106.12.106.42 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): Beijing Baidu Netcom Science and Technology Co. Ltd.

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Search Engine Spider

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	[ssh] SSH attack	2020-04-09 15:53:32
attackspambots	Apr 3 10:58:30 gw1 sshd[28048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.106.42 Apr 3 10:58:32 gw1 sshd[28048]: Failed password for invalid user carlos from 106.12.106.42 port 55146 ssh2 ...	2020-04-03 19:51:17
attackbots	Unauthorized SSH login attempts	2020-04-02 05:01:57

类型

评论内容

时间

attackspambots

[ssh] SSH attack

2020-04-09 15:53:32

attackspambots

Apr  3 10:58:30 gw1 sshd[28048]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.106.42
Apr  3 10:58:32 gw1 sshd[28048]: Failed password for invalid user carlos from 106.12.106.42 port 55146 ssh2
...

2020-04-03 19:51:17

attackbots

Unauthorized SSH login attempts

2020-04-02 05:01:57

相同子网IP讨论:

IP	类型	评论内容	时间
106.12.106.34	attack	[N1.H1.VM1] Port Scanner Detected Blocked by UFW	2020-09-29 06:50:44
106.12.106.34	attackbotsspam	Fail2Ban Ban Triggered	2020-09-28 23:18:27
106.12.106.34	attackbotsspam	Sep 28 07:19:06 rancher-0 sshd[350833]: Invalid user aaa from 106.12.106.34 port 48220 ...	2020-09-28 15:22:10
106.12.106.34	attackbotsspam	Unauthorized connection attempt detected from IP address 106.12.106.34 to port 6160 [T]	2020-08-30 14:42:56
106.12.106.221	attackbotsspam	Multiple SSH authentication failures from 106.12.106.221	2020-08-28 03:06:19
106.12.106.221	attackspam	Aug 24 12:43:07 instance-2 sshd[13970]: Failed password for root from 106.12.106.221 port 59220 ssh2 Aug 24 12:48:37 instance-2 sshd[14127]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.106.221 Aug 24 12:48:39 instance-2 sshd[14127]: Failed password for invalid user weblogic from 106.12.106.221 port 33536 ssh2	2020-08-24 23:57:40
106.12.106.221	attack	Invalid user test from 106.12.106.221 port 45312	2020-08-23 15:13:59
106.12.106.221	attackbotsspam	SSH brute force attempt	2020-08-23 04:10:00
106.12.106.34	attack	Aug 11 22:33:11 ns381471 sshd[14012]: Failed password for root from 106.12.106.34 port 35774 ssh2	2020-08-12 04:39:42
106.12.106.221	attackbots	Aug 7 13:36:29 ovpn sshd\[9032\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.106.221 user=root Aug 7 13:36:31 ovpn sshd\[9032\]: Failed password for root from 106.12.106.221 port 59460 ssh2 Aug 7 13:59:17 ovpn sshd\[18037\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.106.221 user=root Aug 7 13:59:19 ovpn sshd\[18037\]: Failed password for root from 106.12.106.221 port 50648 ssh2 Aug 7 14:01:28 ovpn sshd\[18973\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.106.221 user=root	2020-08-08 02:13:50
106.12.106.34	attackbots	firewall-block, port(s): 980/tcp	2020-07-28 03:05:28
106.12.106.232	attackbots	Jul 26 15:03:23 root sshd[13172]: Invalid user apollo from 106.12.106.232 ...	2020-07-27 01:05:37
106.12.106.232	attackspam	$f2bV_matches	2020-07-16 03:55:43
106.12.106.232	attackbots	2020-07-08T14:09:10.452769mail.broermann.family sshd[21566]: Invalid user pj from 106.12.106.232 port 41786 2020-07-08T14:09:10.456964mail.broermann.family sshd[21566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.106.232 2020-07-08T14:09:10.452769mail.broermann.family sshd[21566]: Invalid user pj from 106.12.106.232 port 41786 2020-07-08T14:09:12.219729mail.broermann.family sshd[21566]: Failed password for invalid user pj from 106.12.106.232 port 41786 ssh2 2020-07-08T14:14:49.715390mail.broermann.family sshd[22102]: Invalid user ziyb from 106.12.106.232 port 35164 ...	2020-07-08 23:07:24
106.12.106.34	attackspam	16559/tcp 28609/tcp 6869/tcp [2020-06-23/07-05]3pkt	2020-07-05 17:28:21

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 106.12.106.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14592
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;106.12.106.42.			IN	A

;; AUTHORITY SECTION:
.			176	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020040101 1800 900 604800 86400

;; Query time: 109 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Apr 02 05:01:53 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

Host 42.106.12.106.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 42.106.12.106.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
89.31.110.68	attack	Honeypot attack, port: 5555, PTR: PTR record not found	2019-12-26 14:58:20
62.60.207.119	attackspambots	Dec 25 15:02:48 plesk sshd[23364]: Address 62.60.207.119 maps to undefined.hostname.localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Dec 25 15:02:48 plesk sshd[23364]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.207.119 user=r.r Dec 25 15:02:50 plesk sshd[23364]: Failed password for r.r from 62.60.207.119 port 43576 ssh2 Dec 25 15:02:51 plesk sshd[23364]: Received disconnect from 62.60.207.119: 11: Bye Bye [preauth] Dec 25 15:11:41 plesk sshd[23701]: Address 62.60.207.119 maps to undefined.hostname.localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Dec 25 15:11:41 plesk sshd[23701]: Invalid user guest from 62.60.207.119 Dec 25 15:11:41 plesk sshd[23701]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.60.207.119 Dec 25 15:11:44 plesk sshd[23701]: Failed password for invalid user guest from 62.60.207.119 port 33702........ -------------------------------	2019-12-26 15:09:33
121.243.17.150	attackspam	SSH auth scanning - multiple failed logins	2019-12-26 15:08:06
157.47.216.211	attackspam	1577341794 - 12/26/2019 07:29:54 Host: 157.47.216.211/157.47.216.211 Port: 445 TCP Blocked	2019-12-26 14:55:07
36.79.218.83	attack	1577341776 - 12/26/2019 07:29:36 Host: 36.79.218.83/36.79.218.83 Port: 445 TCP Blocked	2019-12-26 15:13:04
45.82.153.85	attackspam	Dec 26 07:57:50 s1 postfix/submission/smtpd\[16229\]: warning: unknown\[45.82.153.85\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Dec 26 07:58:10 s1 postfix/submission/smtpd\[16229\]: warning: unknown\[45.82.153.85\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Dec 26 07:58:12 s1 postfix/submission/smtpd\[16237\]: warning: unknown\[45.82.153.85\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Dec 26 07:58:35 s1 postfix/submission/smtpd\[16237\]: warning: unknown\[45.82.153.85\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Dec 26 07:59:14 s1 postfix/submission/smtpd\[16235\]: warning: unknown\[45.82.153.85\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Dec 26 07:59:33 s1 postfix/submission/smtpd\[16237\]: warning: unknown\[45.82.153.85\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Dec 26 07:59:34 s1 postfix/submission/smtpd\[16235\]: warning: unknown\[45.82.153.85\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Dec 26 07:59:53 s1 postfix/submission/smtpd\[16229\]: warning: unknown\[45.82.1	2019-12-26 15:01:52
159.203.201.71	attack	12/26/2019-07:29:31.232690 159.203.201.71 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-12-26 15:15:27
123.206.174.26	attackbots	Dec 26 08:00:21 sd-53420 sshd\[27371\]: Invalid user chanshin from 123.206.174.26 Dec 26 08:00:21 sd-53420 sshd\[27371\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.206.174.26 Dec 26 08:00:22 sd-53420 sshd\[27371\]: Failed password for invalid user chanshin from 123.206.174.26 port 42724 ssh2 Dec 26 08:03:49 sd-53420 sshd\[28753\]: Invalid user agbezukey from 123.206.174.26 Dec 26 08:03:49 sd-53420 sshd\[28753\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.206.174.26 ...	2019-12-26 15:28:15
45.136.108.119	attackbotsspam	Dec 26 08:01:10 debian-2gb-nbg1-2 kernel: \[996400.287259\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=45.136.108.119 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=25044 PROTO=TCP SPT=47824 DPT=446 WINDOW=1024 RES=0x00 SYN URGP=0	2019-12-26 15:04:28
98.4.160.39	attackspam	Dec 26 07:26:34 legacy sshd[5030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.4.160.39 Dec 26 07:26:37 legacy sshd[5030]: Failed password for invalid user francie from 98.4.160.39 port 55426 ssh2 Dec 26 07:29:04 legacy sshd[5118]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.4.160.39 ...	2019-12-26 15:35:03
91.143.79.143	attackspambots	Dec 26 08:07:29 pornomens sshd\[1708\]: Invalid user maurshaune from 91.143.79.143 port 56914 Dec 26 08:07:29 pornomens sshd\[1708\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.143.79.143 Dec 26 08:07:31 pornomens sshd\[1708\]: Failed password for invalid user maurshaune from 91.143.79.143 port 56914 ssh2 ...	2019-12-26 15:15:13
112.85.42.187	attackbots	Dec 26 08:03:00 markkoudstaal sshd[19538]: Failed password for root from 112.85.42.187 port 15800 ssh2 Dec 26 08:07:00 markkoudstaal sshd[19892]: Failed password for root from 112.85.42.187 port 46465 ssh2	2019-12-26 15:22:19
139.28.223.160	attackspam	Dec 26 07:19:58 web01 postfix/smtpd[22995]: connect from unknown[139.28.223.160] Dec 26 07:19:58 web01 policyd-spf[23000]: None; identhostnamey=helo; client-ip=139.28.223.160; helo=jeans.elevotal.com; envelope-from=x@x Dec 26 07:19:58 web01 policyd-spf[23000]: Pass; identhostnamey=mailfrom; client-ip=139.28.223.160; helo=jeans.elevotal.com; envelope-from=x@x Dec x@x Dec 26 07:19:58 web01 postfix/smtpd[22995]: disconnect from unknown[139.28.223.160] Dec 26 07:21:13 web01 postfix/smtpd[23321]: connect from unknown[139.28.223.160] Dec 26 07:21:13 web01 policyd-spf[23395]: None; identhostnamey=helo; client-ip=139.28.223.160; helo=jeans.elevotal.com; envelope-from=x@x Dec 26 07:21:13 web01 policyd-spf[23395]: Pass; identhostnamey=mailfrom; client-ip=139.28.223.160; helo=jeans.elevotal.com; envelope-from=x@x Dec x@x Dec 26 07:21:13 web01 postfix/smtpd[23321]: disconnect from unknown[139.28.223.160] Dec 26 07:22:27 web01 postfix/smtpd[22995]: connect from unknown[139.28.223.16........ -------------------------------	2019-12-26 14:53:06
46.242.11.49	attackbots	TCP Port Scanning	2019-12-26 15:32:19
103.66.16.18	attack	Dec 26 07:57:31 sd-53420 sshd\[26292\]: Invalid user timmy from 103.66.16.18 Dec 26 07:57:31 sd-53420 sshd\[26292\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.66.16.18 Dec 26 07:57:34 sd-53420 sshd\[26292\]: Failed password for invalid user timmy from 103.66.16.18 port 56200 ssh2 Dec 26 08:00:40 sd-53420 sshd\[27497\]: Invalid user cable from 103.66.16.18 Dec 26 08:00:40 sd-53420 sshd\[27497\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.66.16.18 ...	2019-12-26 15:05:54

最近上报的IP列表

220.58.120.191	153.134.75.210	52.43.161.104	39.136.146.187
118.169.226.91	140.74.84.67	189.189.235.107	124.131.157.16
176.102.89.233	27.26.98.52	91.245.158.91	92.239.139.7
80.7.95.80	10.134.246.28	165.51.138.126	223.215.203.40
177.130.241.0	129.205.113.138	14.43.51.192	124.58.25.88