140.255.41.52 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): ChinaNet Shandong Province Network

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	Lines containing failures of 140.255.41.52 Jul 19 11:53:14 neweola postfix/smtpd[14944]: connect from unknown[140.255.41.52] Jul 19 11:53:16 neweola postfix/smtpd[14944]: lost connection after AUTH from unknown[140.255.41.52] Jul 19 11:53:16 neweola postfix/smtpd[14944]: disconnect from unknown[140.255.41.52] helo=1 auth=0/1 commands=1/2 Jul 19 11:53:22 neweola postfix/smtpd[14944]: connect from unknown[140.255.41.52] Jul 19 11:53:23 neweola postfix/smtpd[14944]: lost connection after AUTH from unknown[140.255.41.52] Jul 19 11:53:23 neweola postfix/smtpd[14944]: disconnect from unknown[140.255.41.52] helo=1 auth=0/1 commands=1/2 Jul 19 11:53:29 neweola postfix/smtpd[14944]: connect from unknown[140.255.41.52] Jul 19 11:53:33 neweola postfix/smtpd[14944]: lost connection after AUTH from unknown[140.255.41.52] Jul 19 11:53:33 neweola postfix/smtpd[14944]: disconnect from unknown[140.255.41.52] helo=1 auth=0/1 commands=1/2 Jul 19 11:53:35 neweola postfix/smtpd[14944]: conne........ ------------------------------	2020-07-20 05:53:43

类型

评论内容

时间

attackspambots

Lines containing failures of 140.255.41.52
Jul 19 11:53:14 neweola postfix/smtpd[14944]: connect from unknown[140.255.41.52]
Jul 19 11:53:16 neweola postfix/smtpd[14944]: lost connection after AUTH from unknown[140.255.41.52]
Jul 19 11:53:16 neweola postfix/smtpd[14944]: disconnect from unknown[140.255.41.52] helo=1 auth=0/1 commands=1/2
Jul 19 11:53:22 neweola postfix/smtpd[14944]: connect from unknown[140.255.41.52]
Jul 19 11:53:23 neweola postfix/smtpd[14944]: lost connection after AUTH from unknown[140.255.41.52]
Jul 19 11:53:23 neweola postfix/smtpd[14944]: disconnect from unknown[140.255.41.52] helo=1 auth=0/1 commands=1/2
Jul 19 11:53:29 neweola postfix/smtpd[14944]: connect from unknown[140.255.41.52]
Jul 19 11:53:33 neweola postfix/smtpd[14944]: lost connection after AUTH from unknown[140.255.41.52]
Jul 19 11:53:33 neweola postfix/smtpd[14944]: disconnect from unknown[140.255.41.52] helo=1 auth=0/1 commands=1/2
Jul 19 11:53:35 neweola postfix/smtpd[14944]: conne........
------------------------------

2020-07-20 05:53:43

相同子网IP讨论:

IP	类型	评论内容	时间
140.255.41.112	attackspam	Unauthorized connection attempt detected from IP address 140.255.41.112 to port 6656 [T]	2020-01-26 09:33:43

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 140.255.41.52
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48049
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;140.255.41.52.			IN	A

;; AUTHORITY SECTION:
.			585	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020071901 1800 900 604800 86400

;; Query time: 182 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Jul 20 05:53:40 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

Host 52.41.255.140.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 52.41.255.140.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
187.146.108.93	attack	[portscan] tcp/23 [TELNET] *(RWIN=60075)(08050931)	2019-08-05 16:48:30
118.24.30.97	attack	Aug 5 09:56:59 microserver sshd[64013]: Invalid user cms from 118.24.30.97 port 40950 Aug 5 09:56:59 microserver sshd[64013]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.30.97 Aug 5 09:57:01 microserver sshd[64013]: Failed password for invalid user cms from 118.24.30.97 port 40950 ssh2 Aug 5 10:01:13 microserver sshd[64615]: Invalid user ines from 118.24.30.97 port 49716 Aug 5 10:01:13 microserver sshd[64615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.30.97 Aug 5 10:13:39 microserver sshd[883]: Invalid user bukkit from 118.24.30.97 port 47424 Aug 5 10:13:39 microserver sshd[883]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.24.30.97 Aug 5 10:13:41 microserver sshd[883]: Failed password for invalid user bukkit from 118.24.30.97 port 47424 ssh2 Aug 5 10:17:55 microserver sshd[1533]: Invalid user kelly from 118.24.30.97 port 56174 Aug 5 10:17:55 microser	2019-08-05 16:34:01
31.196.187.69	attackspambots	port 23 attempt blocked	2019-08-05 16:18:29
73.226.185.33	attackspam	Aug 5 11:07:35 www sshd\[7313\]: Invalid user admin from 73.226.185.33Aug 5 11:07:38 www sshd\[7313\]: Failed password for invalid user admin from 73.226.185.33 port 51031 ssh2Aug 5 11:07:40 www sshd\[7313\]: Failed password for invalid user admin from 73.226.185.33 port 51031 ssh2 ...	2019-08-05 16:21:48
77.40.8.192	attack	2019-08-05T08:28:57.484778mail01 postfix/smtpd[21380]: warning: unknown[77.40.8.192]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-08-05T08:33:51.236513mail01 postfix/smtpd[12815]: warning: unknown[77.40.8.192]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-08-05T08:35:15.311323mail01 postfix/smtpd[12791]: warning: unknown[77.40.8.192]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2019-08-05 16:03:09
218.208.1.1	attackbots	[SMB remote code execution attempt: port tcp/445] *(RWIN=1024)(08050931)	2019-08-05 16:45:34
157.230.177.88	attack	Aug 5 08:46:43 mail sshd\[10258\]: Failed password for invalid user msimon from 157.230.177.88 port 40940 ssh2 Aug 5 09:04:45 mail sshd\[10504\]: Invalid user jian from 157.230.177.88 port 50770 ...	2019-08-05 16:05:56
5.200.58.90	attack	[portscan] Port scan	2019-08-05 16:38:50
2.136.131.36	attackbots	Aug 5 09:43:34 OPSO sshd\[20373\]: Invalid user mmy from 2.136.131.36 port 35310 Aug 5 09:43:34 OPSO sshd\[20373\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.136.131.36 Aug 5 09:43:36 OPSO sshd\[20373\]: Failed password for invalid user mmy from 2.136.131.36 port 35310 ssh2 Aug 5 09:48:12 OPSO sshd\[20789\]: Invalid user hbase from 2.136.131.36 port 54214 Aug 5 09:48:12 OPSO sshd\[20789\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.136.131.36	2019-08-05 15:57:44
104.131.7.48	attack	Aug 5 10:35:49 srv-4 sshd\[2066\]: Invalid user backupadmin from 104.131.7.48 Aug 5 10:35:49 srv-4 sshd\[2066\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.7.48 Aug 5 10:35:51 srv-4 sshd\[2066\]: Failed password for invalid user backupadmin from 104.131.7.48 port 34523 ssh2 ...	2019-08-05 16:16:57
103.60.108.134	attack	[SMB remote code execution attempt: port tcp/445] *(RWIN=1024)(08050931)	2019-08-05 16:51:56
194.190.53.6	attack	[portscan] tcp/23 [TELNET] *(RWIN=12940)(08050931)	2019-08-05 16:47:39
5.107.155.6	attack	port 23 attempt blocked	2019-08-05 16:25:01
185.220.101.31	attack	Aug 5 09:48:53 lnxweb61 sshd[12650]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.101.31	2019-08-05 16:12:31
115.216.155.31	attackspambots	port scan and connect, tcp 23 (telnet)	2019-08-05 16:06:31

最近上报的IP列表

61.129.51.29	47.246.50.132	13.209.66.137	46.165.169.252
207.5.114.106	163.172.212.138	27.157.163.78	223.157.186.36
79.222.193.136	64.206.126.207	195.178.78.197	107.62.66.50
109.26.167.111	159.244.190.43	199.131.154.205	206.171.182.104
152.253.77.205	152.136.149.160	232.217.191.85	45.67.15.102