154.160.4.107 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Ghana

运营商(isp): Scancom Limited

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Mobile ISP

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Oct 16 13:34:39 our-server-hostname postfix/smtpd[10902]: connect from unknown[154.160.4.107] Oct x@x Oct 16 13:34:41 our-server-hostname postfix/smtpd[10902]: lost connection after RCPT from unknown[154.160.4.107] Oct 16 13:34:41 our-server-hostname postfix/smtpd[10902]: disconnect from unknown[154.160.4.107] Oct 16 13:34:47 our-server-hostname postfix/smtpd[23393]: connect from unknown[154.160.4.107] Oct x@x Oct 16 13:34:50 our-server-hostname postfix/smtpd[23393]: lost connection after RCPT from unknown[154.160.4.107] Oct 16 13:34:50 our-server-hostname postfix/smtpd[23393]: disconnect from unknown[154.160.4.107] Oct 16 13:35:09 our-server-hostname postfix/smtpd[15333]: connect from unknown[154.160.4.107] Oct x@x Oct 16 13:35:12 our-server-hostname postfix/smtpd[15333]: lost connection after RCPT from unknown[154.160.4.107] Oct 16 13:35:12 our-server-hostname postfix/smtpd[15333]: disconnect from unknown[154.160.4.107] Oct 16 13:36:14 our-server-hostname postfix/smtp........ -------------------------------	2019-10-16 15:47:24

类型

评论内容

时间

attack

Oct 16 13:34:39 our-server-hostname postfix/smtpd[10902]: connect from unknown[154.160.4.107]
Oct x@x
Oct 16 13:34:41 our-server-hostname postfix/smtpd[10902]: lost connection after RCPT from unknown[154.160.4.107]
Oct 16 13:34:41 our-server-hostname postfix/smtpd[10902]: disconnect from unknown[154.160.4.107]
Oct 16 13:34:47 our-server-hostname postfix/smtpd[23393]: connect from unknown[154.160.4.107]
Oct x@x
Oct 16 13:34:50 our-server-hostname postfix/smtpd[23393]: lost connection after RCPT from unknown[154.160.4.107]
Oct 16 13:34:50 our-server-hostname postfix/smtpd[23393]: disconnect from unknown[154.160.4.107]
Oct 16 13:35:09 our-server-hostname postfix/smtpd[15333]: connect from unknown[154.160.4.107]
Oct x@x
Oct 16 13:35:12 our-server-hostname postfix/smtpd[15333]: lost connection after RCPT from unknown[154.160.4.107]
Oct 16 13:35:12 our-server-hostname postfix/smtpd[15333]: disconnect from unknown[154.160.4.107]
Oct 16 13:36:14 our-server-hostname postfix/smtp........
-------------------------------

2019-10-16 15:47:24

相同子网IP讨论:

IP	类型	评论内容	时间
154.160.4.96	attackspambots	HTTP wp-login.php - 154.160.4.96	2020-08-14 19:00:07

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 154.160.4.107
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51736
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;154.160.4.107.			IN	A

;; AUTHORITY SECTION:
.			59	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019101600 1800 900 604800 86400

;; Query time: 120 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Oct 16 15:47:21 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

Host 107.4.160.154.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 107.4.160.154.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
45.143.220.46	attackbotsspam	\[2019-11-06 16:10:51\] NOTICE\[2601\] chan_sip.c: Registration from '"300" \' failed for '45.143.220.46:5122' - Wrong password \[2019-11-06 16:10:51\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-06T16:10:51.577-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="300",SessionID="0x7fdf2c2fde48",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.143.220.46/5122",Challenge="589e2855",ReceivedChallenge="589e2855",ReceivedHash="91506c651077ed3c7a71f16722838119" \[2019-11-06 16:10:51\] NOTICE\[2601\] chan_sip.c: Registration from '"300" \' failed for '45.143.220.46:5122' - Wrong password \[2019-11-06 16:10:51\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-06T16:10:51.674-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="300",SessionID="0x7fdf2c17e0f8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.1	2019-11-07 05:19:49
109.226.220.205	attack	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/109.226.220.205/ AU - 1H : (38) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : AU NAME ASN : ASN31257 IP : 109.226.220.205 CIDR : 109.226.192.0/19 PREFIX COUNT : 17 UNIQUE IP COUNT : 42240 ATTACKS DETECTED ASN31257 : 1H - 1 3H - 1 6H - 1 12H - 1 24H - 1 DateTime : 2019-11-06 15:32:28 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-11-07 05:15:25
45.143.220.34	attackbotsspam	45.143.220.34 was recorded 5 times by 5 hosts attempting to connect to the following ports: 5060. Incident counter (4h, 24h, all-time): 5, 17, 44	2019-11-07 05:10:50
115.74.213.139	attackspam	Unauthorized connection attempt from IP address 115.74.213.139 on Port 445(SMB)	2019-11-07 05:15:57
139.59.5.179	attack	139.59.5.179 - - [06/Nov/2019:17:31:38 +0100] "GET /wp-login.php HTTP/1.1" 200 1238 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.5.179 - - [06/Nov/2019:17:31:45 +0100] "POST /wp-login.php HTTP/1.1" 200 1632 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.5.179 - - [06/Nov/2019:17:31:45 +0100] "GET /wp-login.php HTTP/1.1" 200 1238 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.5.179 - - [06/Nov/2019:17:31:46 +0100] "POST /wp-login.php HTTP/1.1" 200 1608 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.5.179 - - [06/Nov/2019:17:31:46 +0100] "GET /wp-login.php HTTP/1.1" 200 1238 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 139.59.5.179 - - [06/Nov/2019:17:31:47 +0100] "POST /wp-login.php HTTP/1.1" 200 1608 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-11-07 05:27:32
46.21.166.110	attackspambots	Fail2Ban Ban Triggered	2019-11-07 05:31:58
177.36.200.16	attackbotsspam	Unauthorized connection attempt from IP address 177.36.200.16 on Port 445(SMB)	2019-11-07 05:44:05
89.133.103.216	attackspam	Nov 6 21:11:46 server sshd\[13575\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=catv-89-133-103-216.catv.broadband.hu user=root Nov 6 21:11:49 server sshd\[13575\]: Failed password for root from 89.133.103.216 port 52000 ssh2 Nov 6 21:24:24 server sshd\[16591\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=catv-89-133-103-216.catv.broadband.hu user=root Nov 6 21:24:27 server sshd\[16591\]: Failed password for root from 89.133.103.216 port 50060 ssh2 Nov 6 21:28:13 server sshd\[17622\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=catv-89-133-103-216.catv.broadband.hu user=root ...	2019-11-07 05:38:02
88.255.183.34	attack	Unauthorized connection attempt from IP address 88.255.183.34 on Port 445(SMB)	2019-11-07 05:13:45
210.210.130.139	attackspam	Mail/25/465/587-993/995 Probe, Reject, BadAuth, Hack, SPAM -	2019-11-07 05:44:40
182.202.9.154	attackbotsspam	Nov 6 08:15:36 mailman postfix/smtpd[5515]: NOQUEUE: reject: RCPT from unknown[182.202.9.154]: 554 5.7.1 Service unavailable; Client host [182.202.9.154] blocked using sbl-xbl.spamhaus.org; https://www.spamhaus.org/query/ip/182.202.9.154; from= to= proto=ESMTP helo=<[182.202.9.154]> Nov 6 08:32:20 mailman postfix/smtpd[5706]: NOQUEUE: reject: RCPT from unknown[182.202.9.154]: 554 5.7.1 Service unavailable; Client host [182.202.9.154] blocked using sbl-xbl.spamhaus.org; https://www.spamhaus.org/query/ip/182.202.9.154; from= to= proto=ESMTP helo=<[182.202.9.154]>	2019-11-07 05:23:06
196.200.181.2	attackbotsspam	Automatic report - Banned IP Access	2019-11-07 05:08:58
144.217.161.22	attack	Automatic report - XMLRPC Attack	2019-11-07 05:18:00
58.210.177.15	attack	2019-11-06T18:37:06.269972abusebot-5.cloudsearch.cf sshd\[10408\]: Invalid user yjlo from 58.210.177.15 port 63799	2019-11-07 05:23:47
111.59.93.76	attackbots	scan r	2019-11-07 05:26:38

最近上报的IP列表

98.203.228.84	12.233.100.109	249.67.192.94	169.93.63.58
93.200.136.127	212.32.13.65	104.168.211.253	204.13.187.92
151.53.184.181	199.9.130.155	101.33.137.130	73.3.158.67
44.211.227.91	43.78.2.5	118.2.225.32	24.65.12.142
53.1.188.196	191.129.249.245	180.248.120.10	89.248.174.206