5.140.139.199 - IPInfo

基本信息:

城市(city): Tyumen

省份(region): Tyumen’ Oblast

国家(country): Russia

运营商(isp): Rostelecom

主机名(hostname): unknown

机构(organization): Rostelecom

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

暂无关于此IP的讨论, 沙发请点上方按钮

相同子网IP讨论:

IP	类型	评论内容	时间
5.140.139.218	attack	ssh failed login	2019-09-06 09:47:55
5.140.139.82	attackbotsspam	Jul 10 01:10:39 shared03 sshd[11594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.140.139.82 user=admin Jul 10 01:10:41 shared03 sshd[11594]: Failed password for admin from 5.140.139.82 port 59433 ssh2 Jul 10 01:10:43 shared03 sshd[11594]: Failed password for admin from 5.140.139.82 port 59433 ssh2 Jul 10 01:10:45 shared03 sshd[11594]: Failed password for admin from 5.140.139.82 port 59433 ssh2 Jul 10 01:10:47 shared03 sshd[11594]: Failed password for admin from 5.140.139.82 port 59433 ssh2 Jul 10 01:10:50 shared03 sshd[11594]: Failed password for admin from 5.140.139.82 port 59433 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=5.140.139.82	2019-07-10 13:35:48

类型

评论内容

时间

5.140.139.218

attack

ssh failed login

2019-09-06 09:47:55

5.140.139.82

attackbotsspam

Jul 10 01:10:39 shared03 sshd[11594]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.140.139.82  user=admin
Jul 10 01:10:41 shared03 sshd[11594]: Failed password for admin from 5.140.139.82 port 59433 ssh2
Jul 10 01:10:43 shared03 sshd[11594]: Failed password for admin from 5.140.139.82 port 59433 ssh2
Jul 10 01:10:45 shared03 sshd[11594]: Failed password for admin from 5.140.139.82 port 59433 ssh2
Jul 10 01:10:47 shared03 sshd[11594]: Failed password for admin from 5.140.139.82 port 59433 ssh2
Jul 10 01:10:50 shared03 sshd[11594]: Failed password for admin from 5.140.139.82 port 59433 ssh2


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=5.140.139.82

2019-07-10 13:35:48

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 5.140.139.199
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57200
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;5.140.139.199.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019041401 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Mon Apr 15 05:47:04 +08 2019
;; MSG SIZE  rcvd: 117

HOST信息:

Host 199.139.140.5.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 199.139.140.5.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
185.57.152.70	attackspam	185.57.152.70 - - [30/Sep/2020:18:42:28 +0200] "GET /wp-login.php HTTP/1.1" 200 9061 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 185.57.152.70 - - [30/Sep/2020:18:42:29 +0200] "POST /wp-login.php HTTP/1.1" 200 9312 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 185.57.152.70 - - [30/Sep/2020:18:42:30 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-10-01 00:51:09
91.121.101.155	attackbots	$f2bV_matches	2020-10-01 01:02:05
88.132.66.26	attackspam	Sep 30 23:14:32 itv-usvr-02 sshd[7336]: Invalid user christian from 88.132.66.26 port 59428 Sep 30 23:14:32 itv-usvr-02 sshd[7336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.132.66.26 Sep 30 23:14:32 itv-usvr-02 sshd[7336]: Invalid user christian from 88.132.66.26 port 59428 Sep 30 23:14:35 itv-usvr-02 sshd[7336]: Failed password for invalid user christian from 88.132.66.26 port 59428 ssh2 Sep 30 23:17:56 itv-usvr-02 sshd[7463]: Invalid user jackie from 88.132.66.26 port 33460	2020-10-01 00:50:37
63.214.246.229	attackspam	Hackers please read as the following information is valuable to you. Customer Seling Clearwater County is using my email noaccount@yahoo.com. Charter keeps sending me spam emails with customer information. Per calls and emails, Charter has chosen to not stop spamming me as they claim they can not help me as I am not a customer. So please use the following information to attack and gain financial benefit at their expense.	2020-10-01 01:11:39
167.71.38.104	attack	Sep 30 18:14:23 h2646465 sshd[24490]: Invalid user daniel from 167.71.38.104 Sep 30 18:14:23 h2646465 sshd[24490]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.38.104 Sep 30 18:14:23 h2646465 sshd[24490]: Invalid user daniel from 167.71.38.104 Sep 30 18:14:25 h2646465 sshd[24490]: Failed password for invalid user daniel from 167.71.38.104 port 41056 ssh2 Sep 30 18:22:27 h2646465 sshd[25701]: Invalid user test2 from 167.71.38.104 Sep 30 18:22:27 h2646465 sshd[25701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.38.104 Sep 30 18:22:27 h2646465 sshd[25701]: Invalid user test2 from 167.71.38.104 Sep 30 18:22:29 h2646465 sshd[25701]: Failed password for invalid user test2 from 167.71.38.104 port 54366 ssh2 Sep 30 18:29:51 h2646465 sshd[26365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.71.38.104 user=root Sep 30 18:29:53 h2646465 sshd[26365]: Failed password for root	2020-10-01 00:56:01
104.248.131.113	attackspam	2020-09-30T16:32:13.434091shield sshd\[5022\]: Invalid user cgi from 104.248.131.113 port 52048 2020-09-30T16:32:13.445193shield sshd\[5022\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.131.113 2020-09-30T16:32:15.014608shield sshd\[5022\]: Failed password for invalid user cgi from 104.248.131.113 port 52048 ssh2 2020-09-30T16:35:27.039161shield sshd\[5367\]: Invalid user alex from 104.248.131.113 port 41728 2020-09-30T16:35:27.050789shield sshd\[5367\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.248.131.113	2020-10-01 00:45:16
36.110.110.34	attack	Invalid user postgres from 36.110.110.34 port 41000	2020-10-01 01:14:50
77.241.49.45	attackspam	Automatic report - Port Scan Attack	2020-10-01 00:52:44
142.93.213.91	attackspam	CMS (WordPress or Joomla) login attempt.	2020-10-01 00:56:25
111.229.167.10	attackspambots	Invalid user cpanel1 from 111.229.167.10 port 54044	2020-10-01 00:38:59
106.13.181.242	attack	Sep 30 15:40:45 ns382633 sshd\[3367\]: Invalid user edu from 106.13.181.242 port 48262 Sep 30 15:40:45 ns382633 sshd\[3367\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.242 Sep 30 15:40:48 ns382633 sshd\[3367\]: Failed password for invalid user edu from 106.13.181.242 port 48262 ssh2 Sep 30 16:29:27 ns382633 sshd\[13225\]: Invalid user testftp1 from 106.13.181.242 port 33436 Sep 30 16:29:27 ns382633 sshd\[13225\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.181.242	2020-10-01 00:48:52
51.79.85.154	attack	51.79.85.154 - - [29/Sep/2020:20:36:28 +0000] "POST /wp-login.php HTTP/1.1" 200 2077 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 51.79.85.154 - - [29/Sep/2020:20:36:30 +0000] "POST /wp-login.php HTTP/1.1" 200 2076 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 51.79.85.154 - - [29/Sep/2020:20:36:32 +0000] "POST /wp-login.php HTTP/1.1" 200 2070 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 51.79.85.154 - - [29/Sep/2020:20:36:34 +0000] "POST /wp-login.php HTTP/1.1" 200 2072 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" 51.79.85.154 - - [29/Sep/2020:20:36:36 +0000] "POST /xmlrpc.php HTTP/1.1" 200 236 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-"	2020-10-01 00:41:04
202.134.160.134	attackspambots	RDPBruteCAu	2020-10-01 01:15:14
45.143.221.41	attack	[2020-09-30 12:29:26] NOTICE[1159] chan_sip.c: Registration from '"3008" ' failed for '45.143.221.41:5526' - Wrong password [2020-09-30 12:29:26] SECURITY[1198] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-09-30T12:29:26.920-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="3008",SessionID="0x7fcaa0022038",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.143.221.41/5526",Challenge="1a47c106",ReceivedChallenge="1a47c106",ReceivedHash="d9745f44fd7668815e3d064e02a5857f" [2020-09-30 12:29:27] NOTICE[1159] chan_sip.c: Registration from '"3008" ' failed for '45.143.221.41:5526' - Wrong password [2020-09-30 12:29:27] SECURITY[1198] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-09-30T12:29:27.093-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="3008",SessionID="0x7fcaa045f8f8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45 ...	2020-10-01 00:54:47
49.234.126.83	attackbots	$f2bV_matches	2020-10-01 00:45:48

最近上报的IP列表

222.124.141.118	84.217.221.184	198.108.67.50	181.67.76.151
191.255.5.137	187.110.208.182	159.203.179.138	106.12.87.149
103.82.102.192	193.56.29.55	189.79.187.219	178.62.194.63
146.247.224.229	180.176.244.171	91.240.100.80	61.92.215.72
42.3.114.168	1.55.28.80	221.213.44.226	185.154.188.137