103.94.5.18 - IPInfo

基本信息:

城市(city): Jakarta

省份(region): Jakarta

国家(country): Indonesia

运营商(isp): CV. Tunas Dua Serangkai

主机名(hostname): unknown

机构(organization): PT INDONESIA COMNETS PLUS

使用类型(Usage Type): Commercial

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	"Account brute force using dictionary attack against Exchange Online"	2019-08-06 06:56:42

相同子网IP讨论:

IP	类型	评论内容	时间
103.94.5.250	attack	Unauthorized connection attempt from IP address 103.94.5.250 on Port 445(SMB)	2020-01-14 05:12:19
103.94.5.42	attackspam	Automatic report - Banned IP Access	2020-01-03 19:48:49
103.94.5.42	attack	Dec 24 10:54:41 vibhu-HP-Z238-Microtower-Workstation sshd\[6355\]: Invalid user schatz from 103.94.5.42 Dec 24 10:54:41 vibhu-HP-Z238-Microtower-Workstation sshd\[6355\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.94.5.42 Dec 24 10:54:43 vibhu-HP-Z238-Microtower-Workstation sshd\[6355\]: Failed password for invalid user schatz from 103.94.5.42 port 48688 ssh2 Dec 24 10:57:59 vibhu-HP-Z238-Microtower-Workstation sshd\[6519\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.94.5.42 user=root Dec 24 10:58:02 vibhu-HP-Z238-Microtower-Workstation sshd\[6519\]: Failed password for root from 103.94.5.42 port 47844 ssh2 ...	2019-12-24 13:33:51
103.94.5.42	attack	Dec 17 18:05:04 loxhost sshd\[12817\]: Invalid user truche from 103.94.5.42 port 37134 Dec 17 18:05:04 loxhost sshd\[12817\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.94.5.42 Dec 17 18:05:06 loxhost sshd\[12817\]: Failed password for invalid user truche from 103.94.5.42 port 37134 ssh2 Dec 17 18:11:19 loxhost sshd\[13070\]: Invalid user shynique from 103.94.5.42 port 45938 Dec 17 18:11:19 loxhost sshd\[13070\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.94.5.42 ...	2019-12-18 01:30:35
103.94.5.42	attack	Dec 14 17:22:43 eventyay sshd[7307]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.94.5.42 Dec 14 17:22:45 eventyay sshd[7307]: Failed password for invalid user lisa from 103.94.5.42 port 32808 ssh2 Dec 14 17:29:36 eventyay sshd[7571]: Failed password for backup from 103.94.5.42 port 43002 ssh2 ...	2019-12-15 00:38:39
103.94.56.152	attack	Automatic report - Port Scan Attack	2019-12-12 22:13:55
103.94.5.42	attackspambots	Dec 7 00:49:26 ny01 sshd[26791]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.94.5.42 Dec 7 00:49:28 ny01 sshd[26791]: Failed password for invalid user mosse from 103.94.5.42 port 51398 ssh2 Dec 7 00:56:16 ny01 sshd[27950]: Failed password for root from 103.94.5.42 port 60226 ssh2	2019-12-07 14:08:13
103.94.5.42	attackbotsspam	$f2bV_matches	2019-12-07 07:27:00
103.94.5.42	attackspambots	Dec 6 17:24:33 OPSO sshd\[30818\]: Invalid user blough from 103.94.5.42 port 34434 Dec 6 17:24:33 OPSO sshd\[30818\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.94.5.42 Dec 6 17:24:36 OPSO sshd\[30818\]: Failed password for invalid user blough from 103.94.5.42 port 34434 ssh2 Dec 6 17:31:22 OPSO sshd\[32153\]: Invalid user mpiuser from 103.94.5.42 port 44378 Dec 6 17:31:22 OPSO sshd\[32153\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.94.5.42	2019-12-07 00:31:52
103.94.5.42	attackspam	$f2bV_matches	2019-12-02 17:17:18
103.94.5.42	attackspambots	Nov 30 09:37:09 vps647732 sshd[27655]: Failed password for root from 103.94.5.42 port 44832 ssh2 ...	2019-11-30 16:52:51
103.94.5.42	attackbots	Nov 30 11:25:20 areeb-Workstation sshd[16322]: Failed password for root from 103.94.5.42 port 55286 ssh2 ...	2019-11-30 14:12:09
103.94.5.42	attackspambots	SSH invalid-user multiple login try	2019-11-26 21:29:41
103.94.5.42	attack	2019-11-11T23:16:17.406222abusebot-6.cloudsearch.cf sshd\[19832\]: Invalid user guest from 103.94.5.42 port 51732	2019-11-12 07:46:15
103.94.5.42	attackspam	$f2bV_matches	2019-11-09 01:19:56

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 103.94.5.18
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63441
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;103.94.5.18.			IN	A

;; AUTHORITY SECTION:
.			2206	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019040402 1800 900 604800 86400

;; Query time: 0 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Fri Apr 05 07:43:35 +08 2019
;; MSG SIZE  rcvd: 115

HOST信息:

Host 18.5.94.103.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 18.5.94.103.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
125.215.207.44	attackspambots	Aug 27 13:23:17 OPSO sshd\[21143\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.215.207.44 user=root Aug 27 13:23:19 OPSO sshd\[21143\]: Failed password for root from 125.215.207.44 port 43480 ssh2 Aug 27 13:29:56 OPSO sshd\[22008\]: Invalid user guest from 125.215.207.44 port 60826 Aug 27 13:29:56 OPSO sshd\[22008\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.215.207.44 Aug 27 13:29:58 OPSO sshd\[22008\]: Failed password for invalid user guest from 125.215.207.44 port 60826 ssh2	2020-08-27 21:29:48
178.221.50.99	attackspam	xmlrpc attack	2020-08-27 21:38:17
61.133.232.249	attackbots	Aug 27 08:34:30 host sshd\[3111\]: Failed password for root from 61.133.232.249 port 17060 ssh2 Aug 27 08:43:14 host sshd\[5044\]: Failed password for root from 61.133.232.249 port 64176 ssh2 Aug 27 09:02:39 host sshd\[9049\]: Invalid user website from 61.133.232.249 Aug 27 09:02:39 host sshd\[9049\]: Failed password for invalid user website from 61.133.232.249 port 11197 ssh2 ...	2020-08-27 21:44:00
183.80.236.195	attack	Unauthorized connection attempt from IP address 183.80.236.195 on Port 445(SMB)	2020-08-27 21:58:17
187.162.10.193	attackspambots	Port Scan detected! ...	2020-08-27 21:44:57
106.37.222.110	attack	SSH brutforce	2020-08-27 21:43:46
177.222.37.153	attackspambots	177.222.37.153 - - [27/Aug/2020:13:53:05 +0100] "POST /wp-login.php HTTP/1.1" 200 1999 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 177.222.37.153 - - [27/Aug/2020:13:53:07 +0100] "POST /wp-login.php HTTP/1.1" 200 1975 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 177.222.37.153 - - [27/Aug/2020:14:02:39 +0100] "POST /wp-login.php HTTP/1.1" 200 1836 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-27 21:45:36
40.77.167.208	attackspam	[Thu Aug 27 20:02:37.973742 2020] [:error] [pid 23182:tid 139707023353600] [client 40.77.167.208:1505] [client 40.77.167.208] ModSecurity: Access denied with code 403 (phase 4). Pattern match "^5\\\\d{2}$" at RESPONSE_STATUS. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/RESPONSE-950-DATA-LEAKAGES.conf"] [line "118"] [id "950100"] [msg "The Application Returned a 500-Level Status Code"] [data "Matched Data: 500 found within RESPONSE_STATUS: 500"] [severity "ERROR"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-disclosure"] [tag "WASCTC/WASC-13"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.6"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php/prakiraan-bulanan/244-prakiraan-curah-hujan-bulanan/prakiraan-curah-hujan-bulanan-di-propinsi-jawa-timur/prakiraan-curah-hujan-bulanan-di-propinsi-jawa-timur-tahun-2016/1014-prakiraan-curah-hujan-jawa-timur-bulan-agustus-tahun-2016"] [unique_id "X ...	2020-08-27 21:48:57
49.88.112.65	attackspam	Aug 27 07:47:48 dns1 sshd[5191]: Failed password for root from 49.88.112.65 port 42898 ssh2 Aug 27 07:47:52 dns1 sshd[5191]: Failed password for root from 49.88.112.65 port 42898 ssh2 Aug 27 07:47:56 dns1 sshd[5191]: Failed password for root from 49.88.112.65 port 42898 ssh2	2020-08-27 21:20:16
177.44.16.136	attackbots	Attempted Brute Force (dovecot)	2020-08-27 21:49:27
78.128.113.118	attackbots	2020-08-27 14:11:10 dovecot_login authenticator failed for $\[78.128.113.118\]$ \[78.128.113.118\]: 535 Incorrect authentication data $set_id=admin@nophost.com$ 2020-08-27 14:11:17 dovecot_login authenticator failed for $\[78.128.113.118\]$ \[78.128.113.118\]: 535 Incorrect authentication data 2020-08-27 14:11:26 dovecot_login authenticator failed for $\[78.128.113.118\]$ \[78.128.113.118\]: 535 Incorrect authentication data 2020-08-27 14:11:31 dovecot_login authenticator failed for $\[78.128.113.118\]$ \[78.128.113.118\]: 535 Incorrect authentication data 2020-08-27 14:11:42 dovecot_login authenticator failed for $\[78.128.113.118\]$ \[78.128.113.118\]: 535 Incorrect authentication data	2020-08-27 21:36:45
105.112.58.157	attack	Unauthorized connection attempt from IP address 105.112.58.157 on Port 445(SMB)	2020-08-27 21:27:24
144.217.60.239	attack	Aug 27 13:01:31 lnxweb62 sshd[3606]: Failed password for root from 144.217.60.239 port 42032 ssh2 Aug 27 13:01:31 lnxweb62 sshd[3606]: Failed password for root from 144.217.60.239 port 42032 ssh2 Aug 27 13:01:34 lnxweb62 sshd[3606]: Failed password for root from 144.217.60.239 port 42032 ssh2	2020-08-27 21:41:37
167.114.237.46	attack	Aug 27 09:29:14 rancher-0 sshd[1300571]: Invalid user leticia from 167.114.237.46 port 51410 ...	2020-08-27 21:38:35
124.185.128.97	attack	failed root login	2020-08-27 21:11:46

最近上报的IP列表

185.49.99.216	195.70.44.11	186.93.121.173	197.45.155.10
219.68.62.85	213.82.190.238	72.89.17.122	170.233.47.242
103.16.62.66	196.52.43.99	109.116.220.186	152.170.108.110
52.250.104.214	36.72.219.214	62.12.115.116	59.48.153.231
193.32.161.12	185.237.99.248	139.199.14.186	194.63.140.52