192.99.14.199 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Canada

运营商(isp): OVH Hosting Inc.

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbots	CMS (WordPress or Joomla) login attempt.	2020-08-28 02:21:45
attackbotsspam	192.99.14.199 - - [27/Aug/2020:08:35:28 +0200] "POST /wp-login.php HTTP/1.1" 200 4578 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.199 - - [27/Aug/2020:08:35:36 +0200] "POST /wp-login.php HTTP/1.1" 200 4578 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.199 - - [27/Aug/2020:08:35:43 +0200] "POST /wp-login.php HTTP/1.1" 200 4578 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.199 - - [27/Aug/2020:08:35:45 +0200] "POST /wp-login.php HTTP/1.1" 200 4578 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.199 - - [27/Aug/2020:08:35:48 +0200] "POST /wp-login.php HTTP/1.1" 200 4578 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safar ...	2020-08-27 18:31:13
attackbots	192.99.14.199 - - [23/Aug/2020:19:59:40 +0100] "POST /wp-login.php HTTP/1.1" 200 4941 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.199 - - [23/Aug/2020:20:09:35 +0100] "POST /wp-login.php HTTP/1.1" 200 4954 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.199 - - [23/Aug/2020:20:09:41 +0100] "POST /wp-login.php HTTP/1.1" 200 4954 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" ...	2020-08-24 03:29:22
attack	Detected by ModSecurity. Request URI: /wp-login.php	2020-08-06 06:34:34

相同子网IP讨论:

IP	类型	评论内容	时间
192.99.149.195	attackbots	192.99.149.195 - - [01/Oct/2020:01:29:09 +0100] "POST /wp-login.php HTTP/1.1" 200 2306 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [01/Oct/2020:01:29:10 +0100] "POST /wp-login.php HTTP/1.1" 200 2253 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [01/Oct/2020:01:29:11 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-01 08:36:56
192.99.149.195	attack	192.99.149.195 - - [30/Sep/2020:17:26:46 +0100] "POST /wp-login.php HTTP/1.1" 200 2463 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [30/Sep/2020:17:26:48 +0100] "POST /wp-login.php HTTP/1.1" 200 2407 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [30/Sep/2020:17:26:49 +0100] "POST /wp-login.php HTTP/1.1" 200 2405 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-01 01:11:07
192.99.149.195	attackspam	192.99.149.195 - - [28/Sep/2020:21:20:14 +0200] "GET /wp-login.php HTTP/1.1" 200 8796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [28/Sep/2020:21:20:15 +0200] "POST /wp-login.php HTTP/1.1" 200 9047 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [28/Sep/2020:21:20:16 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-29 06:54:08
192.99.149.195	attack	192.99.149.195 - - [28/Sep/2020:15:28:19 +0100] "POST /wp-login.php HTTP/1.1" 200 4424 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [28/Sep/2020:15:28:20 +0100] "POST /wp-login.php HTTP/1.1" 200 4424 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [28/Sep/2020:15:28:21 +0100] "POST /wp-login.php HTTP/1.1" 200 4424 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-28 23:22:33
192.99.149.195	attackspam	192.99.149.195 - - [28/Sep/2020:08:01:38 +0100] "POST /wp-login.php HTTP/1.1" 200 1839 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [28/Sep/2020:08:01:39 +0100] "POST /wp-login.php HTTP/1.1" 200 1845 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [28/Sep/2020:08:01:39 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-28 15:26:03
192.99.149.195	attack	192.99.149.195 - - [26/Sep/2020:13:02:34 +0200] "GET /wp-login.php HTTP/1.1" 200 2566 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [26/Sep/2020:13:02:34 +0200] "POST /wp-login.php HTTP/1.1" 200 2698 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [26/Sep/2020:13:02:35 +0200] "GET /wp-login.php HTTP/1.1" 200 2566 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [26/Sep/2020:13:02:35 +0200] "POST /wp-login.php HTTP/1.1" 200 2672 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [26/Sep/2020:13:02:35 +0200] "GET /wp-login.php HTTP/1.1" 200 2566 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [26/Sep/2020:13:02:36 +0200] "POST /wp-login.php HTTP/1.1" 200 2673 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/201001 ...	2020-09-27 01:21:50
192.99.149.195	attack	192.99.149.195 - - \[26/Sep/2020:10:33:45 +0200\] "POST /wp-login.php HTTP/1.1" 200 12843 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - \[26/Sep/2020:10:33:46 +0200\] "POST /wp-login.php HTTP/1.1" 200 12712 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" ...	2020-09-26 17:14:46
192.99.14.187	attackbots	192.99.14.187 - - [08/Sep/2020:00:02:02 +0200] "GET /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1" 404 16818 "-" "curl/7.68.0" 192.99.14.187 - - [08/Sep/2020:00:02:17 +0200] "GET /wp-content/plugins/wp-file-manager/lib/files/xxx.php HTTP/1.1" 404 16666 "-" "curl/7.68.0" 192.99.14.187 - - [08/Sep/2020:00:02:28 +0200] "GET /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1" 404 16915 "-" "curl/7.68.0" 192.99.14.187 - - [08/Sep/2020:00:02:47 +0200] "GET /wp-content/plugins/wp-file-manager/lib/files/x.php?cmd=whoami HTTP/1.1" 404 16608 "-" "curl/7.68.0" 192.99.14.187 - - [08/Sep/2020:00:02:59 +0200] "POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1" 403 363 "-" "curl/7.68.0" ...	2020-09-10 02:14:18
192.99.149.195	attack	GET /wp-login.php HTTP/1.1 404 457 - Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0	2020-09-01 08:11:24
192.99.14.187	attack	192.99.14.187 - - [29/Aug/2020:02:00:24 +0200] "POST /wp-login.php HTTP/1.1" 200 5373 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.187 - - [29/Aug/2020:02:01:42 +0200] "POST /wp-login.php HTTP/1.1" 200 5373 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.187 - - [29/Aug/2020:02:03:01 +0200] "POST /wp-login.php HTTP/1.1" 200 5373 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.187 - - [29/Aug/2020:02:04:21 +0200] "POST /wp-login.php HTTP/1.1" 200 5373 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" 192.99.14.187 - - [29/Aug/2020:02:05:39 +0200] "POST /wp-login.php HTTP/1.1" 200 5373 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safar ...	2020-08-29 08:20:25
192.99.149.195	attackbotsspam	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-08-28 16:27:45
192.99.145.38	attackbotsspam	Aug 24 14:35:13 eventyay sshd[28339]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.99.145.38 Aug 24 14:35:15 eventyay sshd[28339]: Failed password for invalid user dll from 192.99.145.38 port 51496 ssh2 Aug 24 14:39:34 eventyay sshd[28670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.99.145.38 ...	2020-08-25 01:06:06
192.99.149.195	attackbots	192.99.149.195 - - [23/Aug/2020:07:21:37 +0100] "POST /wp-login.php HTTP/1.1" 200 1948 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [23/Aug/2020:07:21:38 +0100] "POST /wp-login.php HTTP/1.1" 200 1890 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [23/Aug/2020:07:21:39 +0100] "POST /wp-login.php HTTP/1.1" 200 1887 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-23 15:29:41
192.99.149.195	attackspam	192.99.149.195 - - [10/Aug/2020:12:15:02 +0100] "POST /wp-login.php HTTP/1.1" 200 1969 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [10/Aug/2020:12:15:03 +0100] "POST /wp-login.php HTTP/1.1" 200 1954 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 192.99.149.195 - - [10/Aug/2020:12:15:03 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-10 19:19:45
192.99.149.195	attack	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-08-09 07:56:26

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 192.99.14.199
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 54920
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;192.99.14.199.			IN	A

;; AUTHORITY SECTION:
.			430	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020080501 1800 900 604800 86400

;; Query time: 28 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Aug 06 06:34:31 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

199.14.99.192.in-addr.arpa domain name pointer ns529650.ip-192-99-14.net.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
199.14.99.192.in-addr.arpa	name = ns529650.ip-192-99-14.net.

Authoritative answers can be found from:

IP	类型	评论内容	时间
196.27.115.50	attack	IP attempted unauthorised action	2019-07-25 09:48:55
66.165.234.34	attack	Automatic report - Banned IP Access	2019-07-25 09:52:37
31.173.13.190	attack	Sent mail to target address hacked/leaked from abandonia in 2016	2019-07-25 09:47:58
218.92.0.173	attackbotsspam	Jul 25 04:11:00 s64-1 sshd[28319]: Failed password for root from 218.92.0.173 port 53790 ssh2 Jul 25 04:11:12 s64-1 sshd[28319]: error: maximum authentication attempts exceeded for root from 218.92.0.173 port 53790 ssh2 [preauth] Jul 25 04:11:17 s64-1 sshd[28321]: Failed password for root from 218.92.0.173 port 64871 ssh2 ...	2019-07-25 10:21:24
168.232.152.83	attackspam	SSHScan	2019-07-25 09:57:22
67.227.213.20	attackspambots	Automatic report - Banned IP Access	2019-07-25 09:46:36
165.255.134.24	attackspambots	Jul 25 02:36:50 v22018076622670303 sshd\[16543\]: Invalid user info from 165.255.134.24 port 45238 Jul 25 02:36:50 v22018076622670303 sshd\[16543\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.255.134.24 Jul 25 02:36:52 v22018076622670303 sshd\[16543\]: Failed password for invalid user info from 165.255.134.24 port 45238 ssh2 ...	2019-07-25 09:57:42
180.76.15.33	attackspambots	Automatic report - Banned IP Access	2019-07-25 09:44:54
49.88.112.58	attackbotsspam	Caught in portsentry honeypot	2019-07-25 10:43:12
2.82.246.7	attack	firewall-block, port(s): 22/tcp	2019-07-25 10:05:13
109.158.155.129	attackbotsspam	Telnet Server BruteForce Attack	2019-07-25 10:26:46
45.161.80.178	attackbots	NAME : 22.723.409/0001-79 CIDR : 45.161.80.0/22 SYN Flood DDoS Attack Brazil - block certain countries :) IP: 45.161.80.178 Denial-of-Service Attack (DoS) Detected and Blocked by ADMIN - data recovery https://help-dysk.pl	2019-07-25 10:25:29
95.213.177.122	attack	" "	2019-07-25 10:42:45
213.166.71.110	attackspam	Port scan on 27 port(s): 44801 44809 45472 46379 47937 48537 48942 49018 49309 49599 50003 50260 50410 51128 51735 51962 52131 53027 53787 54430 56431 56450 56612 57220 59236 59709 59827	2019-07-25 10:22:32
92.119.160.180	attack	Port scan on 17 port(s): 8573 8973 9061 9088 9351 9450 9673 10191 10544 11117 11185 11224 11242 11528 11665 11759 11871	2019-07-25 10:08:05

最近上报的IP列表

221.231.246.98	188.101.85.229	5.41.224.53	186.94.201.131
52.137.171.115	73.244.158.127	143.202.113.118	188.221.129.52
218.142.45.126	195.196.37.78	73.17.235.51	82.240.163.193
107.88.203.133	20.44.38.168	18.14.227.151	109.49.107.26
114.33.149.24	81.246.59.235	174.92.132.144	14.188.8.228