138.0.254.40 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Brazil

运营商(isp): Assunet Ltda - ME

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Fixed Line ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	Jun 16 08:34:52 mail.srvfarm.net postfix/smtps/smtpd[1063772]: warning: unknown[138.0.254.40]: SASL PLAIN authentication failed: Jun 16 08:34:52 mail.srvfarm.net postfix/smtps/smtpd[1063772]: lost connection after AUTH from unknown[138.0.254.40] Jun 16 08:38:49 mail.srvfarm.net postfix/smtpd[1067539]: lost connection after CONNECT from unknown[138.0.254.40] Jun 16 08:44:09 mail.srvfarm.net postfix/smtpd[1072325]: warning: unknown[138.0.254.40]: SASL PLAIN authentication failed: Jun 16 08:44:10 mail.srvfarm.net postfix/smtpd[1072325]: lost connection after AUTH from unknown[138.0.254.40]	2020-06-16 17:25:01

类型

评论内容

时间

attackspam

Jun 16 08:34:52 mail.srvfarm.net postfix/smtps/smtpd[1063772]: warning: unknown[138.0.254.40]: SASL PLAIN authentication failed: 
Jun 16 08:34:52 mail.srvfarm.net postfix/smtps/smtpd[1063772]: lost connection after AUTH from unknown[138.0.254.40]
Jun 16 08:38:49 mail.srvfarm.net postfix/smtpd[1067539]: lost connection after CONNECT from unknown[138.0.254.40]
Jun 16 08:44:09 mail.srvfarm.net postfix/smtpd[1072325]: warning: unknown[138.0.254.40]: SASL PLAIN authentication failed: 
Jun 16 08:44:10 mail.srvfarm.net postfix/smtpd[1072325]: lost connection after AUTH from unknown[138.0.254.40]

2020-06-16 17:25:01

相同子网IP讨论:

IP	类型	评论内容	时间
138.0.254.130	attackspam	Sep 29 10:45:03 host postfix/smtps/smtpd\[2999\]: warning: unknown\[138.0.254.130\]: SASL PLAIN authentication failed:	2020-09-30 01:49:30
138.0.254.130	attackbotsspam	Sep 29 10:45:03 host postfix/smtps/smtpd\[2999\]: warning: unknown\[138.0.254.130\]: SASL PLAIN authentication failed:	2020-09-29 17:49:21
138.0.254.182	attackbots	Unauthorized connection attempt from IP address 138.0.254.182 on Port 465(SMTPS)	2020-08-31 22:57:30
138.0.254.204	attack	(smtpauth) Failed SMTP AUTH login from 138.0.254.204 (BR/Brazil/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2020-07-28 08:22:26 plain authenticator failed for ([138.0.254.204]) [138.0.254.204]: 535 Incorrect authentication data (set_id=adabavazeh@nazeranyekta.com)	2020-07-28 16:55:56
138.0.254.204	attack	Brute force attempt	2020-07-25 15:29:58
138.0.254.65	attackspam	138.0.254.65 (BR/Brazil/-), 10 distributed smtpauth attacks on account [info] in the last 3600 secs; ID: DAN	2020-07-08 02:01:53
138.0.254.73	attackspambots	Brute force attempt	2020-06-07 17:48:11
138.0.254.111	attackspam	Unauthorized SMTP/IMAP/POP3 connection attempt	2019-09-11 13:10:38
138.0.254.103	attackspambots	$f2bV_matches	2019-09-02 23:12:01
138.0.254.41	attack	failed_logins	2019-08-30 01:57:54
138.0.254.174	attackspam	Excessive failed login attempts on port 587	2019-08-27 19:13:28

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.0.254.40
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 56397
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.0.254.40.			IN	A

;; AUTHORITY SECTION:
.			119	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020061600 1800 900 604800 86400

;; Query time: 116 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Jun 16 17:24:55 CST 2020
;; MSG SIZE  rcvd: 116

HOST信息:

Host 40.254.0.138.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 40.254.0.138.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
179.191.68.86	attackspambots	Aug 3 16:35:11 Host-KEWR-E sshd[21074]: Disconnected from invalid user root 179.191.68.86 port 57143 [preauth] ...	2020-08-04 06:38:45
193.254.135.252	attackbots	Cowrie Honeypot: 3 unauthorised SSH/Telnet login attempts between 2020-08-03T20:44:55Z and 2020-08-03T20:53:30Z	2020-08-04 06:56:02
81.213.113.89	attack	1596486921 - 08/03/2020 22:35:21 Host: 81.213.113.89/81.213.113.89 Port: 445 TCP Blocked	2020-08-04 06:32:44
175.19.30.46	attackspam	Banned for a week because repeated abuses, for example SSH, but not only	2020-08-04 06:45:48
51.81.122.145	attackbotsspam	Fail2Ban Ban Triggered	2020-08-04 06:26:37
91.241.59.47	attack	Aug 3 21:59:59 localhost sshd[17624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.59.47 user=root Aug 3 22:00:00 localhost sshd[17624]: Failed password for root from 91.241.59.47 port 40746 ssh2 Aug 3 22:03:55 localhost sshd[18086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.59.47 user=root Aug 3 22:03:57 localhost sshd[18086]: Failed password for root from 91.241.59.47 port 42650 ssh2 Aug 3 22:07:51 localhost sshd[18516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.241.59.47 user=root Aug 3 22:07:53 localhost sshd[18516]: Failed password for root from 91.241.59.47 port 44554 ssh2 ...	2020-08-04 06:48:17
118.89.30.90	attackbots	(sshd) Failed SSH login from 118.89.30.90 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Aug 4 01:25:17 s1 sshd[557]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.89.30.90 user=root Aug 4 01:25:19 s1 sshd[557]: Failed password for root from 118.89.30.90 port 44596 ssh2 Aug 4 01:42:27 s1 sshd[1119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.89.30.90 user=root Aug 4 01:42:30 s1 sshd[1119]: Failed password for root from 118.89.30.90 port 60742 ssh2 Aug 4 01:48:13 s1 sshd[1271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.89.30.90 user=root	2020-08-04 06:49:56
218.92.0.208	attackbotsspam	Aug 4 00:32:49 eventyay sshd[31612]: Failed password for root from 218.92.0.208 port 47479 ssh2 Aug 4 00:32:51 eventyay sshd[31612]: Failed password for root from 218.92.0.208 port 47479 ssh2 Aug 4 00:32:54 eventyay sshd[31612]: Failed password for root from 218.92.0.208 port 47479 ssh2 ...	2020-08-04 06:53:07
178.32.124.62	attackbots	2020-08-03 17:41:48.556873-0500 localhost sshd[10322]: Failed password for sshd from 178.32.124.62 port 35202 ssh2	2020-08-04 06:47:50
123.188.212.207	attackspambots	Unauthorised access (Aug 3) SRC=123.188.212.207 LEN=40 TTL=46 ID=56018 TCP DPT=8080 WINDOW=3629 SYN Unauthorised access (Aug 3) SRC=123.188.212.207 LEN=40 TTL=46 ID=49819 TCP DPT=8080 WINDOW=39924 SYN Unauthorised access (Aug 3) SRC=123.188.212.207 LEN=40 TTL=46 ID=8814 TCP DPT=8080 WINDOW=3629 SYN Unauthorised access (Aug 3) SRC=123.188.212.207 LEN=40 TTL=46 ID=62176 TCP DPT=8080 WINDOW=3629 SYN	2020-08-04 06:58:15
36.111.181.248	attack	Aug 3 22:20:04 hidden sshd[2928]: Failed password for hidden from 36.111.181.248 port 57708 ssh2 Aug 3 22:35:13 hidden sshd[6300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.111.181.248 user=root Aug 3 22:35:15 hidden sshd[6300]: Failed password for hidden from 36.111.181.248 port 44154 ssh2	2020-08-04 06:35:44
79.137.33.20	attackspam	prod6 ...	2020-08-04 06:46:43
60.12.84.190	attack	(imapd) Failed IMAP login from 60.12.84.190 (CN/China/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: Aug 4 01:05:02 ir1 dovecot[3110802]: imap-login: Disconnected (auth failed, 1 attempts in 6 secs): user=, method=PLAIN, rip=60.12.84.190, lip=5.63.12.44, TLS, session=	2020-08-04 06:44:26
183.171.66.15	attackspambots	1596486910 - 08/03/2020 22:35:10 Host: 183.171.66.15/183.171.66.15 Port: 445 TCP Blocked	2020-08-04 06:41:30
80.211.177.143	attack	$f2bV_matches	2020-08-04 06:44:03

最近上报的IP列表

185.215.229.121	179.189.105.114	177.154.237.141	177.154.236.224
177.74.181.26	170.239.43.87	83.167.165.190	103.198.80.50
94.246.169.55	93.99.159.20	91.246.210.39	91.204.153.138
87.204.166.58	78.8.160.28	46.23.140.18	41.139.11.35
221.207.235.210	94.60.243.214	78.23.38.213	58.16.136.126