94.102.52.29 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Netherlands

运营商(isp): Incrediserve Ltd

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbotsspam	94.102.52.29 - - \[13/Mar/2020:20:47:47 +0800\] "GET /wp-content/plugins/rolo-slider/assets/css/admin.css HTTP/1.1" 404 38374 "-" "Mozilla/4.0 \(compatible\; MSIE 6.0\; Windows NT 5.1\; SV1\)"	2020-03-13 22:55:22

相同子网IP讨论:

IP	类型	评论内容	时间
94.102.52.36	attackspam	Sent packet to closed port: 22	2020-08-09 23:44:48
94.102.52.57	attackbots	[Thu May 21 12:06:10 2020] - DDoS Attack From IP: 94.102.52.57 Port: 56548	2020-07-09 03:53:58
94.102.52.44	attackspambots	May 27 00:05:26 pop3-login: Info: Disconnected: Inactivity \(auth failed, 1 attempts in 180 secs\): user=\, method=PLAIN, rip=94.102.52.44, lip=192.168.100.101, session=\<9W41QJSmrABeZjQs\>\ May 27 00:47:06 pop3-login: Info: Aborted login \(auth failed, 1 attempts in 2 secs\): user=\, method=PLAIN, rip=94.102.52.44, lip=192.168.100.101, session=\\ May 27 00:50:24 pop3-login: Info: Aborted login \(auth failed, 1 attempts in 2 secs\): user=\, method=PLAIN, rip=94.102.52.44, lip=192.168.100.101, session=\\ May 27 00:59:20 pop3-login: Info: Aborted login \(auth failed, 1 attempts in 2 secs\): user=\, method=PLAIN, rip=94.102.52.44, lip=192.168.100.101, session=\\ May 27 00:59:24 pop3-login: Info: Aborted login \(auth failed, 1 attempts in 6 secs\): user=\, method=PLAIN, rip=94.102.52.44, lip=192.168.100.101, session=\\ May 27 01	2020-05-27 07:46:46
94.102.52.44	attackspam	May 26 18:59:50 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=94.102.52.44, lip=185.118.198.210, session= May 26 19:00:07 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=94.102.52.44, lip=185.118.198.210, session=<0DPwBpCmxk5eZjQs> May 26 19:00:19 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=94.102.52.44, lip=185.118.198.210, session= May 26 19:01:43 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=, method=PLAIN, rip=94.102.52.44, lip=185.118.198.210, session= May 26 19:02:11 web01.agentur-b-2.de dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 2 secs): user=	2020-05-27 01:15:11
94.102.52.44	attack	May 26 04:04:28 ns3042688 courier-pop3d: LOGIN FAILED, user=postmaster@sikla-shop.eu, ip=\[::ffff:94.102.52.44\] ...	2020-05-26 10:11:53
94.102.52.44	attackbotsspam	May 25 19:44:30 ns3042688 courier-pop3d: LOGIN FAILED, user=office@sikla-systems.es, ip=\[::ffff:94.102.52.44\] ...	2020-05-26 02:06:54
94.102.52.44	attackbotsspam	May 25 07:48:22 ns3042688 courier-pop3d: LOGIN FAILED, user=test@makita-dolmar.info, ip=\[::ffff:94.102.52.44\] ...	2020-05-25 13:49:29
94.102.52.57	attackbotsspam	05/24/2020-18:33:20.532373 94.102.52.57 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-05-25 06:51:24
94.102.52.44	attackbotsspam	May 24 13:56:10 ns3042688 courier-pop3d: LOGIN FAILED, user=webmaster@tienda-sikla.eu, ip=\[::ffff:94.102.52.44\] ...	2020-05-24 20:15:14
94.102.52.57	attack	Port scanning [23 denied]	2020-05-23 17:57:54
94.102.52.44	attack	May 22 21:47:50 ns3042688 courier-pop3d: LOGIN FAILED, user=reception@tienda-cmt.org, ip=\[::ffff:94.102.52.44\] ...	2020-05-23 03:49:51
94.102.52.44	attackbots	May 22 13:47:30 ns3042688 courier-pop3d: LOGIN FAILED, user=support@sikla-shop.eu, ip=\[::ffff:94.102.52.44\] ...	2020-05-22 19:54:43
94.102.52.57	attack	TCP ports : 11 / 338 / 448 / 564 / 911	2020-05-22 01:22:15
94.102.52.57	attackspambots	05/20/2020-13:13:08.646937 94.102.52.57 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-05-21 01:31:46
94.102.52.44	attackbotsspam	May 20 18:50:14 ns3042688 courier-pop3d: LOGIN FAILED, user=info@tienda-cmt.com, ip=\[::ffff:94.102.52.44\] ...	2020-05-21 00:57:25

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 94.102.52.29
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33111
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;94.102.52.29.			IN	A

;; AUTHORITY SECTION:
.			577	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020031300 1800 900 604800 86400

;; Query time: 108 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Mar 13 22:55:15 CST 2020
;; MSG SIZE  rcvd: 116

HOST信息:

29.52.102.94.in-addr.arpa domain name pointer group-ib.com.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
29.52.102.94.in-addr.arpa	name = group-ib.com.

Authoritative answers can be found from:

IP	类型	评论内容	时间
23.237.4.26	attack	GET /sito/wp-includes/wlwmanifest.xml	2020-06-19 17:50:09
87.156.129.99	attackbotsspam	Invalid user bai from 87.156.129.99 port 52930	2020-06-19 17:39:09
173.194.222.26	attackspambots	SSH login attempts.	2020-06-19 17:20:58
69.47.161.24	attackspam	sshd: Failed password for invalid user .... from 69.47.161.24 port 59878 ssh2 (2 attempts)	2020-06-19 17:40:24
178.33.46.115	attack	GET /media/wp-includes/wlwmanifest.xml	2020-06-19 17:47:52
178.33.46.115	attack	GET /wp/wp-includes/wlwmanifest.xml	2020-06-19 17:46:35
27.78.14.83	attackspambots	Jun 19 10:48:42 roki sshd[4547]: refused connect from 27.78.14.83 (27.78.14.83) Jun 19 10:52:30 roki sshd[4813]: refused connect from 27.78.14.83 (27.78.14.83) Jun 19 10:54:09 roki sshd[4940]: refused connect from 27.78.14.83 (27.78.14.83) Jun 19 10:54:55 roki sshd[4994]: refused connect from 27.78.14.83 (27.78.14.83) Jun 19 11:03:37 roki sshd[5603]: refused connect from 27.78.14.83 (27.78.14.83) ...	2020-06-19 17:49:15
31.170.51.46	attackspam	(IR/Iran/-) SMTP Bruteforcing attempts	2020-06-19 17:45:49
178.33.46.115	attack	GET /sito/wp-includes/wlwmanifest.xml	2020-06-19 17:48:27
69.168.97.77	attack	SSH login attempts.	2020-06-19 17:47:50
130.61.224.236	attackbotsspam	"fail2ban match"	2020-06-19 17:31:14
31.222.13.159	attack	(PL/Poland/-) SMTP Bruteforcing attempts	2020-06-19 17:21:24
178.33.46.115	attack	GET /blog/wp-includes/wlwmanifest.xml	2020-06-19 17:45:47
212.27.42.59	attackbots	SSH login attempts.	2020-06-19 17:39:36
13.71.140.58	attackspam	Time: Fri Jun 19 04:05:24 2020 -0400 IP: 13.71.140.58 (JP/Japan/-) Failures: 30 (smtpauth) Interval: 3600 seconds Blocked: Permanent Block	2020-06-19 17:21:54

最近上报的IP列表

187.15.89.211	85.75.228.83	45.177.94.83	35.202.157.96
223.185.130.92	104.244.77.95	202.83.28.186	144.217.254.159
190.204.183.27	216.221.44.228	125.91.17.195	172.217.173.3
217.182.33.33	144.217.206.177	85.26.211.83	149.129.54.112
149.126.16.238	191.246.86.100	83.226.108.68	50.31.134.63