103.139.45.230

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Viet Nam

运营商(isp): Trung Hieu Services Trading Investment Company Limited

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	firewall-block, port(s): 3389/tcp	2019-09-06 05:39:00
attack	TCP 3389 (RDP)	2019-08-30 03:31:33

相同子网IP讨论:

IP	类型	评论内容	时间
103.139.45.122	attack	Sep 29 09:21:08 ns308116 postfix/smtpd[2008]: warning: unknown[103.139.45.122]: SASL LOGIN authentication failed: authentication failure Sep 29 09:21:08 ns308116 postfix/smtpd[2008]: warning: unknown[103.139.45.122]: SASL LOGIN authentication failed: authentication failure Sep 29 09:21:10 ns308116 postfix/smtpd[2008]: warning: unknown[103.139.45.122]: SASL LOGIN authentication failed: authentication failure Sep 29 09:21:10 ns308116 postfix/smtpd[2008]: warning: unknown[103.139.45.122]: SASL LOGIN authentication failed: authentication failure Sep 29 09:21:11 ns308116 postfix/smtpd[2008]: warning: unknown[103.139.45.122]: SASL LOGIN authentication failed: authentication failure Sep 29 09:21:11 ns308116 postfix/smtpd[2008]: warning: unknown[103.139.45.122]: SASL LOGIN authentication failed: authentication failure ...	2020-09-29 22:56:18
103.139.45.122	attack	MAIL: User Login Brute Force Attempt	2020-09-29 15:15:19
103.139.45.122	attackbotsspam	Sep 13 15:53:55 localhost postfix/smtpd\[15747\]: warning: unknown\[103.139.45.122\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 13 15:54:05 localhost postfix/smtpd\[15735\]: warning: unknown\[103.139.45.122\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 13 15:54:19 localhost postfix/smtpd\[15747\]: warning: unknown\[103.139.45.122\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 13 15:54:37 localhost postfix/smtpd\[15747\]: warning: unknown\[103.139.45.122\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 13 15:54:46 localhost postfix/smtpd\[15735\]: warning: unknown\[103.139.45.122\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-09-14 00:57:14
103.139.45.122	attack	Sep 12 20:11:56 Host-KLAX-C postfix/smtpd[146495]: lost connection after AUTH from unknown[103.139.45.122] Sep 12 20:11:59 Host-KLAX-C postfix/smtpd[146495]: lost connection after AUTH from unknown[103.139.45.122] Sep 12 20:12:02 Host-KLAX-C postfix/smtpd[146495]: lost connection after AUTH from unknown[103.139.45.122] Sep 12 20:12:05 Host-KLAX-C postfix/smtpd[146495]: lost connection after AUTH from unknown[103.139.45.122] Sep 12 20:12:07 Host-KLAX-C postfix/smtpd[146495]: lost connection after AUTH from unknown[103.139.45.122] Sep 12 20:12:09 Host-KLAX-C postfix/smtpd[146495]: lost connection after AUTH from unknown[103.139.45.122] Sep 12 20:12:12 Host-KLAX-C postfix/smtpd[146495]: lost connection after AUTH from unknown[103.139.45.122] Sep 12 20:12:14 Host-KLAX-C postfix/smtpd[146495]: lost connection after AUTH from unknown[103.139.45.122] Sep 12 20:12:15 Host-KLAX-C postfix/smtpd[146495]: lost connection after AUTH from unknown[103.139.45.122] Sep 12 20:12:17 Host-KLAX-C postfix/s ...	2020-09-13 16:47:14
103.139.45.75	attack	MAIL: User Login Brute Force Attempt	2020-09-01 00:54:36
103.139.45.244	attackbotsspam	Aug 1 14:17:47 localhost postfix/smtpd\[595\]: warning: unknown\[103.139.45.244\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 1 14:17:55 localhost postfix/smtpd\[415\]: warning: unknown\[103.139.45.244\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 1 14:18:07 localhost postfix/smtpd\[595\]: warning: unknown\[103.139.45.244\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 1 14:18:24 localhost postfix/smtpd\[595\]: warning: unknown\[103.139.45.244\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Aug 1 14:18:33 localhost postfix/smtpd\[415\]: warning: unknown\[103.139.45.244\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-08-02 01:28:50
103.139.45.129	attack	" "	2020-07-01 10:06:34
103.139.45.185	attackspambots	Unauthorized connection attempt detected from IP address 103.139.45.185 to port 3389 [T]	2020-06-09 16:34:46
103.139.45.228	attack	MultiHost/MultiPort Probe, Scan, Hack -	2020-05-25 00:39:18
103.139.45.118	attack	Fail2Ban Ban Triggered	2020-05-21 20:39:50
103.139.45.115	attackbotsspam	Scan detected 2020.05.01 21:11:22 blocked until 2020.05.26 17:42:45 by Honeypot	2020-05-02 19:09:49
103.139.45.115	attack	Spam detected 2020.05.01 21:11:28 blocked until 2020.05.26 17:42:51 by HoneyPot	2020-05-02 03:14:57
103.139.45.115	attack	2020-04-24T21:57:55.872081linuxbox-skyline auth[56146]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=web3 rhost=103.139.45.115 ...	2020-04-25 13:20:54
103.139.45.115	attackbotsspam	Port Scan: Events[2] countPorts[1]: 25 ..	2020-04-19 01:07:55
103.139.45.115	attack	abuse	2020-04-14 16:34:55

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 103.139.45.230
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42645
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;103.139.45.230.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019082901 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Aug 30 03:31:27 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

Host 230.45.139.103.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 230.45.139.103.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
182.92.151.31	attackbotsspam	2020/03/23 16:41:50 \[error\] 1507\#1507: \*33881 limiting requests, excess: 0.542 by zone "one", client: 182.92.151.31, server: default_server, request: "GET /TP/index.php HTTP/1.1", host: "81.32.230.166" ...	2020-03-24 06:18:02
223.204.223.58	attackbotsspam	20/3/23@11:42:41: FAIL: Alarm-Network address from=223.204.223.58 ...	2020-03-24 05:48:40
50.3.60.29	attack	Mar x@x Mar x@x Mar x@x Mar x@x ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=50.3.60.29	2020-03-24 05:45:01
54.37.22.90	attack	[Mon Mar 23 22:42:48.665685 2020] [:error] [pid 25305:tid 140519759939328] [client 54.37.22.90:38594] [client 54.37.22.90] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_HEADERS. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1224"] [id "920320"] [msg "Missing User Agent Header"] [severity "NOTICE"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/MISSING_HEADER_UA"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/images/Klimatologi/Prakiraan/04_Prakiraan_6_Bulanan/Prakiraan_Musim/Prakiraan_Musim_Kemarau/Provinsi_Jawa_Timur/2019/Peta_Prakiraan_Sifat_Hujan_Musim_Kemarau_Tahun_2019_Zona_Musim_di_Provinsi_Jawa_Timur.jpg"] [unique_id "XnjY@EO@yxpJrJpacVIAbQAAAtE"] ...	2020-03-24 05:43:02
14.170.216.67	attackbots	Mar 23 11:30:49 cumulus sshd[20445]: Invalid user admin from 14.170.216.67 port 48839 Mar 23 11:30:49 cumulus sshd[20445]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.170.216.67 Mar 23 11:30:50 cumulus sshd[20445]: Failed password for invalid user admin from 14.170.216.67 port 48839 ssh2 Mar 23 11:30:51 cumulus sshd[20445]: Connection closed by 14.170.216.67 port 48839 [preauth] Mar 23 11:30:54 cumulus sshd[20447]: Invalid user admin from 14.170.216.67 port 48866 Mar 23 11:30:54 cumulus sshd[20447]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.170.216.67 Mar 23 11:30:57 cumulus sshd[20447]: Failed password for invalid user admin from 14.170.216.67 port 48866 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=14.170.216.67	2020-03-24 06:13:13
49.89.249.3	attackbots	Mar 23 16:21:12 garuda postfix/smtpd[38227]: connect from unknown[49.89.249.3] Mar 23 16:21:14 garuda postfix/smtpd[38227]: warning: unknown[49.89.249.3]: SASL LOGIN authentication failed: generic failure Mar 23 16:21:14 garuda postfix/smtpd[38227]: lost connection after AUTH from unknown[49.89.249.3] Mar 23 16:21:14 garuda postfix/smtpd[38227]: disconnect from unknown[49.89.249.3] ehlo=1 auth=0/1 commands=1/2 Mar 23 16:21:42 garuda postfix/smtpd[38227]: connect from unknown[49.89.249.3] Mar 23 16:21:43 garuda postfix/smtpd[38227]: warning: unknown[49.89.249.3]: SASL LOGIN authentication failed: generic failure Mar 23 16:21:43 garuda postfix/smtpd[38227]: lost connection after AUTH from unknown[49.89.249.3] Mar 23 16:21:43 garuda postfix/smtpd[38227]: disconnect from unknown[49.89.249.3] ehlo=1 auth=0/1 commands=1/2 Mar 23 16:22:29 garuda postfix/smtpd[38227]: connect from unknown[49.89.249.3] Mar 23 16:22:35 garuda postfix/smtpd[38227]: warning: unknown[49.89.249.3]: S........ -------------------------------	2020-03-24 05:42:16
51.75.122.213	attackbotsspam	Mar 23 21:36:22 serwer sshd\[4557\]: Invalid user liyujiang from 51.75.122.213 port 57740 Mar 23 21:36:22 serwer sshd\[4557\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.122.213 Mar 23 21:36:24 serwer sshd\[4557\]: Failed password for invalid user liyujiang from 51.75.122.213 port 57740 ssh2 ...	2020-03-24 06:12:05
31.13.115.4	attackspambots	[Mon Mar 23 22:42:58.798364 2020] [:error] [pid 25293:tid 140519810295552] [client 31.13.115.4:58544] [client 31.13.115.4] ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "&REQUEST_HEADERS:Transfer-Encoding" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "202"] [id "920171"] [msg "GET or HEAD Request with Transfer-Encoding."] [data "1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/INVALID_HREQ"] [tag "CAPEC-272"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/IcoMoon.woff"] [unique_id "XnjZArdSec56q6n39A6CDQAAAAE"] ...	2020-03-24 05:37:42
95.12.101.217	attack	Automatic report - Port Scan Attack	2020-03-24 06:15:14
39.82.170.120	attackbots	Lines containing failures of 39.82.170.120 Mar 23 16:32:28 shared07 sshd[16771]: Invalid user pi from 39.82.170.120 port 51120 Mar 23 16:32:28 shared07 sshd[16771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.82.170.120 Mar 23 16:32:30 shared07 sshd[16765]: Invalid user pi from 39.82.170.120 port 4809 Mar 23 16:32:30 shared07 sshd[16765]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.82.170.120 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=39.82.170.120	2020-03-24 06:16:45
188.166.185.236	attackbots	2020-03-23T21:59:28.263058whonock.onlinehub.pt sshd[32216]: Invalid user student1 from 188.166.185.236 port 41466 2020-03-23T21:59:28.267409whonock.onlinehub.pt sshd[32216]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.185.236 2020-03-23T21:59:28.263058whonock.onlinehub.pt sshd[32216]: Invalid user student1 from 188.166.185.236 port 41466 2020-03-23T21:59:29.944664whonock.onlinehub.pt sshd[32216]: Failed password for invalid user student1 from 188.166.185.236 port 41466 ssh2 2020-03-23T22:05:29.324741whonock.onlinehub.pt sshd[32456]: Invalid user jiali from 188.166.185.236 port 46870 2020-03-23T22:05:29.328897whonock.onlinehub.pt sshd[32456]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.185.236 2020-03-23T22:05:29.324741whonock.onlinehub.pt sshd[32456]: Invalid user jiali from 188.166.185.236 port 46870 2020-03-23T22:05:31.231774whonock.onlinehub.pt sshd[32456]: Failed password for inv ...	2020-03-24 06:10:43
40.71.177.99	attack	Mar 23 19:34:40 ns382633 sshd\[22017\]: Invalid user yf from 40.71.177.99 port 38220 Mar 23 19:34:40 ns382633 sshd\[22017\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.71.177.99 Mar 23 19:34:41 ns382633 sshd\[22017\]: Failed password for invalid user yf from 40.71.177.99 port 38220 ssh2 Mar 23 19:41:12 ns382633 sshd\[23549\]: Invalid user yelei from 40.71.177.99 port 47712 Mar 23 19:41:12 ns382633 sshd\[23549\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.71.177.99	2020-03-24 06:03:05
201.52.32.249	attackspam	$f2bV_matches	2020-03-24 06:15:43
37.187.54.45	attackspam	(sshd) Failed SSH login from 37.187.54.45 (FR/France/45.ip-37-187-54.eu): 5 in the last 3600 secs	2020-03-24 05:50:53
128.201.137.252	attackbots	Fail2Ban - FTP Abuse Attempt	2020-03-24 05:49:34

最近上报的IP列表

88.250.37.191	200.54.159.123	178.62.240.29	43.254.220.13
180.168.47.238	103.90.97.197	185.165.169.152	177.161.120.32
137.59.1.236	83.103.2.58	14.177.164.39	80.30.139.227
36.7.87.130	109.184.160.174	120.29.44.211	134.73.76.198
213.14.214.229	106.12.48.30	87.202.191.63	103.95.13.216