attack	192.99.14.187 - - [29/Aug/2020:02:00:24 +0200] "POST /wp-login.php HTTP/1.1" 200 5373 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.187 - - [29/Aug/2020:02:01:42 +0200] "POST /wp-login.php HTTP/1.1" 200 5373 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.187 - - [29/Aug/2020:02:03:01 +0200] "POST /wp-login.php HTTP/1.1" 200 5373 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.187 - - [29/Aug/2020:02:04:21 +0200] "POST /wp-login.php HTTP/1.1" 200 5373 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.187 - - [29/Aug/2020:02:05:39 +0200] "POST /wp-login.php HTTP/1.1" 200 5373 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safar ...	2020-08-29 08:20:25
192.99.149.195	attackbotsspam	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-08-28 16:27:45
192.99.14.199	attackbots	CMS (WordPress or Joomla) login attempt.	2020-08-28 02:21:45
192.99.14.199	attackbotsspam	192.99.14.199 - - [27/Aug/2020:08:35:28 +0200] "POST /wp-login.php HTTP/1.1" 200 4578 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.199 - - [27/Aug/2020:08:35:36 +0200] "POST /wp-login.php HTTP/1.1" 200 4578 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.199 - - [27/Aug/2020:08:35:43 +0200] "POST /wp-login.php HTTP/1.1" 200 4578 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.199 - - [27/Aug/2020:08:35:45 +0200] "POST /wp-login.php HTTP/1.1" 200 4578 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.199 - - [27/Aug/2020:08:35:48 +0200] "POST /wp-login.php HTTP/1.1" 200 4578 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safar ...	2020-08-27 18:31:13
192.99.145.38	attackbotsspam	Aug 24 14:35:13 eventyay sshd[28339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.99.145.38 Aug 24 14:35:15 eventyay sshd[28339]: Failed password for invalid user dll from 192.99.145.38 port 51496 ssh2 Aug 24 14:39:34 eventyay sshd[28670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.99.145.38 ...	2020-08-25 01:06:06
192.99.14.199	attackbots	192.99.14.199 - - [23/Aug/2020:19:59:40 +0100] "POST /wp-login.php HTTP/1.1" 200 4941 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.199 - - [23/Aug/2020:20:09:35 +0100] "POST /wp-login.php HTTP/1.1" 200 4954 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.199 - - [23/Aug/2020:20:09:41 +0100] "POST /wp-login.php HTTP/1.1" 200 4954 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" ...	2020-08-24 03:29:22

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 192.99.14.130
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64702
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;192.99.14.130.			IN	A

;; AUTHORITY SECTION:
.			573	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019121101 1800 900 604800 86400

;; Query time: 68 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Dec 12 06:41:13 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

130.14.99.192.in-addr.arpa domain name pointer ns528091.ip-192-99-14.net.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
130.14.99.192.in-addr.arpa	name = ns528091.ip-192-99-14.net.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
79.137.86.43	attackbotsspam	SSH Brute-Force reported by Fail2Ban	2019-09-28 02:58:42
207.154.243.255	attack	Sep 27 19:48:25 gw1 sshd[29617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=207.154.243.255 Sep 27 19:48:27 gw1 sshd[29617]: Failed password for invalid user postgres from 207.154.243.255 port 47554 ssh2 ...	2019-09-28 02:43:10
176.92.126.140	attack	Unauthorised access (Sep 27) SRC=176.92.126.140 LEN=40 TOS=0x10 PREC=0x40 TTL=51 ID=26755 TCP DPT=8080 WINDOW=16260 SYN	2019-09-28 02:32:48
61.78.62.184	attackbotsspam	firewall-block, port(s): 102/tcp	2019-09-28 02:52:22
77.244.217.252	attackspam	Sep 26 20:52:16 lvps5-35-247-183 sshd[3027]: Invalid user ghostname from 77.244.217.252 Sep 26 20:52:16 lvps5-35-247-183 sshd[3027]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.244.217.252 Sep 26 20:52:17 lvps5-35-247-183 sshd[3027]: Failed password for invalid user ghostname from 77.244.217.252 port 42590 ssh2 Sep 26 20:52:17 lvps5-35-247-183 sshd[3027]: Received disconnect from 77.244.217.252: 11: Bye Bye [preauth] Sep 26 21:09:31 lvps5-35-247-183 sshd[3924]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.244.217.252 user=r.r Sep 26 21:09:33 lvps5-35-247-183 sshd[3924]: Failed password for r.r from 77.244.217.252 port 29030 ssh2 Sep 26 21:09:33 lvps5-35-247-183 sshd[3924]: Received disconnect from 77.244.217.252: 11: Bye Bye [preauth] Sep 26 21:13:26 lvps5-35-247-183 sshd[4078]: Invalid user deployer from 77.244.217.252 Sep 26 21:13:26 lvps5-35-247-183 sshd[4078]: pam_unix(ssh........ -------------------------------	2019-09-28 02:51:46
104.40.0.120	attack	Sep 27 03:18:09 eddieflores sshd\[18683\]: Invalid user vps from 104.40.0.120 Sep 27 03:18:09 eddieflores sshd\[18683\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.40.0.120 Sep 27 03:18:11 eddieflores sshd\[18683\]: Failed password for invalid user vps from 104.40.0.120 port 2496 ssh2 Sep 27 03:22:29 eddieflores sshd\[19048\]: Invalid user barbara from 104.40.0.120 Sep 27 03:22:29 eddieflores sshd\[19048\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.40.0.120	2019-09-28 02:48:09
193.188.22.229	attackspambots	2019-09-27T18:11:18.022023abusebot-8.cloudsearch.cf sshd\[9795\]: Invalid user admin from 193.188.22.229 port 39642	2019-09-28 02:22:56
106.52.11.219	attack	Sep 27 19:55:56 markkoudstaal sshd[8006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.52.11.219 Sep 27 19:55:58 markkoudstaal sshd[8006]: Failed password for invalid user oracle from 106.52.11.219 port 52614 ssh2 Sep 27 20:02:08 markkoudstaal sshd[8557]: Failed password for uuidd from 106.52.11.219 port 36772 ssh2	2019-09-28 02:19:57
154.8.164.214	attackspam	2019-09-27T17:39:11.269439abusebot-8.cloudsearch.cf sshd\[9675\]: Invalid user Riitta from 154.8.164.214 port 48387	2019-09-28 02:28:03
210.77.83.75	attackspam	Sep 27 17:20:59 nextcloud sshd\[8608\]: Invalid user it1 from 210.77.83.75 Sep 27 17:20:59 nextcloud sshd\[8608\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.77.83.75 Sep 27 17:21:01 nextcloud sshd\[8608\]: Failed password for invalid user it1 from 210.77.83.75 port 16598 ssh2 ...	2019-09-28 02:47:25
80.211.179.154	attackbots	Sep 27 14:35:19 s64-1 sshd[7938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.179.154 Sep 27 14:35:20 s64-1 sshd[7938]: Failed password for invalid user tn from 80.211.179.154 port 50700 ssh2 Sep 27 14:39:17 s64-1 sshd[8068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.179.154 ...	2019-09-28 02:36:46
114.108.175.184	attackbotsspam	Sep 27 17:05:33 microserver sshd[28679]: Invalid user nazario from 114.108.175.184 port 45620 Sep 27 17:05:33 microserver sshd[28679]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.108.175.184 Sep 27 17:05:34 microserver sshd[28679]: Failed password for invalid user nazario from 114.108.175.184 port 45620 ssh2 Sep 27 17:10:49 microserver sshd[29391]: Invalid user margaret from 114.108.175.184 port 49860 Sep 27 17:10:49 microserver sshd[29391]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.108.175.184 Sep 27 17:21:25 microserver sshd[30787]: Invalid user wubao from 114.108.175.184 port 59150 Sep 27 17:21:25 microserver sshd[30787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.108.175.184 Sep 27 17:21:27 microserver sshd[30787]: Failed password for invalid user wubao from 114.108.175.184 port 59150 ssh2 Sep 27 17:26:42 microserver sshd[31498]: Invalid user samba from 114.108	2019-09-28 02:51:08
129.28.191.55	attack	Sep 27 20:08:04 srv206 sshd[30371]: Invalid user identd from 129.28.191.55 ...	2019-09-28 02:24:41
185.84.180.90	attackspam	[CMS scan: bitrix] [exploit: mixed] [hack/exploit/scan: admin] [WP scan/spam/exploit] [multiweb: req 3 domains(hosts/ip)] [bad UserAgent] Blocklist.DE:"listed [bruteforcelogin]"	2019-09-28 02:18:17
159.65.13.203	attack	Sep 27 10:41:22 aat-srv002 sshd[20894]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.13.203 Sep 27 10:41:24 aat-srv002 sshd[20894]: Failed password for invalid user 123 from 159.65.13.203 port 51897 ssh2 Sep 27 10:46:19 aat-srv002 sshd[21003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.13.203 Sep 27 10:46:21 aat-srv002 sshd[21003]: Failed password for invalid user omn from 159.65.13.203 port 43710 ssh2 ...	2019-09-28 02:12:52

最近上报的IP列表

119.39.47.161	117.14.113.141	116.252.0.95	115.53.115.179
113.128.105.67	113.128.104.236	112.66.99.211	110.177.73.125
110.80.153.83	110.80.153.66	106.45.0.39	106.39.246.176
101.249.52.209	60.13.7.60	58.248.201.69	49.7.6.149
49.7.3.81	38.106.21.186	36.32.3.91	36.32.3.76