103.138.10.6 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Indonesia

运营商(isp): Dinas Komunikasi Dan Informatika Kabupaten Pacitan

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Commercial

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	ET SCAN Suspicious inbound to MSSQL port 1433 - port: 1433 proto: tcp cat: Potentially Bad Trafficbytes: 60	2020-08-11 07:11:16
attack	Icarus honeypot on github	2020-05-14 12:41:31
attackspambots	Brute forcing RDP port 3389	2020-05-03 02:44:17
attack	01/02/2020-23:50:16.436933 103.138.10.6 Protocol: 6 ET SCAN Suspicious inbound to MSSQL port 1433	2020-01-03 15:53:55
attackbotsspam	Unauthorized connection attempt detected from IP address 103.138.10.6 to port 1433	2019-12-24 17:00:08
attackspam	MultiHost/MultiPort Probe, Scan, Hack -	2019-11-28 18:32:08
attackspam	" "	2019-10-17 01:03:46

相同子网IP讨论:

IP	类型	评论内容	时间
103.138.108.188	attack	2020-09-28T20:37:58Z - RDP login failed multiple times. (103.138.108.188)	2020-09-29 22:56:50
103.138.108.188	attackbots	2020-09-28T20:37:58Z - RDP login failed multiple times. (103.138.108.188)	2020-09-29 15:15:35
103.138.108.40	attackspam	SCAN: Host Sweep CloudCIX Reconnaissance Scan Detected, PTR: PTR record not found	2020-08-24 06:31:26
103.138.109.68	attackspam	[N10.H2.VM2] Port Scanner Detected Blocked by UFW	2020-08-11 01:38:20
103.138.108.48	attackspambots	Aug 5 15:45:15 offspring postfix/smtpd[19143]: connect from unknown[103.138.108.48] Aug 5 15:45:16 offspring postfix/smtpd[19143]: warning: unknown[103.138.108.48]: SASL LOGIN authentication failed: authentication failure Aug 5 15:45:16 offspring postfix/smtpd[19143]: lost connection after AUTH from unknown[103.138.108.48] Aug 5 15:45:16 offspring postfix/smtpd[19143]: disconnect from unknown[103.138.108.48] Aug 5 15:45:17 offspring postfix/smtpd[19143]: connect from unknown[103.138.108.48] Aug 5 15:45:17 offspring postfix/smtpd[19143]: warning: unknown[103.138.108.48]: SASL LOGIN authentication failed: authentication failure Aug 5 15:45:18 offspring postfix/smtpd[19143]: lost connection after AUTH from unknown[103.138.108.48] Aug 5 15:45:18 offspring postfix/smtpd[19143]: disconnect from unknown[103.138.108.48] Aug 5 15:45:18 offspring postfix/smtpd[19143]: connect from unknown[103.138.108.48] Aug 5 15:45:19 offspring postfix/smtpd[19143]: warning: unknown[10........ -------------------------------	2020-08-06 03:25:33
103.138.108.48	attackbotsspam	Jul 25 18:30:27 offspring postfix/smtpd[18303]: connect from unknown[103.138.108.48] Jul 25 18:30:28 offspring postfix/smtpd[18303]: warning: unknown[103.138.108.48]: SASL LOGIN authentication failed: authentication failure Jul 25 18:30:28 offspring postfix/smtpd[18303]: lost connection after AUTH from unknown[103.138.108.48] Jul 25 18:30:28 offspring postfix/smtpd[18303]: disconnect from unknown[103.138.108.48] Jul 25 18:30:29 offspring postfix/smtpd[18303]: connect from unknown[103.138.108.48] Jul 25 18:30:30 offspring postfix/smtpd[18303]: warning: unknown[103.138.108.48]: SASL LOGIN authentication failed: authentication failure Jul 25 18:30:30 offspring postfix/smtpd[18303]: lost connection after AUTH from unknown[103.138.108.48] Jul 25 18:30:30 offspring postfix/smtpd[18303]: disconnect from unknown[103.138.108.48] Jul 25 18:30:31 offspring postfix/smtpd[18303]: connect from unknown[103.138.108.48] Jul 25 18:30:32 offspring postfix/smtpd[18303]: warning: unknown[10........ -------------------------------	2020-07-26 01:31:26
103.138.109.44	attackspambots	07/25/2020-11:16:32.406346 103.138.109.44 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-07-25 23:17:49
103.138.109.190	attackbots	Jul 18 12:36:29 debian-2gb-nbg1-2 kernel: \[17327139.039675\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=103.138.109.190 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=239 ID=18506 PROTO=TCP SPT=45046 DPT=15355 WINDOW=1024 RES=0x00 SYN URGP=0	2020-07-18 19:51:26
103.138.109.89	attackspam	MAIL: User Login Brute Force Attempt	2020-07-14 21:59:19
103.138.109.68	attackspam	Jul 6 03:05:07 main sshd[12946]: Failed password for invalid user alerm from 103.138.109.68 port 61607 ssh2 Jul 6 03:05:18 main sshd[12965]: Failed password for invalid user admin from 103.138.109.68 port 54785 ssh2 Jul 6 03:05:31 main sshd[12967]: Failed password for invalid user pi from 103.138.109.68 port 55292 ssh2 Jul 10 09:26:00 main sshd[12121]: Failed password for invalid user alerm from 103.138.109.68 port 63786 ssh2 Jul 10 09:27:41 main sshd[12186]: Failed password for invalid user admin from 103.138.109.68 port 63273 ssh2 Jul 10 09:27:48 main sshd[12190]: Failed password for invalid user pi from 103.138.109.68 port 63853 ssh2	2020-07-11 04:05:25
103.138.109.89	attackbots	(smtpauth) Failed SMTP AUTH login from 103.138.109.89 (VN/Vietnam/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 2020-07-06 08:18:13 login authenticator failed for (7zIldrnobP) [103.138.109.89]: 535 Incorrect authentication data (set_id=info)	2020-07-06 19:13:12
103.138.109.68	attack	...	2020-06-30 17:01:34
103.138.109.89	attackspambots	Attempted Brute Force (dovecot)	2020-06-29 06:31:12
103.138.109.68	attackspam	Jun 24 06:33:16 mail sshd[8744]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.138.109.68 Jun 24 06:33:17 mail sshd[8744]: Failed password for invalid user press from 103.138.109.68 port 52611 ssh2 ...	2020-06-24 18:00:41
103.138.109.68	attack	Jun 22 09:40:52 mail sshd[26097]: Failed password for root from 103.138.109.68 port 58571 ssh2 Jun 22 09:40:53 mail sshd[26097]: error: Received disconnect from 103.138.109.68 port 58571:3: com.jcraft.jsch.JSchException: Auth fail [preauth] ...	2020-06-22 15:48:31

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 103.138.10.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57825
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;103.138.10.6.			IN	A

;; AUTHORITY SECTION:
.			219	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019101600 1800 900 604800 86400

;; Query time: 116 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Oct 17 01:03:42 CST 2019
;; MSG SIZE  rcvd: 116

HOST信息:

Host 6.10.138.103.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 6.10.138.103.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
180.76.111.242	attackbotsspam	Invalid user teste from 180.76.111.242 port 59352	2020-07-21 03:34:08
59.27.124.26	attack	(sshd) Failed SSH login from 59.27.124.26 (KR/South Korea/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Jul 20 21:22:23 grace sshd[7057]: Invalid user u1 from 59.27.124.26 port 47834 Jul 20 21:22:25 grace sshd[7057]: Failed password for invalid user u1 from 59.27.124.26 port 47834 ssh2 Jul 20 21:31:57 grace sshd[8428]: Invalid user fabrice from 59.27.124.26 port 41008 Jul 20 21:32:00 grace sshd[8428]: Failed password for invalid user fabrice from 59.27.124.26 port 41008 ssh2 Jul 20 21:36:23 grace sshd[9137]: Invalid user ov from 59.27.124.26 port 57478	2020-07-21 03:49:04
50.2.214.50	attackspambots	Jul 16 07:15:01 Host-KLAX-C amavis[10515]: (10515-01) Blocked SPAM {RejectedInternal}, AM.PDP-SOCK LOCAL [50.2.214.50] [50.2.214.50] <16043-336-6639-4201-bob=vestibtech.com@mail.resurgee.buzz> -> , Queue-ID: 9C9151BD52B, Message-ID: <0ism1ubxt4303kpq-7ug74xl36e1t8ztx-150-19ef@resurgee.buzz>, mail_id: 7NdZdYptoLMG, Hits: 10.223, size: 11500, 4729 ms Jul 20 06:26:26 Host-KLAX-C amavis[9592]: (09592-15) Blocked SPAM {RejectedInternal}, AM.PDP-SOCK LOCAL [50.2.214.50] [50.2.214.50] <16246-93-3593-4257-b.henderson=vestibtech.com@mail.diabetesfreedmm.co> -> , Queue-ID: B43B11BD2A9, Message-ID: , mail_id: 5xxrHmLWjogE, Hits: 17.499, size: 10203, 3624 ms ...	2020-07-21 03:27:23
47.108.160.207	attack	Jul 20 14:25:53 mailserver sshd\[23242\]: Invalid user administrador from 47.108.160.207 ...	2020-07-21 03:53:32
202.5.23.73	attackspam	2020-07-20T13:06:22.502112hostname sshd[61366]: Failed password for invalid user test from 202.5.23.73 port 46646 ssh2 ...	2020-07-21 03:28:30
112.78.3.39	attackspambots	$f2bV_matches	2020-07-21 03:33:48
45.55.32.34	attackspambots	ET CINS Active Threat Intelligence Poor Reputation IP group 24 - port: 20335 proto: tcp cat: Misc Attackbytes: 60	2020-07-21 03:27:38
94.102.51.28	attack	07/20/2020-15:47:34.876499 94.102.51.28 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-07-21 03:50:49
49.233.182.205	attackspambots	$f2bV_matches	2020-07-21 03:47:54
185.235.40.70	attackbots	Lines containing failures of 185.235.40.70 Jul 19 20:37:38 newdogma sshd[19642]: Invalid user tomas from 185.235.40.70 port 48858 Jul 19 20:37:38 newdogma sshd[19642]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.235.40.70 Jul 19 20:37:40 newdogma sshd[19642]: Failed password for invalid user tomas from 185.235.40.70 port 48858 ssh2 Jul 19 20:37:41 newdogma sshd[19642]: Received disconnect from 185.235.40.70 port 48858:11: Bye Bye [preauth] Jul 19 20:37:41 newdogma sshd[19642]: Disconnected from invalid user tomas 185.235.40.70 port 48858 [preauth] Jul 19 20:50:35 newdogma sshd[19887]: Invalid user mis from 185.235.40.70 port 44258 Jul 19 20:50:35 newdogma sshd[19887]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.235.40.70 Jul 19 20:50:36 newdogma sshd[19887]: Failed password for invalid user mis from 185.235.40.70 port 44258 ssh2 Jul 19 20:50:37 newdogma sshd[19887]: Received........ ------------------------------	2020-07-21 03:51:19
111.229.148.198	attackbots	Invalid user web from 111.229.148.198 port 37362	2020-07-21 03:38:21
106.12.174.227	attackbots	Connection to SSH Honeypot - Detected by HoneypotDB	2020-07-21 03:47:39
171.80.184.177	attackspambots	Jul 20 14:15:26 zimbra sshd[25564]: Invalid user Adminixxxr from 171.80.184.177 Jul 20 14:15:26 zimbra sshd[25564]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.80.184.177 Jul 20 14:15:29 zimbra sshd[25564]: Failed password for invalid user Adminixxxr from 171.80.184.177 port 43786 ssh2 Jul 20 14:15:29 zimbra sshd[25564]: Received disconnect from 171.80.184.177 port 43786:11: Bye Bye [preauth] Jul 20 14:15:29 zimbra sshd[25564]: Disconnected from 171.80.184.177 port 43786 [preauth] Jul 20 14:17:04 zimbra sshd[26950]: Invalid user ts3 from 171.80.184.177 Jul 20 14:17:04 zimbra sshd[26950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.80.184.177 Jul 20 14:17:06 zimbra sshd[26950]: Failed password for invalid user ts3 from 171.80.184.177 port 53046 ssh2 Jul 20 14:17:06 zimbra sshd[26950]: Received disconnect from 171.80.184.177 port 53046:11: Bye Bye [preauth] Jul 20 14:17:06 zimb........ -------------------------------	2020-07-21 03:18:39
47.98.190.243	attack	TCP (SYN) 47.98.190.243:10162 -> port 8080, len 40	2020-07-21 03:45:13
193.112.111.28	attack	Jul 20 18:32:34 debian-2gb-nbg1-2 kernel: \[17521293.360550\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=193.112.111.28 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=238 ID=24602 PROTO=TCP SPT=58075 DPT=4825 WINDOW=1024 RES=0x00 SYN URGP=0	2020-07-21 03:19:37

最近上报的IP列表

91.88.168.201	45.54.106.38	219.159.106.33	31.209.16.200
106.109.209.251	218.28.168.4	197.44.50.16	194.44.36.172
149.56.142.135	118.122.77.80	77.111.107.114	213.171.220.145
197.44.72.58	197.50.14.206	197.51.160.51	116.252.0.96
112.114.105.128	106.120.84.4	197.89.244.179	36.46.136.149