103.55.2.201 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Thailand

运营商(isp): True Internet Data Center - Thailand

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	Mar 3 09:53:24 Ubuntu-1404-trusty-64-minimal sshd\[14597\]: Invalid user www from 103.55.2.201 Mar 3 09:53:24 Ubuntu-1404-trusty-64-minimal sshd\[14597\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.2.201 Mar 3 09:53:26 Ubuntu-1404-trusty-64-minimal sshd\[14597\]: Failed password for invalid user www from 103.55.2.201 port 48480 ssh2 Mar 3 09:57:22 Ubuntu-1404-trusty-64-minimal sshd\[17072\]: Invalid user admin from 103.55.2.201 Mar 3 09:57:22 Ubuntu-1404-trusty-64-minimal sshd\[17072\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.2.201	2020-03-03 18:43:35

类型

评论内容

时间

attackspambots

Mar  3 09:53:24 Ubuntu-1404-trusty-64-minimal sshd\[14597\]: Invalid user www from 103.55.2.201
Mar  3 09:53:24 Ubuntu-1404-trusty-64-minimal sshd\[14597\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.2.201
Mar  3 09:53:26 Ubuntu-1404-trusty-64-minimal sshd\[14597\]: Failed password for invalid user www from 103.55.2.201 port 48480 ssh2
Mar  3 09:57:22 Ubuntu-1404-trusty-64-minimal sshd\[17072\]: Invalid user admin from 103.55.2.201
Mar  3 09:57:22 Ubuntu-1404-trusty-64-minimal sshd\[17072\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.55.2.201

2020-03-03 18:43:35

相同子网IP讨论:

IP	类型	评论内容	时间
103.55.214.175	attackbots	Unauthorized connection attempt from IP address 103.55.214.175 on Port 445(SMB)	2020-06-06 17:37:41
103.55.215.49	attackbotsspam	Unauthorized connection attempt from IP address 103.55.215.49 on Port 445(SMB)	2020-03-09 08:27:27
103.55.245.142	attack	Automatic report - Port Scan Attack	2020-03-06 19:48:30
103.55.215.195	attackspambots	Honeypot attack, port: 445, PTR: PTR record not found	2020-03-04 23:56:30
103.55.244.62	attackbots	Unauthorized connection attempt from IP address 103.55.244.62 on Port 445(SMB)	2020-02-22 18:52:27
103.55.215.134	attackbots	Autoban 103.55.215.134 AUTH/CONNECT	2019-11-18 18:11:02
103.55.244.14	attackbots	Autoban 103.55.244.14 AUTH/CONNECT	2019-11-18 18:10:33
103.55.214.3	attackbotsspam	port scan and connect, tcp 80 (http)	2019-11-03 20:55:05
103.55.24.118	attackspambots	[SatOct1905:49:54.6731982019][:error][pid18333:tid139811838981888][client103.55.24.118:26028][client103.55.24.118]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch"$\?:\\\\\\\\\(chr\?\\\\\\\\\(\?[0-9]{1\,3}\?\\\\\\\\$\\|\?=\?f$\?:open\\|write$\?\\\\\\\\$\\|\\\\\\\\b\(\?:passthru\\|serialize\\|php_uname\\|phpinfo\\|shell_exec\\|preg_\\\\\\\\w \\|mysql_query\\|exec\\|eval\\|base64_decode\\|decode_base64\\|rot13\\|base64_url_decode\\|gz\(\?:inflate\\|decode\\|uncompress$\\|strrev\\|zlib_\\\\\\\\w \)\\\\\\\\b\?\(\?..."atARGS:admin.[file"/usr/local/apache.ea3/conf/modsec_rules/10_asl_rules.conf"][line"767"][id"340095"][rev"53"][msg"Atomicorp.comWAFRules:AttackBlocked-PHPfunctioninArgument-thismaybeanattack."][data"die\(@md5\,ARGS:admin"][severity"CRITICAL"][hostname"148.251.104.76"][uri"/4c68fb94/admin.php"][unique_id"XaqH4kgdLaSYISOp9B0W7wAAAQ0"][SatOct1905:49:55.2760862019][:error][pid18333:tid139811891431168][client103.55.24.118:26265][client103.55.24.118]ModSecurity:Accessdeniedwithcode403\(ph	2019-10-19 17:10:37
103.55.215.134	attackspam	Unauthorized IMAP connection attempt	2019-10-15 15:00:33
103.55.215.49	attackspambots	Unauthorized connection attempt from IP address 103.55.215.49 on Port 445(SMB)	2019-08-14 14:25:27
103.55.214.12	attackbotsspam	[SMB remote code execution attempt: port tcp/445] *(RWIN=8192)(08050931)	2019-08-05 17:09:52
103.55.24.137	attack	https://hastebin.com/abediketub.bash	2019-06-26 23:30:22

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 103.55.2.201
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41036
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;103.55.2.201.			IN	A

;; AUTHORITY SECTION:
.			393	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020030202 1800 900 604800 86400

;; Query time: 101 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Mar 03 18:43:32 CST 2020
;; MSG SIZE  rcvd: 116

HOST信息:

Host 201.2.55.103.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 201.2.55.103.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
49.88.112.77	attackspam	2019-09-02T15:26:14.429290abusebot-3.cloudsearch.cf sshd\[30694\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.77 user=root	2019-09-03 03:56:02
192.99.7.175	attackspam	Sep 2 21:38:17 mail postfix/smtpd\[11047\]: warning: unknown\[192.99.7.175\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Sep 2 21:38:23 mail postfix/smtpd\[9751\]: warning: unknown\[192.99.7.175\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Sep 2 21:38:33 mail postfix/smtpd\[8881\]: warning: unknown\[192.99.7.175\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6\ Sep 2 21:38:43 mail postfix/smtpd\[9751\]: warning: unknown\[192.99.7.175\]: SASL LOGIN authentication failed: Connection lost to authentication server\	2019-09-03 03:43:50
141.98.9.42	attackspam	Sep 2 21:38:31 mail postfix/smtpd\[13052\]: warning: unknown\[141.98.9.42\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 2 21:39:40 mail postfix/smtpd\[6696\]: warning: unknown\[141.98.9.42\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 2 21:40:49 mail postfix/smtpd\[14805\]: warning: unknown\[141.98.9.42\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2019-09-03 03:47:24
190.13.173.67	attack	Sep 2 17:24:24 mail sshd\[5431\]: Invalid user petru123 from 190.13.173.67 port 58094 Sep 2 17:24:24 mail sshd\[5431\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.13.173.67 Sep 2 17:24:26 mail sshd\[5431\]: Failed password for invalid user petru123 from 190.13.173.67 port 58094 ssh2 Sep 2 17:30:08 mail sshd\[6308\]: Invalid user 123456 from 190.13.173.67 port 46840 Sep 2 17:30:08 mail sshd\[6308\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.13.173.67	2019-09-03 03:44:25
73.62.227.92	attack	Automatic report - Banned IP Access	2019-09-03 03:54:21
165.22.110.16	attackspam	2019-09-02T13:14:25.619826abusebot-2.cloudsearch.cf sshd\[27805\]: Invalid user derrick from 165.22.110.16 port 44048	2019-09-03 04:14:03
120.52.9.102	attackspam	2019-09-02T14:21:27.157773Z d03a9bf5b5b2 New connection: 120.52.9.102:24454 (172.17.0.2:2222) [session: d03a9bf5b5b2] 2019-09-02T14:37:08.954769Z 3e6c32c917f2 New connection: 120.52.9.102:4514 (172.17.0.2:2222) [session: 3e6c32c917f2]	2019-09-03 03:52:38
39.61.36.49	attack	445/tcp [2019-09-02]1pkt	2019-09-03 03:41:28
141.98.9.195	attack	Sep 2 21:39:02 mail postfix/smtpd\[14805\]: warning: unknown\[141.98.9.195\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 2 21:40:11 mail postfix/smtpd\[13053\]: warning: unknown\[141.98.9.195\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 2 21:41:22 mail postfix/smtpd\[13045\]: warning: unknown\[141.98.9.195\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2019-09-03 03:46:48
159.148.4.235	attackspam	Sep 2 19:51:57 ip-172-31-1-72 sshd\[19466\]: Invalid user public from 159.148.4.235 Sep 2 19:51:57 ip-172-31-1-72 sshd\[19466\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.148.4.235 Sep 2 19:51:58 ip-172-31-1-72 sshd\[19466\]: Failed password for invalid user public from 159.148.4.235 port 51306 ssh2 Sep 2 19:55:49 ip-172-31-1-72 sshd\[19545\]: Invalid user kp from 159.148.4.235 Sep 2 19:55:49 ip-172-31-1-72 sshd\[19545\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.148.4.235	2019-09-03 03:58:41
34.221.170.50	attackspambots	xmlrpc attack	2019-09-03 04:31:18
50.239.143.100	attack	Sep 2 06:20:59 tdfoods sshd\[5687\]: Invalid user applmgr1 from 50.239.143.100 Sep 2 06:20:59 tdfoods sshd\[5687\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.239.143.100 Sep 2 06:21:01 tdfoods sshd\[5687\]: Failed password for invalid user applmgr1 from 50.239.143.100 port 53070 ssh2 Sep 2 06:25:18 tdfoods sshd\[6807\]: Invalid user 1qazse4 from 50.239.143.100 Sep 2 06:25:18 tdfoods sshd\[6807\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.239.143.100	2019-09-03 04:35:01
68.183.115.83	attackspambots	Sep 2 15:10:22 minden010 sshd[1195]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.115.83 Sep 2 15:10:24 minden010 sshd[1195]: Failed password for invalid user valerie from 68.183.115.83 port 40008 ssh2 Sep 2 15:14:16 minden010 sshd[4491]: Failed password for root from 68.183.115.83 port 55076 ssh2 ...	2019-09-03 03:42:31
54.39.99.184	attackbots	Sep 2 19:38:08 mail sshd\[28502\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.39.99.184 Sep 2 19:38:09 mail sshd\[28502\]: Failed password for invalid user stefan from 54.39.99.184 port 29366 ssh2 Sep 2 19:41:57 mail sshd\[29174\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.39.99.184 user=root Sep 2 19:41:59 mail sshd\[29174\]: Failed password for root from 54.39.99.184 port 11004 ssh2 Sep 2 19:46:01 mail sshd\[29811\]: Invalid user lucio from 54.39.99.184 port 56186	2019-09-03 03:51:01
179.125.62.198	attackbots	$f2bV_matches	2019-09-03 04:04:41

最近上报的IP列表

72.239.31.158	103.81.87.90	234.230.17.205	83.69.139.190
195.158.29.222	80.252.137.26	2.86.24.131	143.202.113.110
142.93.122.58	79.101.59.104	193.56.28.82	70.57.57.25
103.227.118.88	201.190.176.108	118.111.219.163	187.178.227.201
123.205.134.90	182.232.53.141	162.223.94.9	180.245.109.232