104.37.216.112

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): Online Tech LLC

主机名(hostname): unknown

机构(organization): Online Tech, LLC

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	2020-02-01T17:16:00.159672vostok sshd\[1115\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.37.216.112 user=root \| Triggered by Fail2Ban at Vostok web server	2020-02-02 07:48:19
attackspam	Jan 19 17:37:14 server2 sshd\[6636\]: User root from 104.37.216.112 not allowed because not listed in AllowUsers Jan 19 17:37:15 server2 sshd\[6638\]: Invalid user DUP from 104.37.216.112 Jan 19 17:37:16 server2 sshd\[6640\]: User root from 104.37.216.112 not allowed because not listed in AllowUsers Jan 19 17:37:17 server2 sshd\[6642\]: User root from 104.37.216.112 not allowed because not listed in AllowUsers Jan 19 17:37:18 server2 sshd\[6644\]: User root from 104.37.216.112 not allowed because not listed in AllowUsers Jan 19 17:37:19 server2 sshd\[6646\]: User root from 104.37.216.112 not allowed because not listed in AllowUsers	2020-01-20 01:45:34
attack	Unauthorized connection attempt detected from IP address 104.37.216.112 to port 22 [J]	2020-01-18 20:46:51
attackbotsspam	firewall-block, port(s): 22/tcp	2020-01-01 18:05:05
attackspambots	22 attack	2019-12-26 01:04:17
attackbots	Jul 17 00:06:36 server2 sshd\[29214\]: User root from 104.37.216.112 not allowed because not listed in AllowUsers Jul 17 00:06:37 server2 sshd\[29216\]: Invalid user DUP from 104.37.216.112 Jul 17 00:06:38 server2 sshd\[29218\]: User root from 104.37.216.112 not allowed because not listed in AllowUsers Jul 17 00:06:39 server2 sshd\[29221\]: User root from 104.37.216.112 not allowed because not listed in AllowUsers Jul 17 00:06:40 server2 sshd\[29223\]: User root from 104.37.216.112 not allowed because not listed in AllowUsers Jul 17 00:06:41 server2 sshd\[29227\]: User root from 104.37.216.112 not allowed because not listed in AllowUsers	2019-07-17 09:35:19
attack	2019-07-05T00:47:46.323029scmdmz1 sshd\[22419\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.37.216.112 user=root 2019-07-05T00:47:48.245858scmdmz1 sshd\[22419\]: Failed password for root from 104.37.216.112 port 52758 ssh2 2019-07-05T00:47:49.401747scmdmz1 sshd\[22421\]: Invalid user DUP from 104.37.216.112 port 53350 ...	2019-07-05 12:56:11

相同子网IP讨论:

IP	类型	评论内容	时间
104.37.216.98	attackspam	Oct 28 17:11:22 web01 sshd[10724]: Did not receive identification string from 104.37.216.98 Oct 28 22:02:31 web01 sshd[29166]: Received disconnect from 104.37.216.98: 11: Bye Bye [preauth] Oct 28 22:02:32 web01 sshd[29174]: Invalid user DUP from 104.37.216.98 Oct 28 22:02:32 web01 sshd[29174]: Received disconnect from 104.37.216.98: 11: Bye Bye [preauth] Oct 28 22:02:33 web01 sshd[29176]: Received disconnect from 104.37.216.98: 11: Bye Bye [preauth] Oct 28 22:02:34 web01 sshd[29184]: Received disconnect from 104.37.216.98: 11: Bye Bye [preauth] Oct 28 22:02:35 web01 sshd[29186]: Received disconnect from 104.37.216.98: 11: Bye Bye [preauth] Oct 28 22:02:36 web01 sshd[29194]: Received disconnect from 104.37.216.98: 11: Bye Bye [preauth] Oct 28 22:02:37 web01 sshd[29196]: Received disconnect from 104.37.216.98: 11: Bye Bye [preauth] Oct 28 22:02:38 web01 sshd[29198]: Received disconnect from 104.37.216.98: 11: Bye Bye [preauth] Oct 28 22:02:39 web01 sshd[29200]: Received d........ -------------------------------	2019-10-29 18:23:13
104.37.216.98	attack	port scan and connect, tcp 22 (ssh)	2019-10-20 05:14:24

类型

评论内容

时间

104.37.216.98

attackspam

Oct 28 17:11:22 web01 sshd[10724]: Did not receive identification string from 104.37.216.98
Oct 28 22:02:31 web01 sshd[29166]: Received disconnect from 104.37.216.98: 11: Bye Bye [preauth]
Oct 28 22:02:32 web01 sshd[29174]: Invalid user DUP from 104.37.216.98
Oct 28 22:02:32 web01 sshd[29174]: Received disconnect from 104.37.216.98: 11: Bye Bye [preauth]
Oct 28 22:02:33 web01 sshd[29176]: Received disconnect from 104.37.216.98: 11: Bye Bye [preauth]
Oct 28 22:02:34 web01 sshd[29184]: Received disconnect from 104.37.216.98: 11: Bye Bye [preauth]
Oct 28 22:02:35 web01 sshd[29186]: Received disconnect from 104.37.216.98: 11: Bye Bye [preauth]
Oct 28 22:02:36 web01 sshd[29194]: Received disconnect from 104.37.216.98: 11: Bye Bye [preauth]
Oct 28 22:02:37 web01 sshd[29196]: Received disconnect from 104.37.216.98: 11: Bye Bye [preauth]
Oct 28 22:02:38 web01 sshd[29198]: Received disconnect from 104.37.216.98: 11: Bye Bye [preauth]
Oct 28 22:02:39 web01 sshd[29200]: Received d........
-------------------------------

2019-10-29 18:23:13

104.37.216.98

attack

port scan and connect, tcp 22 (ssh)

2019-10-20 05:14:24

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.37.216.112
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45806
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.37.216.112.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019050500 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Sun May 05 18:25:15 +08 2019
;; MSG SIZE  rcvd: 118

HOST信息:

Host 112.216.37.104.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 112.216.37.104.in-addr.arpa: NXDOMAIN

IP	类型	评论内容	时间
62.174.159.218	attack	Unauthorized connection attempt detected from IP address 62.174.159.218 to port 81 [J]	2020-01-06 04:25:59
61.78.121.2	attack	Unauthorized connection attempt detected from IP address 61.78.121.2 to port 5555 [J]	2020-01-06 04:49:51
189.84.92.150	attack	Unauthorized connection attempt detected from IP address 189.84.92.150 to port 23 [J]	2020-01-06 04:13:24
189.236.159.52	attack	Unauthorized connection attempt detected from IP address 189.236.159.52 to port 4567	2020-01-06 04:13:07
200.161.41.80	attack	Unauthorized connection attempt detected from IP address 200.161.41.80 to port 8000	2020-01-06 04:33:47
79.25.76.32	attack	Unauthorized connection attempt detected from IP address 79.25.76.32 to port 8080	2020-01-06 04:22:34
88.247.92.134	attack	Unauthorized connection attempt detected from IP address 88.247.92.134 to port 8081 [J]	2020-01-06 04:45:12
186.56.158.27	attackspam	Unauthorized connection attempt detected from IP address 186.56.158.27 to port 8080 [J]	2020-01-06 04:14:30
119.194.75.229	attackbotsspam	Unauthorized connection attempt detected from IP address 119.194.75.229 to port 4567	2020-01-06 04:19:12
75.104.28.183	attackspam	Unauthorized connection attempt detected from IP address 75.104.28.183 to port 23 [J]	2020-01-06 04:48:44
186.130.33.202	attack	Unauthorized connection attempt detected from IP address 186.130.33.202 to port 23 [J]	2020-01-06 04:37:11
66.42.29.145	attack	Telnet Server BruteForce Attack	2020-01-06 04:24:55
200.194.26.102	attackspambots	Unauthorized connection attempt detected from IP address 200.194.26.102 to port 23	2020-01-06 04:33:16
54.183.202.175	attackspam	Unauthorized connection attempt detected from IP address 54.183.202.175 to port 443	2020-01-06 04:26:30
177.216.12.154	attack	Unauthorized connection attempt detected from IP address 177.216.12.154 to port 445	2020-01-06 04:39:52

最近上报的IP列表

172.12.60.170	107.197.236.231	201.150.50.38	198.63.167.176
88.94.188.103	138.197.1.64	109.230.6.225	175.161.206.253
104.236.9.125	74.208.82.41	201.178.197.65	89.94.246.81
87.120.78.41	195.206.42.190	122.109.75.199	133.94.1.212
167.99.74.252	134.209.36.143	215.18.73.16	96.9.168.71