27.224.137.140

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: ChinaNet Gansu Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Unauthorized connection attempt detected from IP address 27.224.137.140 to port 8081	2019-12-31 06:34:54

Comments on same subnet:

IP	Type	Details	Datetime
27.224.137.25	attack	Detected by ModSecurity. Host header is an IP address, Request URI: /	2020-08-07 17:53:28
27.224.137.110	attack	Unauthorized connection attempt detected from IP address 27.224.137.110 to port 123	2020-06-13 08:04:55
27.224.137.112	attackspam	Unauthorized connection attempt detected from IP address 27.224.137.112 to port 123	2020-06-13 08:04:32
27.224.137.167	attack	Unauthorized connection attempt detected from IP address 27.224.137.167 to port 8908 [T]	2020-05-20 13:16:55
27.224.137.5	attack	China's GFW probe	2020-05-15 17:37:59
27.224.137.228	attackbots	Fail2Ban Ban Triggered	2020-04-08 01:27:59
27.224.137.128	attackspam	Unauthorized connection attempt detected from IP address 27.224.137.128 to port 8080 [J]	2020-03-02 18:50:24
27.224.137.63	attackbots	Unauthorized connection attempt detected from IP address 27.224.137.63 to port 22 [J]	2020-03-02 17:55:00
27.224.137.232	attackspambots	[Mon Feb 03 11:54:41.470846 2020] [:error] [pid 4380:tid 140558393710336] [client 27.224.137.232:55554] [client 27.224.137.232] ModSecurity: Access denied with code 403 (phase 1). Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "972"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.10"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/"] [unique_id "XjenkQgZoeDztBDPYjXx0gAAAfM"] ...	2020-02-03 13:35:16
27.224.137.148	attack	Unauthorized connection attempt detected from IP address 27.224.137.148 to port 8908 [T]	2020-02-01 18:40:16
27.224.137.146	attackbots	Unauthorized connection attempt detected from IP address 27.224.137.146 to port 9011 [T]	2020-01-29 17:51:34
27.224.137.186	attackbots	Unauthorized connection attempt detected from IP address 27.224.137.186 to port 8080 [J]	2020-01-29 07:29:34
27.224.137.39	attackspambots	Unauthorized connection attempt detected from IP address 27.224.137.39 to port 6666 [J]	2020-01-27 17:18:52
27.224.137.206	attackbots	The IP has triggered Cloudflare WAF. CF-Ray: 55a9b2392fe7eb69 \| WAF_Rule_ID: a75424b44a1e4f27881d03344a122815 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: img.skk.moe \| User-Agent: Mozilla/5.0184010163 Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2020-01-26 04:47:27
27.224.137.181	attackbots	Unauthorized connection attempt detected from IP address 27.224.137.181 to port 9991 [T]	2020-01-26 02:50:35

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 27.224.137.140
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44676
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;27.224.137.140.			IN	A

;; AUTHORITY SECTION:
.			309	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019123001 1800 900 604800 86400

;; Query time: 624 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Dec 31 06:34:52 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 140.137.224.27.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 140.137.224.27.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
114.45.203.60	attackspambots	Jan 1 15:48:38 grey postfix/smtpd\[23722\]: NOQUEUE: reject: RCPT from 114-45-203-60.dynamic-ip.hinet.net\[114.45.203.60\]: 554 5.7.1 Service unavailable\; Client host \[114.45.203.60\] blocked using dul.dnsbl.sorbs.net\; Dynamic IP Addresses See: http://www.sorbs.net/lookup.shtml\?114.45.203.60\; from=\ to=\ proto=ESMTP helo=\<114-45-203-60.dynamic-ip.hinet.net\> ...	2020-01-02 02:22:59
200.31.65.17	attackspam	1577890128 - 01/01/2020 15:48:48 Host: 200.31.65.17/200.31.65.17 Port: 445 TCP Blocked	2020-01-02 02:17:51
89.163.146.71	attackbots	20 attempts against mh-misbehave-ban on plane.magehost.pro	2020-01-02 02:24:25
46.4.63.250	attackspam	20 attempts against mh-misbehave-ban on flare.magehost.pro	2020-01-02 02:11:26
91.224.60.75	attackbots	Jan 1 16:47:17 sd-53420 sshd\[12644\]: Invalid user tanim from 91.224.60.75 Jan 1 16:47:17 sd-53420 sshd\[12644\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.60.75 Jan 1 16:47:19 sd-53420 sshd\[12644\]: Failed password for invalid user tanim from 91.224.60.75 port 59058 ssh2 Jan 1 16:50:23 sd-53420 sshd\[13568\]: Invalid user guest from 91.224.60.75 Jan 1 16:50:23 sd-53420 sshd\[13568\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.60.75 ...	2020-01-02 02:34:42
44.224.64.227	attackbots	Jan 1 15:28:07 icinga sshd[8940]: Failed password for root from 44.224.64.227 port 40644 ssh2 ...	2020-01-02 02:13:36
49.235.83.156	attackspam	Jan 1 14:48:59 *** sshd[16200]: User root from 49.235.83.156 not allowed because not listed in AllowUsers	2020-01-02 02:11:10
2.184.57.87	attackbotsspam	Automatic report - Banned IP Access	2020-01-02 02:07:00
222.186.175.140	attackspam	Jan 1 19:12:32 MK-Soft-Root1 sshd[29780]: Failed password for root from 222.186.175.140 port 21614 ssh2 Jan 1 19:12:36 MK-Soft-Root1 sshd[29780]: Failed password for root from 222.186.175.140 port 21614 ssh2 ...	2020-01-02 02:20:25
145.239.150.181	attackbots	CloudCIX Reconnaissance Scan Detected, PTR: ns3112693.ip-145-239-150.eu.	2020-01-02 02:20:04
142.93.59.118	attack	Logged: 1/01/2020 2:45:41 PM UTC AS14061 DigitalOcean LLC Port: 25 Protocol: tcp Service Name: smtp Description: Simple Mail Transfer	2020-01-02 02:32:14
223.164.6.198	attackbotsspam	Jan 1 15:48:52 grey postfix/smtpd\[23593\]: NOQUEUE: reject: RCPT from unknown\[223.164.6.198\]: 554 5.7.1 Service unavailable\; Client host \[223.164.6.198\] blocked using truncate.gbudb.net\; http://www.gbudb.com/truncate/ \[223.164.6.198\]\; from=\ to=\ proto=ESMTP helo=\<\[223.164.6.198\]\> ...	2020-01-02 02:15:08
222.186.42.4	attack	Jan 1 19:13:43 meumeu sshd[14060]: Failed password for root from 222.186.42.4 port 50370 ssh2 Jan 1 19:14:01 meumeu sshd[14060]: error: maximum authentication attempts exceeded for root from 222.186.42.4 port 50370 ssh2 [preauth] Jan 1 19:14:07 meumeu sshd[14110]: Failed password for root from 222.186.42.4 port 45678 ssh2 ...	2020-01-02 02:16:02
74.208.230.149	attackbotsspam	Jan 1 15:48:48 MK-Soft-VM7 sshd[17674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=74.208.230.149 Jan 1 15:48:50 MK-Soft-VM7 sshd[17674]: Failed password for invalid user suncity from 74.208.230.149 port 43062 ssh2 ...	2020-01-02 02:17:36
35.241.245.227	attackbotsspam	Automated report (2020-01-01T14:49:26+00:00). Faked user agent detected.	2020-01-02 02:02:42

Recently Reported IPs

124.225.41.146	124.88.113.121	123.195.33.69	122.51.253.157
121.57.12.42	119.15.89.123	117.144.121.111	117.14.150.178
116.252.0.80	116.98.25.40	115.198.207.54	113.134.133.106
113.128.104.81	113.58.242.242	113.58.225.235	112.115.139.108
149.239.50.72	112.102.225.157	201.200.189.20	112.66.110.243