85.93.20.70 - IPInfo

基本信息:

城市(city): Gdańsk

省份(region): Pomerania

国家(country): Poland

运营商(isp): ISP4P IT Services

主机名(hostname): unknown

机构(organization): L&L Investment Ltd.

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	RDP Bruteforce	2020-02-24 17:56:09
attackbots	ET SCAN MS Terminal Server Traffic on Non-standard Port - port: 443 proto: TCP cat: Attempted Information Leak	2020-02-23 08:48:54
attackspam	TCP port 1318: Scan and connection	2020-02-12 03:05:36
attackbots	Unauthorized connection attempt detected from IP address 85.93.20.70 to port 4389 [J]	2020-01-31 07:39:20
attackspam	Port Scanning MultiHosts	2019-12-28 04:45:51
attack	alert tcp $EXTERNAL_NET any -> $HOME_NET !3389 (msg:"ET SCAN MS Terminal Server Traffic on Non-standard Port"; flow:to_server,established; content:"\|03 00 00\|"; depth:3; content:"\|e0 00 00 00 00 00\|"; offset:5; depth:6; content:"Cookie\|3a\| mstshash="; fast_pattern; classtype:attempted-recon; sid:2023753; rev:2; metadata:affected_product Microsoft_Terminal_Server_RDP, attack_target Server, deployment Perimeter, signature_severity Major, created_at 2017_01_23, performance_impact Low, updated_at 2017_02_23;)	2019-12-27 18:44:29
attack	port scan and connect, tcp 22 (ssh)	2019-12-02 18:30:44
attackspam	21 attempts against mh_ha-misbehave-ban on shade.magehost.pro	2019-08-03 06:07:38
attack	20 attempts against mh-misbehave-ban on ice.magehost.pro	2019-07-30 09:23:26
attackspambots	20 attempts against mh-misbehave-ban on pluto.magehost.pro	2019-07-29 14:29:17

相同子网IP讨论:

IP	类型	评论内容	时间
85.93.20.134	attack	port	2020-10-14 05:40:04
85.93.20.134	attackspambots	RDP Bruteforce	2020-10-13 01:15:46
85.93.20.134	attackspambots	[portscan] tcp/3389 [MS RDP] *(RWIN=1024)(10120855)	2020-10-12 16:38:46
85.93.20.134	attackspambots	2020-10-10 13:54:09.587374-0500 localhost screensharingd[38744]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 85.93.20.134 :: Type: VNC DES	2020-10-11 03:36:45
85.93.20.134	attackspambots	2020-10-10 05:50:23.141580-0500 localhost screensharingd[450]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 85.93.20.134 :: Type: VNC DES	2020-10-10 19:29:30
85.93.20.6	attackspambots	RDPBrutePap	2020-10-04 02:38:43
85.93.20.122	attack	Repeated RDP login failures. Last user: administrator	2020-10-03 03:39:11
85.93.20.122	attack	Repeated RDP login failures. Last user: administrator	2020-10-03 02:27:39
85.93.20.122	attackbots	Repeated RDP login failures. Last user: administrator	2020-10-02 22:56:47
85.93.20.122	attackspambots	Repeated RDP login failures. Last user: administrator	2020-10-02 19:28:26
85.93.20.122	attack	Repeated RDP login failures. Last user: administrator	2020-10-02 16:04:25
85.93.20.122	attackbots	Repeated RDP login failures. Last user: administrator	2020-10-02 12:18:39
85.93.20.170	attackspam	Multiple HTTP calls attempting to GET resources using common API calls or formats on port 8080	2020-09-23 22:42:35
85.93.20.170	attack	Multiple HTTP calls attempting to GET resources using common API calls or formats on port 8080	2020-09-23 15:00:05
85.93.20.170	attackbotsspam	1600813421 - 09/23/2020 05:23:41 Host: 85.93.20.170/85.93.20.170 Port: 3000 TCP Blocked ...	2020-09-23 06:51:18

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 85.93.20.70
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24619
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;85.93.20.70.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019041601 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Wed Apr 17 13:02:57 +08 2019
;; MSG SIZE  rcvd: 115

HOST信息:

70.20.93.85.in-addr.arpa has no PTR record

NSLOOKUP信息:

Server:		67.207.67.3
Address:	67.207.67.3#53

Non-authoritative answer:
*** Can't find 70.20.93.85.in-addr.arpa.: No answer

Authoritative answers can be found from:
arpa
	origin = ns4.csof.net
	mail addr = hostmaster.arpa
	serial = 1555477328
	refresh = 16384
	retry = 2048
	expire = 1048576
	minimum = 2560

最新评论:

IP	类型	评论内容	时间
65.49.20.69	attack	Unauthorized connection attempt detected from IP address 65.49.20.69 to port 22	2020-06-10 13:11:31
46.38.145.253	attackbotsspam	2020-06-09T22:37:50.709772linuxbox-skyline auth[281395]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=alyssa rhost=46.38.145.253 ...	2020-06-10 12:47:37
45.248.71.169	attackbotsspam	Jun 9 19:03:32 php1 sshd\[29564\]: Invalid user avis from 45.248.71.169 Jun 9 19:03:32 php1 sshd\[29564\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.248.71.169 Jun 9 19:03:33 php1 sshd\[29564\]: Failed password for invalid user avis from 45.248.71.169 port 43428 ssh2 Jun 9 19:05:14 php1 sshd\[29710\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.248.71.169 user=root Jun 9 19:05:15 php1 sshd\[29710\]: Failed password for root from 45.248.71.169 port 34436 ssh2	2020-06-10 13:19:09
106.13.223.100	attackspam	Jun 10 06:32:40 roki sshd[12290]: Invalid user rstudio-server from 106.13.223.100 Jun 10 06:32:40 roki sshd[12290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.223.100 Jun 10 06:32:43 roki sshd[12290]: Failed password for invalid user rstudio-server from 106.13.223.100 port 49850 ssh2 Jun 10 06:49:00 roki sshd[13454]: Invalid user common from 106.13.223.100 Jun 10 06:49:00 roki sshd[13454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.223.100 ...	2020-06-10 12:58:58
142.93.226.18	attackspambots	SSH bruteforce	2020-06-10 13:15:14
195.158.21.134	attackbotsspam	Jun 9 19:05:23 hanapaa sshd\[25062\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.21.134 user=root Jun 9 19:05:25 hanapaa sshd\[25062\]: Failed password for root from 195.158.21.134 port 59986 ssh2 Jun 9 19:07:47 hanapaa sshd\[25285\]: Invalid user zhaoweiyuan from 195.158.21.134 Jun 9 19:07:47 hanapaa sshd\[25285\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.158.21.134 Jun 9 19:07:49 hanapaa sshd\[25285\]: Failed password for invalid user zhaoweiyuan from 195.158.21.134 port 49705 ssh2	2020-06-10 13:30:04
222.186.175.150	attackbots	Jun 10 06:57:00 minden010 sshd[31065]: Failed password for root from 222.186.175.150 port 5266 ssh2 Jun 10 06:57:13 minden010 sshd[31065]: Failed password for root from 222.186.175.150 port 5266 ssh2 Jun 10 06:57:13 minden010 sshd[31065]: error: maximum authentication attempts exceeded for root from 222.186.175.150 port 5266 ssh2 [preauth] ...	2020-06-10 13:08:40
134.122.85.23	attackbots	Port scan denied	2020-06-10 13:09:57
49.233.186.66	attackspam	Jun 10 05:50:40 vpn01 sshd[14497]: Failed password for root from 49.233.186.66 port 18392 ssh2 ...	2020-06-10 13:01:05
42.103.52.101	attack	Jun 10 06:27:36 vps639187 sshd\[5796\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.103.52.101 user=root Jun 10 06:27:39 vps639187 sshd\[5796\]: Failed password for root from 42.103.52.101 port 57420 ssh2 Jun 10 06:32:40 vps639187 sshd\[5822\]: Invalid user di from 42.103.52.101 port 47916 Jun 10 06:32:40 vps639187 sshd\[5822\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.103.52.101 ...	2020-06-10 13:15:50
209.97.134.47	attackbotsspam	$f2bV_matches	2020-06-10 13:09:03
187.221.78.95	attackspambots	trying to access non-authorized port	2020-06-10 12:57:42
49.232.165.42	attack	$f2bV_matches	2020-06-10 13:19:47
217.112.142.81	attackbots	Jun 10 05:46:27 web01.agentur-b-2.de postfix/smtpd[532681]: NOQUEUE: reject: RCPT from unknown[217.112.142.81]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo= Jun 10 05:46:30 web01.agentur-b-2.de postfix/smtpd[537481]: NOQUEUE: reject: RCPT from unknown[217.112.142.81]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo= Jun 10 05:52:47 web01.agentur-b-2.de postfix/smtpd[537451]: NOQUEUE: reject: RCPT from unknown[217.112.142.81]: 450 4.7.1 : Helo command rejected: Host not found; from= to= proto=ESMTP helo= Jun 10 05:53:42 web01.agentur-b-2.de postfix/smtpd[537481]: NOQUEUE: reject: RCPT from unknown[217.112.142.81]: 450 4.7.1 : Helo command rejec	2020-06-10 13:16:59
113.130.212.4	attackspam	Port probing on unauthorized port 8080	2020-06-10 13:19:34

最近上报的IP列表

121.56.158.239	114.245.39.168	80.238.114.154	115.159.46.47
91.249.81.184	218.82.68.137	113.169.150.148	106.47.76.100
94.231.175.147	65.48.219.101	192.81.218.235	103.233.100.80
58.187.166.40	51.15.99.225	156.223.174.254	42.113.192.50
54.38.18.211	92.46.110.2	112.72.86.69	78.189.17.38