49.145.111.85 - IPInfo

基本信息:

城市(city): Alangilan

省份(region): Central Visayas

国家(country): Philippines

运营商(isp): DSL

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Fixed Line ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Attempt to attack host OS, exploiting network vulnerabilities, on 08-11-2019 14:35:30.	2019-11-09 02:59:00

相同子网IP讨论:

暂无关于此IP所属子网相关IP的讨论.

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 49.145.111.85
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4064
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;49.145.111.85.			IN	A

;; AUTHORITY SECTION:
.			239	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019110800 1800 900 604800 86400

;; Query time: 67 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat Nov 09 02:58:56 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

85.111.145.49.in-addr.arpa domain name pointer dsl.49.145.111.85.pldt.net.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
85.111.145.49.in-addr.arpa	name = dsl.49.145.111.85.pldt.net.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
122.252.239.5	attackbotsspam	Dec 8 07:22:56 markkoudstaal sshd[13876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.252.239.5 Dec 8 07:22:58 markkoudstaal sshd[13876]: Failed password for invalid user tucci from 122.252.239.5 port 57706 ssh2 Dec 8 07:30:03 markkoudstaal sshd[14707]: Failed password for backup from 122.252.239.5 port 39140 ssh2	2019-12-08 14:53:44
218.92.0.137	attack	IP blocked	2019-12-08 14:27:18
211.227.23.216	attack	Dec 8 11:19:35 gw1 sshd[12370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.227.23.216 Dec 8 11:19:37 gw1 sshd[12370]: Failed password for invalid user S0lut10ns from 211.227.23.216 port 36116 ssh2 ...	2019-12-08 14:20:42
104.248.149.130	attackspam	Dec 8 07:23:53 eventyay sshd[32101]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.149.130 Dec 8 07:23:55 eventyay sshd[32101]: Failed password for invalid user xmms from 104.248.149.130 port 33284 ssh2 Dec 8 07:30:09 eventyay sshd[32295]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.149.130 ...	2019-12-08 14:48:44
223.68.8.162	attackbotsspam	Dec 8 07:30:26 mail kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3c:4d:20:28:99:3a:4d:30:af:08:00 SRC=223.68.8.162 DST=213.136.73.128 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=34384 DPT=10000 WINDOW=0 RES=0x00 RST URGP=0 Dec 8 07:30:26 mail kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3c:4d:20:28:99:3a:4d:30:af:08:00 SRC=223.68.8.162 DST=213.136.73.128 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=34384 DPT=10000 WINDOW=0 RES=0x00 RST URGP=0 Dec 8 07:30:26 mail kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3c:4d:20:28:99:3a:4d:30:af:08:00 SRC=223.68.8.162 DST=213.136.73.128 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=34384 DPT=10000 WINDOW=0 RES=0x00 RST URGP=0 Dec 8 07:30:26 mail kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3c:4d:20:28:99:3a:4d:30:af:08:00 SRC=223.68.8.162 DST=213.136.73.128 LEN=40 TOS=0x00 PREC=0x00 TTL=51 ID=0 DF PROTO=TCP SPT=34384 DPT=10000 WINDOW=0 RES=0x00 RST URGP=0 Dec 8 07:30:26 mail kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3c:4d:20:	2019-12-08 14:40:03
116.31.105.198	attack	Dec 8 07:29:57 lnxweb61 sshd[21128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.105.198 Dec 8 07:29:57 lnxweb61 sshd[21128]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.105.198	2019-12-08 15:07:26
188.129.165.75	attackspambots	Honeypot attack, port: 445, PTR: PTR record not found	2019-12-08 15:13:55
95.216.10.31	attack	Lines containing failures of 95.216.10.31 Dec 7 21:59:48 kmh-vmh-003-fsn07 sshd[12451]: Invalid user papernet from 95.216.10.31 port 39180 Dec 7 21:59:48 kmh-vmh-003-fsn07 sshd[12451]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.10.31 Dec 7 21:59:50 kmh-vmh-003-fsn07 sshd[12451]: Failed password for invalid user papernet from 95.216.10.31 port 39180 ssh2 Dec 7 21:59:52 kmh-vmh-003-fsn07 sshd[12451]: Received disconnect from 95.216.10.31 port 39180:11: Bye Bye [preauth] Dec 7 21:59:52 kmh-vmh-003-fsn07 sshd[12451]: Disconnected from invalid user papernet 95.216.10.31 port 39180 [preauth] Dec 7 22:09:53 kmh-vmh-003-fsn07 sshd[27313]: Invalid user ubuntu from 95.216.10.31 port 59726 Dec 7 22:09:53 kmh-vmh-003-fsn07 sshd[27313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.216.10.31 Dec 7 22:09:55 kmh-vmh-003-fsn07 sshd[27313]: Failed password for invalid user ubuntu fr........ ------------------------------	2019-12-08 14:52:34
129.211.75.184	attack	Dec 7 20:40:10 web9 sshd\[18480\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.211.75.184 user=root Dec 7 20:40:11 web9 sshd\[18480\]: Failed password for root from 129.211.75.184 port 54340 ssh2 Dec 7 20:47:13 web9 sshd\[19642\]: Invalid user guest from 129.211.75.184 Dec 7 20:47:13 web9 sshd\[19642\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.211.75.184 Dec 7 20:47:15 web9 sshd\[19642\]: Failed password for invalid user guest from 129.211.75.184 port 36074 ssh2	2019-12-08 15:08:36
24.228.253.171	attackbots	firewall-block, port(s): 5555/tcp	2019-12-08 15:00:13
183.134.199.68	attackspam	Dec 7 20:33:05 sachi sshd\[27574\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.134.199.68 user=root Dec 7 20:33:07 sachi sshd\[27574\]: Failed password for root from 183.134.199.68 port 45776 ssh2 Dec 7 20:40:34 sachi sshd\[28427\]: Invalid user gdm from 183.134.199.68 Dec 7 20:40:34 sachi sshd\[28427\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.134.199.68 Dec 7 20:40:35 sachi sshd\[28427\]: Failed password for invalid user gdm from 183.134.199.68 port 50178 ssh2	2019-12-08 15:06:32
194.187.251.155	attack	Time: Sun Dec 8 03:11:12 2019 -0300 IP: 194.187.251.155 (BE/Belgium/155.251.187.194.in-addr.arpa) Failures: 5 (mod_security) Interval: 3600 seconds Blocked: Permanent Block [LF_MODSEC] Log entries: 194.187.251.155 - - [08/Dec/2019:03:10:49 -0300] "GET /wp-login.php?registration=disabled HTTP/1.1" 200 1282 "https://brasilwork.com.br/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1" 194.187.251.155 - - [08/Dec/2019:03:10:51 -0300] "GET /wp-cron.php HTTP/1.1" 200 - "https://brasilwork.com.br/" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20120427 Firefox/15.0a1" [Sun Dec 08 03:11:08.082212 2019] [:error] [pid 5036] [client 194.187.251.155:51532] [client 194.187.251.155] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "122"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "br	2019-12-08 14:51:09
114.67.74.139	attackspam	--- report --- Dec 8 03:54:20 sshd: Connection from 114.67.74.139 port 44184 Dec 8 03:54:22 sshd: Invalid user yamakoshi from 114.67.74.139 Dec 8 03:54:22 sshd: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.67.74.139 Dec 8 03:54:23 sshd: Failed password for invalid user yamakoshi from 114.67.74.139 port 44184 ssh2 Dec 8 03:54:24 sshd: Received disconnect from 114.67.74.139: 11: Bye Bye [preauth]	2019-12-08 15:03:24
99.191.118.206	attack	Dec 8 05:55:55 tux-35-217 sshd\[27306\]: Invalid user pi from 99.191.118.206 port 36548 Dec 8 05:55:55 tux-35-217 sshd\[27305\]: Invalid user pi from 99.191.118.206 port 36546 Dec 8 05:55:56 tux-35-217 sshd\[27305\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=99.191.118.206 Dec 8 05:55:56 tux-35-217 sshd\[27306\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=99.191.118.206 ...	2019-12-08 14:26:23
177.85.116.242	attackspambots	Dec 8 06:17:02 v22018086721571380 sshd[8816]: Failed password for invalid user oracle from 177.85.116.242 port 37433 ssh2 Dec 8 07:30:09 v22018086721571380 sshd[14561]: Failed password for invalid user elev from 177.85.116.242 port 29634 ssh2	2019-12-08 14:43:11

最近上报的IP列表

45.178.1.33	45.171.150.20	42.115.215.88	41.83.14.56
39.37.233.106	219.85.6.94	122.178.245.96	36.71.73.29
36.65.238.120	27.128.164.218	200.44.235.224	190.203.11.199
190.57.185.220	188.163.113.158	187.60.223.36	183.88.239.107
77.40.62.101	179.98.120.60	34.94.208.18	171.254.10.6