49.143.116.144

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Korea (Republic of)

运营商(isp): Hyundai Communications & Network

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Fixed Line ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/49.143.116.144/ KR - 1H : (1) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : KR NAME ASN : ASN7623 IP : 49.143.116.144 CIDR : 49.143.116.0/22 PREFIX COUNT : 75 UNIQUE IP COUNT : 77824 ATTACKS DETECTED ASN7623 : 1H - 1 3H - 1 6H - 1 12H - 1 24H - 1 DateTime : 2020-03-27 04:53:19 INFO : Port MAX SCAN Scan Detected and Blocked by ADMIN - data recovery	2020-03-27 13:46:33

类型

评论内容

时间

attack

IP Ban Report :  
 https://help-dysk.pl/wordpress-firewall-plugins/ip/49.143.116.144/ 
 
 KR - 1H : (1)  
 Protection Against DDoS WordPress plugin :  
 "odzyskiwanie danych help-dysk" 
 IP Address Ranges by Country : KR 
 NAME ASN : ASN7623 
 
 IP : 49.143.116.144 
 
 CIDR : 49.143.116.0/22 
 
 PREFIX COUNT : 75 
 
 UNIQUE IP COUNT : 77824 
 
 
 ATTACKS DETECTED ASN7623 :  
  1H - 1 
  3H - 1 
  6H - 1 
 12H - 1 
 24H - 1 
 
 DateTime : 2020-03-27 04:53:19 
 
 INFO : Port MAX SCAN Scan Detected and Blocked by ADMIN  - data recovery

2020-03-27 13:46:33

相同子网IP讨论:

暂无关于此IP所属子网相关IP的讨论.

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 49.143.116.144
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39603
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;49.143.116.144.			IN	A

;; AUTHORITY SECTION:
.			506	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020032601 1800 900 604800 86400

;; Query time: 45 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Mar 27 13:46:27 CST 2020
;; MSG SIZE  rcvd: 118

HOST信息:

Host 144.116.143.49.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 144.116.143.49.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
165.227.7.5	attackspambots	Aug 9 19:56:49 buvik sshd[23543]: Failed password for root from 165.227.7.5 port 38326 ssh2 Aug 9 20:00:39 buvik sshd[24534]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.7.5 user=root Aug 9 20:00:41 buvik sshd[24534]: Failed password for root from 165.227.7.5 port 49422 ssh2 ...	2020-08-10 02:06:05
51.15.84.12	attackspam	(mod_security) mod_security (id:920350) triggered by 51.15.84.12 (NL/-/12-84-15-51.instances.scw.cloud): 1 in the last 600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/09 19:58:24 [error] 346090#0: 27614 [client 51.15.84.12] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/boaform/admin/formLogin"] [unique_id "159699590458.872160"] [ref "o0,15v45,15"], client: 51.15.84.12, [redacted] request: "POST /boaform/admin/formLogin HTTP/1.1" [redacted]	2020-08-10 02:26:27
51.178.41.60	attackspam	Aug 9 19:48:09 lnxmysql61 sshd[32003]: Failed password for root from 51.178.41.60 port 44247 ssh2 Aug 9 19:48:09 lnxmysql61 sshd[32003]: Failed password for root from 51.178.41.60 port 44247 ssh2	2020-08-10 02:05:01
91.126.204.169	attackspambots	TCP (SYN) 91.126.204.169:39082 -> port 22, len 60	2020-08-10 02:00:05
103.100.64.74	attack	IP 103.100.64.74 attacked honeypot on port: 1433 at 8/9/2020 5:07:01 AM	2020-08-10 02:17:00
89.35.39.180	attackspambots	Attempting to access Wordpress login on a honeypot or private system.	2020-08-10 02:04:33
84.17.48.245	attack	Tried at least 100 times to enter to my NAS	2020-08-10 02:07:08
220.166.241.138	attackspam	Aug 4 14:05:50 * sshd[11941]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.166.241.138 user=r.r Aug 4 14:05:52 * sshd[11941]: Failed password for r.r from 220.166.241.138 port 48516 ssh2 Aug 4 14:05:52 * sshd[11941]: Received disconnect from 220.166.241.138 port 48516:11: Bye Bye [preauth] Aug 4 14:05:52 * sshd[11941]: Disconnected from 220.166.241.138 port 48516 [preauth] Aug 4 14:12:13 * sshd[12045]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.166.241.138 user=r.r Aug 4 14:12:15 * sshd[12045]: Failed password for r.r from 220.166.241.138 port 48792 ssh2 Aug 4 14:12:16 * sshd[12045]: Received disconnect from 220.166.241.138 port 48792:11: Bye Bye [preauth] Aug 4 14:12:16 * sshd[12045]: Disconnected from 220.166.241.138 port 48792 [preauth] Aug 4 14:14:58 *** sshd[12103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruse........ -------------------------------	2020-08-10 02:17:47
161.97.83.138	attack	SIP/5060 Probe, BF, Hack -	2020-08-10 01:56:46
51.91.45.6	attackspambots	"$f2bV_matches"	2020-08-10 02:14:24
103.40.22.89	attackspambots	(sshd) Failed SSH login from 103.40.22.89 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Aug 9 14:53:13 amsweb01 sshd[20841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.40.22.89 user=root Aug 9 14:53:15 amsweb01 sshd[20841]: Failed password for root from 103.40.22.89 port 33266 ssh2 Aug 9 14:59:51 amsweb01 sshd[21940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.40.22.89 user=root Aug 9 14:59:54 amsweb01 sshd[21940]: Failed password for root from 103.40.22.89 port 39814 ssh2 Aug 9 15:02:35 amsweb01 sshd[22399]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.40.22.89 user=root	2020-08-10 01:53:01
51.75.83.77	attack	$f2bV_matches	2020-08-10 02:09:13
111.93.10.213	attackspambots	Aug 9 20:00:12 sshd\[4024\]: User root from 111.93.10.213 not allowed because not listed in AllowUsersAug 9 20:00:14 sshd\[4024\]: Failed password for invalid user root from 111.93.10.213 port 38236 ssh2 ...	2020-08-10 02:03:18
184.179.216.151	attackspambots	Dovecot Invalid User Login Attempt.	2020-08-10 02:03:03
49.233.12.222	attack	"$f2bV_matches"	2020-08-10 01:52:24

最近上报的IP列表

113.160.158.169	188.166.63.155	52.172.221.28	92.118.38.66
101.254.183.205	201.157.39.242	181.48.73.2	185.232.65.230
88.132.109.164	95.163.118.126	229.76.247.60	94.66.27.14
69.85.239.16	189.80.44.98	199.126.70.202	115.76.178.155
217.182.38.4	113.175.121.179	27.74.248.125	51.75.55.33