125.117.214.145

基本信息:

城市(city): Yiwu

省份(region): Zhejiang

国家(country): China

运营商(isp): ChinaNet Zhejiang Province Network

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	2019-11-11 16:42:37 dovecot_login authenticator failed for (Gi7K1dx) [125.117.214.145]:65481 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=hkcdtsradxes@lerctr.org) 2019-11-11 16:42:45 dovecot_login authenticator failed for (5GyqZS0QbL) [125.117.214.145]:49507 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=hkcdtsradxes@lerctr.org) 2019-11-11 16:42:56 dovecot_login authenticator failed for (TfB5PPf16) [125.117.214.145]:50087 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=hkcdtsradxes@lerctr.org) ...	2019-11-12 07:54:02

类型

评论内容

时间

attack

2019-11-11 16:42:37 dovecot_login authenticator failed for (Gi7K1dx) [125.117.214.145]:65481 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=hkcdtsradxes@lerctr.org)
2019-11-11 16:42:45 dovecot_login authenticator failed for (5GyqZS0QbL) [125.117.214.145]:49507 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=hkcdtsradxes@lerctr.org)
2019-11-11 16:42:56 dovecot_login authenticator failed for (TfB5PPf16) [125.117.214.145]:50087 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=hkcdtsradxes@lerctr.org)
...

2019-11-12 07:54:02

相同子网IP讨论:

IP	类型	评论内容	时间
125.117.214.203	attackbotsspam	Nov 20 07:12:47 xzibhostname postfix/smtpd[13477]: connect from unknown[125.117.214.203] Nov 20 07:12:47 xzibhostname postfix/smtpd[13477]: warning: unknown[125.117.214.203]: SASL LOGIN authentication failed: authentication failure Nov 20 07:12:48 xzibhostname postfix/smtpd[13477]: lost connection after AUTH from unknown[125.117.214.203] Nov 20 07:12:48 xzibhostname postfix/smtpd[13477]: disconnect from unknown[125.117.214.203] Nov 20 07:12:48 xzibhostname postfix/smtpd[17930]: connect from unknown[125.117.214.203] Nov 20 07:12:49 xzibhostname postfix/smtpd[17930]: warning: unknown[125.117.214.203]: SASL LOGIN authentication failed: authentication failure Nov 20 07:12:50 xzibhostname postfix/smtpd[17930]: lost connection after AUTH from unknown[125.117.214.203] Nov 20 07:12:50 xzibhostname postfix/smtpd[17930]: disconnect from unknown[125.117.214.203] Nov 20 07:12:51 xzibhostname postfix/smtpd[13477]: connect from unknown[125.117.214.203] Nov 20 07:12:52 xzibhostname po........ -------------------------------	2019-11-20 19:09:33

类型

评论内容

时间

125.117.214.203

attackbotsspam

Nov 20 07:12:47 xzibhostname postfix/smtpd[13477]: connect from unknown[125.117.214.203]
Nov 20 07:12:47 xzibhostname postfix/smtpd[13477]: warning: unknown[125.117.214.203]: SASL LOGIN authentication failed: authentication failure
Nov 20 07:12:48 xzibhostname postfix/smtpd[13477]: lost connection after AUTH from unknown[125.117.214.203]
Nov 20 07:12:48 xzibhostname postfix/smtpd[13477]: disconnect from unknown[125.117.214.203]
Nov 20 07:12:48 xzibhostname postfix/smtpd[17930]: connect from unknown[125.117.214.203]
Nov 20 07:12:49 xzibhostname postfix/smtpd[17930]: warning: unknown[125.117.214.203]: SASL LOGIN authentication failed: authentication failure
Nov 20 07:12:50 xzibhostname postfix/smtpd[17930]: lost connection after AUTH from unknown[125.117.214.203]
Nov 20 07:12:50 xzibhostname postfix/smtpd[17930]: disconnect from unknown[125.117.214.203]
Nov 20 07:12:51 xzibhostname postfix/smtpd[13477]: connect from unknown[125.117.214.203]
Nov 20 07:12:52 xzibhostname po........
-------------------------------

2019-11-20 19:09:33

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 125.117.214.145
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40661
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;125.117.214.145.		IN	A

;; AUTHORITY SECTION:
.			367	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019111101 1800 900 604800 86400

;; Query time: 65 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Nov 12 07:53:59 CST 2019
;; MSG SIZE  rcvd: 119

HOST信息:

Host 145.214.117.125.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 145.214.117.125.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
186.151.18.213	attackspambots	2019-12-23T07:40:15.024612suse-nuc sshd[2783]: Invalid user salvini from 186.151.18.213 port 38918 ...	2020-01-21 07:38:27
77.247.108.243	attackbots	firewall-block, port(s): 6161/udp	2020-01-21 07:37:41
186.233.212.10	attackbotsspam	2019-11-24T04:27:51.718851suse-nuc sshd[6364]: Invalid user 666666 from 186.233.212.10 port 2245 ...	2020-01-21 07:25:49
185.209.0.12	attackbots	2019-11-04T09:18:28.607107-07:00 suse-nuc sshd[27033]: Bad protocol version identification '\003' from 185.209.0.12 port 2107 ...	2020-01-21 07:07:52
186.215.87.170	attack	2019-12-09T20:38:28.695443suse-nuc sshd[32229]: Invalid user bernard from 186.215.87.170 port 42467 ...	2020-01-21 07:27:22
186.24.43.28	attack	2020-01-11T08:52:31.538735suse-nuc sshd[28284]: Invalid user jupyter from 186.24.43.28 port 59289 ...	2020-01-21 07:24:18
221.227.85.240	attackbotsspam	Dictionary attack on login resource with vulnerable usernames.	2020-01-21 07:26:58
124.113.218.251	attackspam	Jan 20 22:09:51 grey postfix/smtpd\[21928\]: NOQUEUE: reject: RCPT from unknown\[124.113.218.251\]: 554 5.7.1 Service unavailable\; Client host \[124.113.218.251\] blocked using cbl.abuseat.org\; Blocked - see http://www.abuseat.org/lookup.cgi\?ip=124.113.218.251\; from=\ to=\ proto=ESMTP helo=\ ...	2020-01-21 07:42:23
186.139.21.29	attack	2019-12-15T04:04:50.625520suse-nuc sshd[6692]: Invalid user squid from 186.139.21.29 port 56460 ...	2020-01-21 07:41:21
24.95.181.4	attack	Unauthorized connection attempt detected from IP address 24.95.181.4 to port 22 [J]	2020-01-21 07:37:00
187.0.221.222	attackspam	2019-09-22T18:52:41.513812suse-nuc sshd[12670]: Invalid user nextcloud from 187.0.221.222 port 21350 ...	2020-01-21 07:12:02
186.122.149.85	attackspambots	2019-09-18T20:10:11.581620suse-nuc sshd[23998]: Invalid user jkamande from 186.122.149.85 port 43332 ...	2020-01-21 07:45:22
167.99.140.14	attackspam	400 BAD REQUEST	2020-01-21 07:23:08
222.186.30.35	attack	01/20/2020-18:07:24.050693 222.186.30.35 Protocol: 6 ET SCAN Potential SSH Scan	2020-01-21 07:10:51
185.176.27.170	attackbotsspam	01/21/2020-00:13:20.577498 185.176.27.170 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2020-01-21 07:29:25

最近上报的IP列表

91.243.104.118	137.166.119.145	91.105.180.154	74.70.83.242
220.211.14.166	47.127.54.81	154.20.61.39	36.75.141.7
147.170.165.5	227.158.7.44	247.91.35.146	11.120.2.243
36.102.214.71	85.215.194.17	116.195.121.92	144.155.235.34
133.36.111.170	146.215.201.28	216.21.121.34	114.30.224.46