203.195.148.54

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Tencent Cloud Computing (Beijing) Co. Ltd.

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Port Scan: TCP/443	2019-10-31 14:41:33

相同子网IP讨论:

IP	类型	评论内容	时间
203.195.148.140	attack	Aug 17 08:27:04 hiderm sshd\[1427\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.148.140 user=root Aug 17 08:27:05 hiderm sshd\[1427\]: Failed password for root from 203.195.148.140 port 41385 ssh2 Aug 17 08:27:09 hiderm sshd\[1431\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.148.140 user=root Aug 17 08:27:10 hiderm sshd\[1431\]: Failed password for root from 203.195.148.140 port 41513 ssh2 Aug 17 08:27:13 hiderm sshd\[1453\]: Invalid user pi from 203.195.148.140	2019-08-18 09:41:15

类型

评论内容

时间

203.195.148.140

attack

Aug 17 08:27:04 hiderm sshd\[1427\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.148.140  user=root
Aug 17 08:27:05 hiderm sshd\[1427\]: Failed password for root from 203.195.148.140 port 41385 ssh2
Aug 17 08:27:09 hiderm sshd\[1431\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.148.140  user=root
Aug 17 08:27:10 hiderm sshd\[1431\]: Failed password for root from 203.195.148.140 port 41513 ssh2
Aug 17 08:27:13 hiderm sshd\[1453\]: Invalid user pi from 203.195.148.140

2019-08-18 09:41:15

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 203.195.148.54
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31455
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;203.195.148.54.			IN	A

;; AUTHORITY SECTION:
.			551	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019103100 1800 900 604800 86400

;; Query time: 97 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Oct 31 14:41:30 CST 2019
;; MSG SIZE  rcvd: 118

HOST信息:

Host 54.148.195.203.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 54.148.195.203.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
59.188.255.243	attackspam	Jan 27 05:57:08 mout sshd[22350]: Invalid user testuser from 59.188.255.243 port 60648	2020-01-27 13:38:07
80.211.137.127	attackbotsspam	Unauthorized connection attempt detected from IP address 80.211.137.127 to port 2220 [J]	2020-01-27 13:59:28
197.59.197.123	attackspambots	Unauthorised access (Jan 27) SRC=197.59.197.123 LEN=40 TTL=54 ID=33087 TCP DPT=23 WINDOW=28386 SYN	2020-01-27 13:48:16
222.186.30.167	attackbots	Jan 27 05:30:21 work-partkepr sshd\[15709\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.30.167 user=root Jan 27 05:30:22 work-partkepr sshd\[15709\]: Failed password for root from 222.186.30.167 port 63655 ssh2 ...	2020-01-27 13:34:04
123.209.203.39	attackspam	Jan 27 06:18:19 ns3042688 sshd\[10848\]: Invalid user server from 123.209.203.39 Jan 27 06:18:19 ns3042688 sshd\[10848\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.209.203.39 Jan 27 06:18:21 ns3042688 sshd\[10848\]: Failed password for invalid user server from 123.209.203.39 port 40248 ssh2 Jan 27 06:19:15 ns3042688 sshd\[10889\]: Invalid user admin123 from 123.209.203.39 Jan 27 06:19:15 ns3042688 sshd\[10889\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.209.203.39 ...	2020-01-27 14:03:22
185.111.183.42	attack	Jan 27 05:57:02 grey postfix/smtpd\[1640\]: NOQUEUE: reject: RCPT from srv42.ypclistmanager.com\[185.111.183.42\]: 554 5.7.1 Service unavailable\; Client host \[185.111.183.42\] blocked using bl.spamcop.net\; Blocked - see https://www.spamcop.net/bl.shtml\?185.111.183.42\; from=\<6c0376b04eac7b177eb23fe8669eb29d@ypclistmanager.com\> to=\ proto=ESMTP helo=\ ...	2020-01-27 13:42:12
45.6.18.176	attackspam	Jan 27 08:47:33 hosting sshd[30690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.6.18.176 user=root Jan 27 08:47:35 hosting sshd[30690]: Failed password for root from 45.6.18.176 port 22048 ssh2 ...	2020-01-27 13:48:51
40.125.200.20	attack	MultiHost/MultiPort Probe, Scan, Hack -	2020-01-27 14:17:40
223.255.127.74	attackspambots	Jan 26 19:34:52 php1 sshd\[24848\]: Invalid user administrador from 223.255.127.74 Jan 26 19:34:52 php1 sshd\[24848\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.255.127.74 Jan 26 19:34:54 php1 sshd\[24848\]: Failed password for invalid user administrador from 223.255.127.74 port 9513 ssh2 Jan 26 19:35:56 php1 sshd\[25086\]: Invalid user cac from 223.255.127.74 Jan 26 19:35:56 php1 sshd\[25086\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.255.127.74	2020-01-27 14:17:11
43.243.129.55	attackspambots	Jan 27 06:57:23 nextcloud sshd\[11647\]: Invalid user oracle from 43.243.129.55 Jan 27 06:57:23 nextcloud sshd\[11647\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.243.129.55 Jan 27 06:57:25 nextcloud sshd\[11647\]: Failed password for invalid user oracle from 43.243.129.55 port 33188 ssh2	2020-01-27 14:07:53
89.248.162.136	attack	Jan 27 06:50:49 debian-2gb-nbg1-2 kernel: \[2363519.069542\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=89.248.162.136 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=9366 PROTO=TCP SPT=58249 DPT=4477 WINDOW=1024 RES=0x00 SYN URGP=0	2020-01-27 14:13:09
188.48.129.77	attackspam	Port scan on 1 port(s): 445	2020-01-27 13:34:36
185.175.93.103	attackspam	01/26/2020-23:56:23.295595 185.175.93.103 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2020-01-27 14:10:47
185.39.10.124	attackbotsspam	Jan 27 06:39:19 debian-2gb-nbg1-2 kernel: \[2362829.087902\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=185.39.10.124 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=7334 PROTO=TCP SPT=51233 DPT=15748 WINDOW=1024 RES=0x00 SYN URGP=0	2020-01-27 14:05:43
80.82.77.243	attack	Jan 27 06:41:50 debian-2gb-nbg1-2 kernel: \[2362980.170420\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=80.82.77.243 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=43145 PROTO=TCP SPT=55395 DPT=16478 WINDOW=1024 RES=0x00 SYN URGP=0	2020-01-27 14:01:39

最近上报的IP列表

115.89.40.129	126.254.8.5	197.67.103.163	17.61.131.118
231.105.7.13	198.25.21.239	145.210.254.250	226.227.87.139
150.18.75.93	163.171.78.222	175.172.41.174	231.198.23.238
242.93.123.37	217.137.35.122	26.142.194.11	63.18.13.189
38.40.204.178	182.126.207.199	60.104.239.12	120.7.113.51