159.138.20.247

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Singapore

运营商(isp): Huawei International Pte Ltd

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackbotsspam	Automatic report - Banned IP Access	2019-10-11 01:30:07

相同子网IP讨论:

IP	类型	评论内容	时间
159.138.201.61	attack	May 7 17:17:03 vserver sshd\[10164\]: Invalid user cynthia from 159.138.201.61May 7 17:17:05 vserver sshd\[10164\]: Failed password for invalid user cynthia from 159.138.201.61 port 51946 ssh2May 7 17:20:43 vserver sshd\[10199\]: Invalid user connor from 159.138.201.61May 7 17:20:46 vserver sshd\[10199\]: Failed password for invalid user connor from 159.138.201.61 port 60620 ssh2 ...	2020-05-08 00:38:53
159.138.201.61	attack	May 4 00:14:33 zn008 sshd[12682]: Address 159.138.201.61 maps to ecs-159-138-201-61.compute.hwclouds-dns.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! May 4 00:14:33 zn008 sshd[12682]: Invalid user zhangyong from 159.138.201.61 May 4 00:14:33 zn008 sshd[12682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.138.201.61 May 4 00:14:34 zn008 sshd[12682]: Failed password for invalid user zhangyong from 159.138.201.61 port 49662 ssh2 May 4 00:14:34 zn008 sshd[12682]: Received disconnect from 159.138.201.61: 11: Bye Bye [preauth] May 4 00:21:08 zn008 sshd[13521]: Address 159.138.201.61 maps to ecs-159-138-201-61.compute.hwclouds-dns.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! May 4 00:21:08 zn008 sshd[13521]: Invalid user thomas from 159.138.201.61 May 4 00:21:08 zn008 sshd[13521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser=........ -------------------------------	2020-05-04 08:49:58

类型

评论内容

时间

159.138.201.61

attack

May  7 17:17:03 vserver sshd\[10164\]: Invalid user cynthia from 159.138.201.61May  7 17:17:05 vserver sshd\[10164\]: Failed password for invalid user cynthia from 159.138.201.61 port 51946 ssh2May  7 17:20:43 vserver sshd\[10199\]: Invalid user connor from 159.138.201.61May  7 17:20:46 vserver sshd\[10199\]: Failed password for invalid user connor from 159.138.201.61 port 60620 ssh2
...

2020-05-08 00:38:53

159.138.201.61

attack

May  4 00:14:33 zn008 sshd[12682]: Address 159.138.201.61 maps to ecs-159-138-201-61.compute.hwclouds-dns.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
May  4 00:14:33 zn008 sshd[12682]: Invalid user zhangyong from 159.138.201.61
May  4 00:14:33 zn008 sshd[12682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.138.201.61 
May  4 00:14:34 zn008 sshd[12682]: Failed password for invalid user zhangyong from 159.138.201.61 port 49662 ssh2
May  4 00:14:34 zn008 sshd[12682]: Received disconnect from 159.138.201.61: 11: Bye Bye [preauth]
May  4 00:21:08 zn008 sshd[13521]: Address 159.138.201.61 maps to ecs-159-138-201-61.compute.hwclouds-dns.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
May  4 00:21:08 zn008 sshd[13521]: Invalid user thomas from 159.138.201.61
May  4 00:21:08 zn008 sshd[13521]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser=........
-------------------------------

2020-05-04 08:49:58

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 159.138.20.247
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24749
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;159.138.20.247.			IN	A

;; AUTHORITY SECTION:
.			491	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019101000 1800 900 604800 86400

;; Query time: 298 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Oct 11 01:30:05 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

247.20.138.159.in-addr.arpa domain name pointer ecs-159-138-20-247.compute.hwclouds-dns.com.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
247.20.138.159.in-addr.arpa	name = ecs-159-138-20-247.compute.hwclouds-dns.com.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
92.190.153.246	attackbots	Jul 26 07:01:03 giegler sshd[6451]: Invalid user gs from 92.190.153.246 port 55720	2019-07-26 13:10:00
185.242.190.98	attackspam	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-25 22:38:03,208 INFO [amun_request_handler] PortScan Detected on Port: 445 (185.242.190.98)	2019-07-26 13:20:51
185.254.122.8	attack	" "	2019-07-26 12:51:21
41.230.89.162	attackspam	Jul 26 02:02:34 srv-4 sshd\[31255\]: Invalid user admin from 41.230.89.162 Jul 26 02:02:34 srv-4 sshd\[31255\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.230.89.162 Jul 26 02:02:36 srv-4 sshd\[31255\]: Failed password for invalid user admin from 41.230.89.162 port 56817 ssh2 ...	2019-07-26 13:11:24
51.15.58.201	attackbotsspam	ssh failed login	2019-07-26 13:13:49
92.118.37.74	attack	Jul 26 05:14:32 mail kernel: [4615912.208432] [UFW BLOCK] IN=eth0 OUT= MAC=fa:16:3e:d3:64:42:4c:5e:0c:c9:30:5f:08:00 SRC=92.118.37.74 DST=185.101.93.72 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=44136 PROTO=TCP SPT=46525 DPT=56885 WINDOW=1024 RES=0x00 SYN URGP=0 Jul 26 05:16:40 mail kernel: [4616039.499638] [UFW BLOCK] IN=eth0 OUT= MAC=fa:16:3e:d3:64:42:4c:5e:0c:c9:30:5f:08:00 SRC=92.118.37.74 DST=185.101.93.72 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=59988 PROTO=TCP SPT=46525 DPT=21953 WINDOW=1024 RES=0x00 SYN URGP=0 Jul 26 05:17:21 mail kernel: [4616081.126095] [UFW BLOCK] IN=eth0 OUT= MAC=fa:16:3e:d3:64:42:4c:5e:0c:c9:30:5f:08:00 SRC=92.118.37.74 DST=185.101.93.72 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=42918 PROTO=TCP SPT=46525 DPT=43498 WINDOW=1024 RES=0x00 SYN URGP=0 Jul 26 05:18:05 mail kernel: [4616124.979110] [UFW BLOCK] IN=eth0 OUT= MAC=fa:16:3e:d3:64:42:4c:5e:0c:c9:30:5f:08:00 SRC=92.118.37.74 DST=185.101.93.72 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=52130 PROTO=TCP SPT=46525 DPT=32196 WINDOW=1024 RES=0x00 SYN	2019-07-26 13:36:12
45.77.124.38	attack	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-26 00:20:02,687 INFO [amun_request_handler] PortScan Detected on Port: 139 (45.77.124.38)	2019-07-26 13:06:25
184.161.230.77	attackspambots	DATE:2019-07-26 01:03:04, IP:184.161.230.77, PORT:ssh brute force auth on SSH service (patata)	2019-07-26 12:42:58
123.207.34.136	attackbotsspam	Unauthorised access (Jul 26) SRC=123.207.34.136 LEN=40 TTL=238 ID=9511 TCP DPT=445 WINDOW=1024 SYN	2019-07-26 13:03:03
109.177.94.172	attackspambots	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-25 22:37:01,601 INFO [amun_request_handler] PortScan Detected on Port: 445 (109.177.94.172)	2019-07-26 13:26:46
178.128.7.249	attackspambots	Jul 26 07:31:22 server sshd\[3526\]: Invalid user jon from 178.128.7.249 port 55886 Jul 26 07:31:22 server sshd\[3526\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.7.249 Jul 26 07:31:24 server sshd\[3526\]: Failed password for invalid user jon from 178.128.7.249 port 55886 ssh2 Jul 26 07:37:36 server sshd\[20045\]: User root from 178.128.7.249 not allowed because listed in DenyUsers Jul 26 07:37:36 server sshd\[20045\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.7.249 user=root	2019-07-26 12:38:40
14.253.141.208	attackbotsspam	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-25 22:36:31,877 INFO [amun_request_handler] PortScan Detected on Port: 445 (14.253.141.208)	2019-07-26 13:29:57
27.34.240.250	attackspambots	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-25 22:36:51,939 INFO [amun_request_handler] PortScan Detected on Port: 445 (27.34.240.250)	2019-07-26 13:27:45
41.218.224.157	attack	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-25 22:38:07,902 INFO [amun_request_handler] PortScan Detected on Port: 445 (41.218.224.157)	2019-07-26 13:12:30
194.38.0.110	attack	2019-07-25 18:02:58 H=(livingbusiness.it) [194.38.0.110]:35179 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.4, 127.0.0.3) (https://www.spamhaus.org/query/ip/194.38.0.110) 2019-07-25 18:02:58 H=(livingbusiness.it) [194.38.0.110]:35179 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.4, 127.0.0.3) (https://www.spamhaus.org/sbl/query/SBLCSS) 2019-07-25 18:02:59 H=(livingbusiness.it) [194.38.0.110]:35179 I=[192.147.25.65]:25 F= rejected RCPT : RBL: found in thrukfz5b56tq6xao6odgdyjrq.zen.dq.spamhaus.net (127.0.0.4, 127.0.0.3) (https://www.spamhaus.org/query/ip/194.38.0.110) ...	2019-07-26 12:48:39

最近上报的IP列表

59.19.13.126	211.224.30.206	226.135.143.229	32.174.204.7
56.172.196.0	215.112.240.183	84.52.3.228	203.106.185.157
88.130.179.180	182.179.179.100	247.157.227.125	228.146.161.80
235.224.145.122	113.103.27.239	249.76.135.66	150.161.95.3
90.213.71.213	100.40.114.5	144.91.78.42	183.82.140.239