207.244.92.2 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States of America

运营商(isp): LeaseWeb USA Inc.

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbotsspam	ET SCAN Sipvicious Scan - port: 5060 proto: udp cat: Attempted Information Leakbytes: 453	2020-08-07 15:02:37
attack	firewall-block, port(s): 5060/udp	2020-07-23 01:29:35

相同子网IP讨论:

IP	类型	评论内容	时间
207.244.92.6	attackspambots	08/05/2020-16:00:33.975475 207.244.92.6 Protocol: 17 ET SCAN Sipvicious Scan	2020-08-06 04:07:57
207.244.92.6	attackspambots	08/02/2020-16:29:39.450307 207.244.92.6 Protocol: 17 ET SCAN Sipvicious Scan	2020-08-03 04:51:46
207.244.92.6	attackspam	08/01/2020-17:19:22.342240 207.244.92.6 Protocol: 17 ET SCAN Sipvicious Scan	2020-08-02 05:28:29
207.244.92.6	attack	207.244.92.6 was recorded 8 times by 4 hosts attempting to connect to the following ports: 5060. Incident counter (4h, 24h, all-time): 8, 24, 491	2020-08-01 06:21:28
207.244.92.6	attackbots	UDP 207.244.92.6:5118 -> port 5060, len 442	2020-07-30 22:52:29
207.244.92.6	attackspambots	07/29/2020-17:56:47.678455 207.244.92.6 Protocol: 17 ET SCAN Sipvicious Scan	2020-07-30 06:13:16
207.244.92.4	attack	Jul 28 14:07:51 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=207.244.92.4 DST=77.73.69.240 LEN=437 TOS=0x00 PREC=0x00 TTL=51 ID=54865 DF PROTO=UDP SPT=5146 DPT=47260 LEN=417 Jul 28 14:07:51 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=207.244.92.4 DST=77.73.69.240 LEN=440 TOS=0x00 PREC=0x00 TTL=50 ID=54863 DF PROTO=UDP SPT=5146 DPT=47060 LEN=420 Jul 28 14:07:51 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=207.244.92.4 DST=77.73.69.240 LEN=438 TOS=0x00 PREC=0x00 TTL=50 ID=54864 DF PROTO=UDP SPT=5146 DPT=47160 LEN=418 Jul 28 14:07:51 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=207.244.92.4 DST=77.73.69.240 LEN=437 TOS=0x00 PREC=0x00 TTL=49 ID=54867 DF PROTO=UDP SPT=5146 DPT=47460 LEN=417 Jul 28 14:07:51 hidden kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3c:05:0d:89:f8:66:f2:68:66:ff:08:00 SRC=207.244. ...	2020-07-28 20:41:39
207.244.92.6	attack	Jul 28 01:51:29 debian-2gb-nbg1-2 kernel: \[18152392.201805\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=207.244.92.6 DST=195.201.40.59 LEN=442 TOS=0x00 PREC=0x00 TTL=48 ID=27571 DF PROTO=UDP SPT=5098 DPT=5060 LEN=422	2020-07-28 07:55:32
207.244.92.6	attackspam	207.244.92.6 was recorded 12 times by 4 hosts attempting to connect to the following ports: 5060. Incident counter (4h, 24h, all-time): 12, 42, 329	2020-07-28 02:04:43
207.244.92.6	attack	207.244.92.6 was recorded 9 times by 4 hosts attempting to connect to the following ports: 5060. Incident counter (4h, 24h, all-time): 9, 42, 272	2020-07-26 22:28:02
207.244.92.6	attackbotsspam	Fail2Ban Ban Triggered	2020-07-26 05:35:09
207.244.92.6	attack	07/24/2020-10:18:28.273462 207.244.92.6 Protocol: 17 ET SCAN Sipvicious Scan	2020-07-24 22:20:04
207.244.92.6	attackspam	07/21/2020-17:34:23.057164 207.244.92.6 Protocol: 17 ET SCAN Sipvicious Scan	2020-07-22 05:49:52
207.244.92.6	attack	07/21/2020-10:06:02.306177 207.244.92.6 Protocol: 17 ET SCAN Sipvicious Scan	2020-07-21 22:30:14
207.244.92.5	attackbots	Long Request	2020-07-12 14:29:20

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 207.244.92.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4220
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;207.244.92.2.			IN	A

;; AUTHORITY SECTION:
.			370	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020072200 1800 900 604800 86400

;; Query time: 60 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Jul 23 01:29:30 CST 2020
;; MSG SIZE  rcvd: 116

HOST信息:

Host 2.92.244.207.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 2.92.244.207.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
47.98.120.109	attackspam	47.98.120.109 - - \[26/Apr/2020:06:03:17 +0200\] "POST /wp-login.php HTTP/1.0" 200 6533 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 47.98.120.109 - - \[26/Apr/2020:06:03:22 +0200\] "POST /wp-login.php HTTP/1.0" 200 6370 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 47.98.120.109 - - \[26/Apr/2020:06:03:26 +0200\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-04-26 18:53:03
106.13.90.60	attackbotsspam	SSH Brute-Force Attack	2020-04-26 18:55:41
122.142.181.13	attack	Unauthorized connection attempt detected from IP address 122.142.181.13 to port 23 [T]	2020-04-26 18:30:34
182.151.52.45	attackbotsspam	Apr 26 09:22:39 minden010 sshd[25220]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.151.52.45 Apr 26 09:22:41 minden010 sshd[25220]: Failed password for invalid user kevin from 182.151.52.45 port 52654 ssh2 Apr 26 09:25:09 minden010 sshd[26556]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.151.52.45 ...	2020-04-26 18:31:25
64.225.114.123	attack	SIP/5060 Probe, BF, Hack -	2020-04-26 18:40:07
89.187.178.237	attackspam	0,50-00/01 [bc02/m42] PostRequest-Spammer scoring: Durban01	2020-04-26 18:25:21
106.37.72.234	attackspambots	Apr 26 13:26:35 pkdns2 sshd\[23036\]: Invalid user lby from 106.37.72.234Apr 26 13:26:37 pkdns2 sshd\[23036\]: Failed password for invalid user lby from 106.37.72.234 port 53804 ssh2Apr 26 13:29:41 pkdns2 sshd\[23142\]: Invalid user leslie from 106.37.72.234Apr 26 13:29:43 pkdns2 sshd\[23142\]: Failed password for invalid user leslie from 106.37.72.234 port 41576 ssh2Apr 26 13:32:52 pkdns2 sshd\[23277\]: Failed password for root from 106.37.72.234 port 57578 ssh2Apr 26 13:35:53 pkdns2 sshd\[23415\]: Invalid user soledad from 106.37.72.234 ...	2020-04-26 18:43:09
62.171.136.249	attackspam	Lines containing failures of 62.171.136.249 Apr 25 14:53:18 supported sshd[29105]: Invalid user gtadmin from 62.171.136.249 port 55218 Apr 25 14:53:18 supported sshd[29105]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.171.136.249 Apr 25 14:53:19 supported sshd[29105]: Failed password for invalid user gtadmin from 62.171.136.249 port 55218 ssh2 Apr 25 14:53:20 supported sshd[29105]: Received disconnect from 62.171.136.249 port 55218:11: Bye Bye [preauth] Apr 25 14:53:20 supported sshd[29105]: Disconnected from invalid user gtadmin 62.171.136.249 port 55218 [preauth] Apr 25 15:06:06 supported sshd[31747]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.171.136.249 user=r.r Apr 25 15:06:08 supported sshd[31747]: Failed password for r.r from 62.171.136.249 port 46006 ssh2 Apr 25 15:06:08 supported sshd[31747]: Received disconnect from 62.171.136.249 port 46006:11: Bye Bye [preauth] Ap........ ------------------------------	2020-04-26 18:47:41
106.12.95.39	attackspambots	Apr 23 08:26:35 ns392434 sshd[29479]: Invalid user hr from 106.12.95.39 port 48322 Apr 23 08:26:35 ns392434 sshd[29479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.95.39 Apr 23 08:26:35 ns392434 sshd[29479]: Invalid user hr from 106.12.95.39 port 48322 Apr 23 08:26:37 ns392434 sshd[29479]: Failed password for invalid user hr from 106.12.95.39 port 48322 ssh2 Apr 23 08:39:51 ns392434 sshd[29980]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.95.39 user=root Apr 23 08:39:52 ns392434 sshd[29980]: Failed password for root from 106.12.95.39 port 46926 ssh2 Apr 23 08:44:53 ns392434 sshd[30205]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.95.39 user=root Apr 23 08:44:55 ns392434 sshd[30205]: Failed password for root from 106.12.95.39 port 51652 ssh2 Apr 23 08:50:02 ns392434 sshd[30410]: Invalid user un from 106.12.95.39 port 56396	2020-04-26 18:36:51
112.171.26.46	attack	Apr 19 18:29:27 ns392434 sshd[32578]: Invalid user io from 112.171.26.46 port 61774 Apr 19 18:29:27 ns392434 sshd[32578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.171.26.46 Apr 19 18:29:27 ns392434 sshd[32578]: Invalid user io from 112.171.26.46 port 61774 Apr 19 18:29:29 ns392434 sshd[32578]: Failed password for invalid user io from 112.171.26.46 port 61774 ssh2 Apr 19 18:35:07 ns392434 sshd[322]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.171.26.46 user=root Apr 19 18:35:09 ns392434 sshd[322]: Failed password for root from 112.171.26.46 port 35738 ssh2 Apr 19 18:38:22 ns392434 sshd[431]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.171.26.46 user=root Apr 19 18:38:25 ns392434 sshd[431]: Failed password for root from 112.171.26.46 port 32442 ssh2 Apr 19 18:41:36 ns392434 sshd[611]: Invalid user postgres from 112.171.26.46 port 29134	2020-04-26 18:35:08
63.82.49.36	attack	Apr 26 06:47:54 mail.srvfarm.net postfix/smtpd[1243822]: NOQUEUE: reject: RCPT from unknown[63.82.49.36]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo= Apr 26 06:47:54 mail.srvfarm.net postfix/smtpd[1242661]: NOQUEUE: reject: RCPT from unknown[63.82.49.36]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo= Apr 26 06:47:54 mail.srvfarm.net postfix/smtpd[1244515]: NOQUEUE: reject: RCPT from unknown[63.82.49.36]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo= Apr 26 06:47:54 mail.srvfarm.net postfix/smtpd[1245194]: NOQUEUE: reject: RCPT from unknown[63.82.49.36]:	2020-04-26 18:58:57
212.83.181.143	attackspam	SIPVicious Scanner Detection	2020-04-26 18:48:10
218.92.0.145	attackspam	Apr 26 12:27:27 srv-ubuntu-dev3 sshd[94535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.145 user=root Apr 26 12:27:28 srv-ubuntu-dev3 sshd[94535]: Failed password for root from 218.92.0.145 port 51720 ssh2 Apr 26 12:27:32 srv-ubuntu-dev3 sshd[94535]: Failed password for root from 218.92.0.145 port 51720 ssh2 Apr 26 12:27:27 srv-ubuntu-dev3 sshd[94535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.145 user=root Apr 26 12:27:28 srv-ubuntu-dev3 sshd[94535]: Failed password for root from 218.92.0.145 port 51720 ssh2 Apr 26 12:27:32 srv-ubuntu-dev3 sshd[94535]: Failed password for root from 218.92.0.145 port 51720 ssh2 Apr 26 12:27:27 srv-ubuntu-dev3 sshd[94535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.92.0.145 user=root Apr 26 12:27:28 srv-ubuntu-dev3 sshd[94535]: Failed password for root from 218.92.0.145 port 51720 ssh2 Apr 26 12 ...	2020-04-26 18:28:16
66.70.178.54	attackbotsspam	(sshd) Failed SSH login from 66.70.178.54 (CA/Canada/front1.keepsolid.com): 5 in the last 3600 secs	2020-04-26 18:29:12
183.237.98.133	attackspambots	Unauthorized connection attempt detected from IP address 183.237.98.133 to port 23	2020-04-26 18:51:16

最近上报的IP列表

147.200.201.179	189.173.176.90	250.84.54.219	81.81.169.35
89.207.217.50	89.9.16.229	64.135.201.203	140.25.204.156
58.126.209.207	60.19.132.227	139.166.103.230	220.212.139.88
211.189.222.134	200.137.170.246	219.190.154.105	102.253.30.65
13.75.232.250	194.62.1.36	129.211.54.147	78.139.51.234