23.90.145.42 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Germany

运营商(isp): Zenlayer Inc

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Port Scan detected from 23.90.145.42 (DE/Germany/Hesse/Frankfurt am Main/-). 4 hits in the last 155 seconds	2020-08-16 21:56:11

相同子网IP讨论:

IP	类型	评论内容	时间
23.90.145.52	attack	srvr1: (mod_security) mod_security (id:920350) triggered by 23.90.145.52 (DE/-/-): 1 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/09/22 18:42:43 [error] 124057#0: 396601 [client 23.90.145.52] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/"] [unique_id "160079296326.280589"] [ref "o0,13v21,13"], client: 23.90.145.52, [redacted] request: "GET / HTTP/1.0" [redacted]	2020-09-23 01:38:09
23.90.145.52	attack	[21/Sep/2020:04:40:46 -0400] "GET / HTTP/1.0" Blank UA	2020-09-22 17:40:40
23.90.145.40	attack	SCAN: Host Sweep CloudCIX Reconnaissance Scan Detected, PTR: PTR record not found	2020-08-05 17:55:04
23.90.145.39	attack	Attempted connection to port 5601.	2020-08-02 12:57:32
23.90.145.38	attack	trying to access non-authorized port	2020-08-01 15:05:14

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 23.90.145.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46770
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;23.90.145.42.			IN	A

;; AUTHORITY SECTION:
.			201	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020081600 1800 900 604800 86400

;; Query time: 88 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Aug 16 21:56:05 CST 2020
;; MSG SIZE  rcvd: 116

HOST信息:

Host 42.145.90.23.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 42.145.90.23.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
180.215.120.2	attackspam	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/180.215.120.2/ SG - 1H : (31) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : SG NAME ASN : ASN64050 IP : 180.215.120.2 CIDR : 180.215.96.0/19 PREFIX COUNT : 383 UNIQUE IP COUNT : 165376 ATTACKS DETECTED ASN64050 : 1H - 1 3H - 1 6H - 1 12H - 2 24H - 2 DateTime : 2019-10-27 21:26:28 INFO : Port SSH 22 Scan Detected and Blocked by ADMIN - data recovery	2019-10-28 06:57:14
37.99.136.252	attack	2019-10-27T20:26:24.648999homeassistant sshd[2891]: Invalid user administrator from 37.99.136.252 port 56076 2019-10-27T20:26:24.765607homeassistant sshd[2891]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.99.136.252 ...	2019-10-28 07:00:40
132.148.151.162	attackbots	Automatic report - XMLRPC Attack	2019-10-28 06:51:37
43.240.38.28	attack	Oct 27 12:39:30 rb06 sshd[32612]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.240.38.28 user=r.r Oct 27 12:39:33 rb06 sshd[32612]: Failed password for r.r from 43.240.38.28 port 9880 ssh2 Oct 27 12:39:33 rb06 sshd[32612]: Received disconnect from 43.240.38.28: 11: Bye Bye [preauth] Oct 27 12:47:09 rb06 sshd[643]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.240.38.28 user=r.r Oct 27 12:47:11 rb06 sshd[643]: Failed password for r.r from 43.240.38.28 port 29436 ssh2 Oct 27 12:47:11 rb06 sshd[643]: Received disconnect from 43.240.38.28: 11: Bye Bye [preauth] Oct 27 12:51:01 rb06 sshd[843]: Failed password for invalid user nagios from 43.240.38.28 port 12564 ssh2 Oct 27 12:51:02 rb06 sshd[843]: Received disconnect from 43.240.38.28: 11: Bye Bye [preauth] Oct 27 12:54:35 rb06 sshd[10231]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.240........ -------------------------------	2019-10-28 07:04:41
203.143.12.26	attackspam	Oct 27 22:57:20 tux-35-217 sshd\[29902\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.143.12.26 user=root Oct 27 22:57:21 tux-35-217 sshd\[29902\]: Failed password for root from 203.143.12.26 port 41755 ssh2 Oct 27 23:01:29 tux-35-217 sshd\[29913\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.143.12.26 user=root Oct 27 23:01:31 tux-35-217 sshd\[29913\]: Failed password for root from 203.143.12.26 port 1328 ssh2 ...	2019-10-28 06:33:13
45.55.190.106	attackspambots	2019-10-27T22:35:17.584418shield sshd\[7290\]: Invalid user israel from 45.55.190.106 port 47424 2019-10-27T22:35:17.592963shield sshd\[7290\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.106 2019-10-27T22:35:19.441780shield sshd\[7290\]: Failed password for invalid user israel from 45.55.190.106 port 47424 ssh2 2019-10-27T22:38:52.757634shield sshd\[7871\]: Invalid user terminfo from 45.55.190.106 port 37664 2019-10-27T22:38:52.765447shield sshd\[7871\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.190.106	2019-10-28 06:43:57
54.37.232.137	attackbotsspam	Oct 27 23:43:44 meumeu sshd[25888]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.37.232.137 Oct 27 23:43:45 meumeu sshd[25888]: Failed password for invalid user oracle from 54.37.232.137 port 58376 ssh2 Oct 27 23:47:10 meumeu sshd[26294]: Failed password for root from 54.37.232.137 port 39020 ssh2 ...	2019-10-28 07:02:52
102.177.145.221	attack	Oct 28 00:52:57 www sshd\[100386\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.177.145.221 user=root Oct 28 00:52:59 www sshd\[100386\]: Failed password for root from 102.177.145.221 port 34834 ssh2 Oct 28 00:57:35 www sshd\[100454\]: Invalid user scp from 102.177.145.221 Oct 28 00:57:35 www sshd\[100454\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=102.177.145.221 ...	2019-10-28 07:02:29
150.109.51.105	attackbots	Oct 27 12:34:38 php1 sshd\[24300\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.51.105 user=root Oct 27 12:34:40 php1 sshd\[24300\]: Failed password for root from 150.109.51.105 port 48980 ssh2 Oct 27 12:38:31 php1 sshd\[24748\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.51.105 user=root Oct 27 12:38:33 php1 sshd\[24748\]: Failed password for root from 150.109.51.105 port 36007 ssh2 Oct 27 12:42:29 php1 sshd\[25369\]: Invalid user ubnt from 150.109.51.105 Oct 27 12:42:29 php1 sshd\[25369\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.109.51.105	2019-10-28 07:00:59
94.176.141.57	attack	(Oct 27) LEN=44 TTL=241 ID=22683 DF TCP DPT=23 WINDOW=14600 SYN (Oct 27) LEN=44 TTL=241 ID=40167 DF TCP DPT=23 WINDOW=14600 SYN (Oct 27) LEN=44 TTL=241 ID=59470 DF TCP DPT=23 WINDOW=14600 SYN (Oct 27) LEN=44 TTL=241 ID=27886 DF TCP DPT=23 WINDOW=14600 SYN (Oct 27) LEN=44 TTL=241 ID=16888 DF TCP DPT=23 WINDOW=14600 SYN (Oct 27) LEN=44 TTL=241 ID=42404 DF TCP DPT=23 WINDOW=14600 SYN (Oct 27) LEN=44 TTL=241 ID=61625 DF TCP DPT=23 WINDOW=14600 SYN (Oct 27) LEN=44 TTL=241 ID=64234 DF TCP DPT=23 WINDOW=14600 SYN (Oct 27) LEN=44 TTL=241 ID=38456 DF TCP DPT=23 WINDOW=14600 SYN (Oct 27) LEN=44 TTL=241 ID=49551 DF TCP DPT=23 WINDOW=14600 SYN	2019-10-28 06:32:04
45.114.171.92	attackbots	Oct 27 08:09:03 DNS-2 sshd[10372]: User r.r from 45.114.171.92 not allowed because not listed in AllowUsers Oct 27 08:09:03 DNS-2 sshd[10372]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.114.171.92 user=r.r Oct 27 08:09:05 DNS-2 sshd[10372]: Failed password for invalid user r.r from 45.114.171.92 port 60631 ssh2 Oct 27 08:09:07 DNS-2 sshd[10372]: Received disconnect from 45.114.171.92 port 60631:11: Bye Bye [preauth] Oct 27 08:09:07 DNS-2 sshd[10372]: Disconnected from invalid user r.r 45.114.171.92 port 60631 [preauth] Oct 27 08:32:10 DNS-2 sshd[11568]: Invalid user abisset from 45.114.171.92 port 45725 Oct 27 08:32:10 DNS-2 sshd[11568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.114.171.92 Oct 27 08:32:11 DNS-2 sshd[11568]: Failed password for invalid user abisset from 45.114.171.92 port 45725 ssh2 Oct 27 08:32:13 DNS-2 sshd[11568]: Received disconnect from 45.114.171.92 p........ -------------------------------	2019-10-28 06:48:24
92.222.77.175	attack	Oct 27 22:19:47 web8 sshd\[22943\]: Invalid user zhouh from 92.222.77.175 Oct 27 22:19:47 web8 sshd\[22943\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.222.77.175 Oct 27 22:19:49 web8 sshd\[22943\]: Failed password for invalid user zhouh from 92.222.77.175 port 58548 ssh2 Oct 27 22:23:01 web8 sshd\[24523\]: Invalid user molly from 92.222.77.175 Oct 27 22:23:01 web8 sshd\[24523\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.222.77.175	2019-10-28 06:31:43
69.171.79.217	attack	Oct 27 22:27:15 MK-Soft-VM5 sshd[6298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.171.79.217 Oct 27 22:27:17 MK-Soft-VM5 sshd[6298]: Failed password for invalid user th from 69.171.79.217 port 38154 ssh2 ...	2019-10-28 06:38:38
37.230.137.218	attack	ssh failed login	2019-10-28 06:42:39
191.32.43.2	attack	Fail2Ban Ban Triggered	2019-10-28 06:50:54

最近上报的IP列表

123.24.234.1	125.72.106.246	161.97.79.88	156.96.117.170
144.34.182.70	45.76.181.86	1.163.38.162	143.202.209.47
180.126.224.140	198.249.142.122	10.29.24.17	178.54.198.154
39.207.115.22	198.23.165.113	186.233.230.42	44.21.233.174
200.38.209.116	136.10.110.2	26.11.151.249	247.216.128.152