119.132.88.49 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): ChinaNet Guangdong Province Network

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbots	Aug 8 13:14:00 georgia postfix/smtpd[6208]: connect from unknown[119.132.88.49] Aug 8 13:14:01 georgia postfix/smtpd[6208]: warning: unknown[119.132.88.49]: SASL LOGIN authentication failed: authentication failure Aug 8 13:14:01 georgia postfix/smtpd[6208]: lost connection after AUTH from unknown[119.132.88.49] Aug 8 13:14:01 georgia postfix/smtpd[6208]: disconnect from unknown[119.132.88.49] ehlo=1 auth=0/1 commands=1/2 Aug 8 13:14:02 georgia postfix/smtpd[6208]: connect from unknown[119.132.88.49] Aug 8 13:14:03 georgia postfix/smtpd[6208]: warning: unknown[119.132.88.49]: SASL LOGIN authentication failed: authentication failure Aug 8 13:14:03 georgia postfix/smtpd[6208]: lost connection after AUTH from unknown[119.132.88.49] Aug 8 13:14:03 georgia postfix/smtpd[6208]: disconnect from unknown[119.132.88.49] ehlo=1 auth=0/1 commands=1/2 Aug 8 13:14:03 georgia postfix/smtpd[6208]: connect from unknown[119.132.88.49] Aug 8 13:14:04 georgia postfix/smtpd[6208]: ........ -------------------------------	2019-08-09 04:59:10

类型

评论内容

时间

attackbots

Aug  8 13:14:00 georgia postfix/smtpd[6208]: connect from unknown[119.132.88.49]
Aug  8 13:14:01 georgia postfix/smtpd[6208]: warning: unknown[119.132.88.49]: SASL LOGIN authentication failed: authentication failure
Aug  8 13:14:01 georgia postfix/smtpd[6208]: lost connection after AUTH from unknown[119.132.88.49]
Aug  8 13:14:01 georgia postfix/smtpd[6208]: disconnect from unknown[119.132.88.49] ehlo=1 auth=0/1 commands=1/2
Aug  8 13:14:02 georgia postfix/smtpd[6208]: connect from unknown[119.132.88.49]
Aug  8 13:14:03 georgia postfix/smtpd[6208]: warning: unknown[119.132.88.49]: SASL LOGIN authentication failed: authentication failure
Aug  8 13:14:03 georgia postfix/smtpd[6208]: lost connection after AUTH from unknown[119.132.88.49]
Aug  8 13:14:03 georgia postfix/smtpd[6208]: disconnect from unknown[119.132.88.49] ehlo=1 auth=0/1 commands=1/2
Aug  8 13:14:03 georgia postfix/smtpd[6208]: connect from unknown[119.132.88.49]
Aug  8 13:14:04 georgia postfix/smtpd[6208]: ........
-------------------------------

2019-08-09 04:59:10

相同子网IP讨论:

IP	类型	评论内容	时间
119.132.88.203	attack	Unauthorized connection attempt detected from IP address 119.132.88.203 to port 6656 [T]	2020-01-27 05:55:08

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 119.132.88.49
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28313
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;119.132.88.49.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019080801 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Aug 09 04:59:02 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

Host 49.88.132.119.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 49.88.132.119.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
159.224.194.240	attackspam	Nov 25 22:01:26 vmd17057 sshd\[28334\]: Invalid user ftp_test from 159.224.194.240 port 35590 Nov 25 22:01:26 vmd17057 sshd\[28334\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.224.194.240 Nov 25 22:01:28 vmd17057 sshd\[28334\]: Failed password for invalid user ftp_test from 159.224.194.240 port 35590 ssh2 ...	2019-11-26 05:24:38
185.176.27.86	attackbots	Portscan or hack attempt detected by psad/fwsnort	2019-11-26 05:57:46
18.197.145.12	attackbotsspam	(sshd) Failed SSH login from 18.197.145.12 (DE/Germany/ec2-18-197-145-12.eu-central-1.compute.amazonaws.com): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Nov 25 18:08:50 s1 sshd[32182]: Invalid user lisa from 18.197.145.12 port 58970 Nov 25 18:08:52 s1 sshd[32182]: Failed password for invalid user lisa from 18.197.145.12 port 58970 ssh2 Nov 25 18:30:04 s1 sshd[32603]: Invalid user home from 18.197.145.12 port 44664 Nov 25 18:30:05 s1 sshd[32603]: Failed password for invalid user home from 18.197.145.12 port 44664 ssh2 Nov 25 18:33:18 s1 sshd[32644]: Invalid user hassen from 18.197.145.12 port 52386	2019-11-26 05:40:43
161.10.254.124	attackspambots	Unauthorized connection attempt from IP address 161.10.254.124 on Port 445(SMB)	2019-11-26 05:22:31
221.120.219.99	attackspam	firewall-block, port(s): 445/tcp	2019-11-26 05:51:23
112.85.42.173	attackspam	2019-11-25T21:37:46.139258shield sshd\[15484\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.85.42.173 user=root 2019-11-25T21:37:47.797245shield sshd\[15484\]: Failed password for root from 112.85.42.173 port 58215 ssh2 2019-11-25T21:37:51.492113shield sshd\[15484\]: Failed password for root from 112.85.42.173 port 58215 ssh2 2019-11-25T21:37:54.922559shield sshd\[15484\]: Failed password for root from 112.85.42.173 port 58215 ssh2 2019-11-25T21:37:57.904195shield sshd\[15484\]: Failed password for root from 112.85.42.173 port 58215 ssh2	2019-11-26 05:55:41
45.224.105.58	attack	Nov 25 15:28:32 flomail dovecot: imap-login: Disconnected (auth failed, 1 attempts in 5 secs): user=, method=PLAIN, rip=45.224.105.58, lip=10.140.194.78, TLS: Disconnected, session= Nov 25 15:28:34 flomail dovecot: imap-login: Disconnected (auth failed, 1 attempts in 5 secs): user=, method=PLAIN, rip=45.224.105.58, lip=10.140.194.78, TLS, session= Nov 25 15:33:30 flomail dovecot: imap-login: Disconnected (auth failed, 1 attempts in 5 secs): user=, method=PLAIN, rip=45.224.105.58, lip=10.140.194.78, TLS, session=	2019-11-26 05:27:31
77.246.222.190	attack	Detected By Fail2ban	2019-11-26 05:36:50
177.85.74.242	attackbots	Unauthorized connection attempt from IP address 177.85.74.242 on Port 445(SMB)	2019-11-26 05:25:51
117.50.38.202	attackspam	ssh failed login	2019-11-26 06:01:19
187.174.191.154	attackspambots	Nov 25 21:15:29 server sshd\[1322\]: Invalid user backup from 187.174.191.154 Nov 25 21:15:29 server sshd\[1322\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.174.191.154 Nov 25 21:15:31 server sshd\[1322\]: Failed password for invalid user backup from 187.174.191.154 port 33476 ssh2 Nov 25 21:23:55 server sshd\[3283\]: Invalid user rpc from 187.174.191.154 Nov 25 21:23:55 server sshd\[3283\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.174.191.154 ...	2019-11-26 05:53:10
212.0.155.98	attackbots	Unauthorized connection attempt from IP address 212.0.155.98 on Port 445(SMB)	2019-11-26 05:33:03
27.212.58.159	attackbotsspam	Unauthorized connection attempt from IP address 27.212.58.159 on Port 3389(RDP)	2019-11-26 05:21:58
50.207.119.36	attack	Unauthorized connection attempt from IP address 50.207.119.36 on Port 445(SMB)	2019-11-26 05:42:46
2.182.78.98	attack	Unauthorized connection attempt from IP address 2.182.78.98 on Port 445(SMB)	2019-11-26 05:51:01

最近上报的IP列表

11.24.90.207	238.61.21.121	248.116.247.214	248.73.177.134
95.198.129.197	141.67.220.6	78.140.29.24	30.113.116.234
108.240.38.152	76.197.236.14	110.138.150.246	70.35.47.203
72.97.138.20	79.42.62.124	80.181.113.150	173.75.175.76
159.192.223.238	49.69.171.22	39.40.90.37	175.98.155.72